Shulou(Shulou.com)06/03 Report--

This article is about how to use VBS instead of BAT or CMD files for commands. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Automatically imported into the registry with detection:

On Error Resume Next

Dim msg,fso,shell

Set fso = Wscript.createobject ("scripting.filesystemobject")

Set wshshell = wscript.CreateObject ("wscript.shell")

Set shell = wscript.createobject ("wscript.shell")

IF (fso.FileExists ("e:\ strong Orchestra\ reg.reg") Then

Shell.run "c:\ windows\ Regedit.exe / s e:\ orchestra\ reg.reg"

Shell.run "e:\ orchestra\ O2Jam.exe"

Else

Msg=msgbox ("the registry has not been imported, the game may not start, if you cannot enter the game, please call the network administrator ~", 1, "something is wrong!")

Shell.run "e:\ orchestra\ O2Jam.exe"

End if

Without detection:

On Error Resume Next

Dim oShell,fso

Set oShell = WScript.CreateObject ("WScript.Shell")

Set fso = CreateObject ("Scripting.filesystemobject")

OShell.Run "regedit / s 9you.reg"

OShell.Run "d:\ online games\ Orchestra\ O2Jam.exe"

Automatically load the virtual optical drive:

Dim oShell

Set oshell= WScript.CreateObject ("WScript.Shell")

OShell.Run "c:\ progra~1\ daemon~1\ daemon.exe-mount 0Magi D:\ lan\ Field 2\ BF2CD1mini.mds"

Wscript.sleep 5000

OShell.Run "D:\ lan\ Field 2\ BF2.exe"

Another example:

Dim Wsh,DMpath,ISOpath

DMpath = "X:\ Y\ daemon.exe" 'set the DM path

ISOpath = "Z:\ Monopoly 7\ RICH7B.mds" 'sets the image file path

Set Wsh = WScript.CreateObject ("WScript.Shell")

Wsh.run chr (34) & DMpath & chr (34) & "- mount 0," & ISOpath,0,true

Wscript.Sleep 3000'it is best to delay a few seconds to wait for the mirror to be loaded 1000 = 1 second

Wsh.run "Z:\ Monopoly 7\ rich7.exe"

Set WSH = Nothing

WScript.quit

/ / automatically import the registry and programs every time you turn it on

Option Explicit

Dim Folder

Folder = "d:\ aaa" 'set the folder you want to execute

Dim Wsh,fso

Set Wsh = WScript.CreateObject ("WScript.Shell")

Set fso = CreateObject ("Scripting.FileSystemObject")

Dim f,fc,f1,ext

Set f = fso.GetFolder (Folder)

Set fc = f.Files

For Each f1 in fc

Ext = LCase (fso.GetExtensionName (F1))

Select Case ext

Case "exe"

Wsh.run f1,true

Case "reg"

Wsh.run "Regedit / s" & F1 dyadic true

End Select

Next

Set fso=NoThing

Set Wsh = Nothing

WScript.quit

/ / remove specified files or folders to delete redundant files or folders.

Option Explicit

"description"

Internet Alliance-Black Fire makes it and gives it to friends in need.

'The format of the configuration file "Listfile.ini" is as follows:

'what to delete (file | directory) = folder to delete = exclusion 1; exclusion 2; exclusion 3.

'Profiles can have multiple lines to manipulate multiple directories.

'Behavioral comment lines that start with "/" in the configuration file.

'when multiple contents are excluded, separate them with a semicolon.

'example of ↓↓↓ configuration file: ↓↓↓

'/ profile start

'directory = D:\ = System Volume Information; online games; stand-alone games; Mini Game

'Directory = C:\ Program Files=qq;WinRAR

'file = D:\ online game = file 1.exe; file 2.exe

'/ end of configuration file

"explain the end"

Dim Fso,Listfile,objListfile

Listfile = "" 'set the configuration file path, if the configuration file and script are put together, please leave it as is

If Listfile = "" Then Listfile = "Listfile.ini"

Set Fso = CreateObject ("Scripting.FileSystemObject")

On Error Resume Next

Set objListfile = Fso.OpenTextFile (Listfile,1)

If Err Then

Err.Clear

Msgbox "no configuration file found" & Listfile,16, "error"

WScript.quit

End If

On Error GoTo 0

Dim flnum,fdnum,t1,t2,tm

Flnum=0

Fdnum=0

T1 = timer ()

Dim Myline,LineArr,ListArr

Do While objListfile.AtEndOfStream True

Myline = LCase (Replace (objListfile.ReadLine, "=", "=")

If Left (Myline,1) = "/" Then

'objListfile.SkipLine

ElseIf CheckLine (Myline) = 2 Then

LineArr = Split (Myline, "=")

'DoFolder = LineArr (1)

ListArr = Split (LineArr (2), ";")

'MsgBox LineArr (0)

If LineArr (0) = "contents" Then DelFolder LineArr (1), ListArr

If LineArr (0) = "file" Then DelFile LineArr (1), ListArr

End If

Loop

T2 = timer ()

Tm=cstr (int (t2-t1) * 10000) + 0.5) / 10)

MsgBox "scan finished, delete a total of" & fdnum& "directories," & flnum& "files." & vbCrLf & "time consuming" & tm& "milliseconds", 64, "execution complete"

If you do not need to display the report, comment out the line above

Set Fso=NoThing

WScript.quit

Sub DelFolder (Folder,ListArr)

Dim objFolder,subFolders,subFolder

Set objFolder=Fso.Getfolder (Folder)

Set subFolders=objFolder.subFolders

For Each subFolder In subFolders

If Not InArray (LIstArr,LCase (subFolder.name)) Then

On Error Resume Next

Subfolder.Delete (True)

If Err Then

Err.Clear

Msgbox "cannot delete directory, please check" & subFolder,16, "error"

Else

Fdnum = fdnum + 1

End If

On Error GoTo 0

End If

Next

End Sub

Sub DelFile (Folder,ListArr)

Dim objFolder,Files,File

Set objFolder=Fso.Getfolder (Folder)

Set Files=objFolder.Files

For Each File In Files

If Not InArray (LIstArr,LCase (File.name)) Then

On Error Resume Next

File.Delete (True)

If Err Then

Err.Clear

Msgbox "cannot delete files, please check" & File,16, "error"

Else

Flnum = flnum + 1

End If

On Error GoTo 0

End If

Next

End Sub

Function CheckLine (strLine)

Dim LineRegExp,Matches

Set LineRegExp = New RegExp

LineRegExp.Pattern =. =.

LineRegExp.Global = True

Set Matches = LineRegExp.Execute (strLine)

CheckLine = Matches.count

End Function

Function InArray (Myarray,StrIn)

Dim StrTemp

InArray = True

For Each StrTemp In Myarray

If StrIn = StrTemp Then

Exit Function

Exit For

End If

Next

InArray = False

End Function

! Get the path to a specific folder (for example, the actual location of the current user's desktop on disk, etc., equivalent to the SHGetSpecialFolderPath () function in vc)

Set wsShell = CreateObject ("WScript.Shell")

DesktopPath = wsShell.SpecialFolders ("Desktop")

! Get the current user name

Set WshNetwork = WScript.CreateObject ("WScript.Network")

UserName= WshNetwork.UserName

! Get the system variable% SystemRoot% (of course, other system variables can be analogous, but not all of them have to be transferred through PROCESS)

Set fso = CreateObject ("Scripting.FileSystemObject")

Set WshSysEnv = wsShell.Environment ("PROCESS")

SystemRoot = WshSysEnv ("WINDIR")

! Add a domain user or rent to a local group

Set objGroup = GetObject ("WinNT://./Administrators")

Set objUser = GetObject ("WinNT://testnet/Engineers")

ObjGroup.Add (objUser.ADsPath)

! Modify the local administrator password

Set objcnlar = GetObject ("WinNT://./administrator, user")

Objcnla.SetPassword "P@ssW0rd"

Objcnla.SetInfo

! Pop-up YES or NO dialog box, different choices to execute different code

IntAnswer = Msgbox ("Do you want to delete these files?", vbYesNo, "Delete Files")

If intAnswer = vbYes Then

Msgbox "You answered yes."

Else Msgbox "You answered no."

End If

! Run the CMD command line command

Set obshell=wscript.createobject ("wscript.shell")

Obshell.run ("ipconfig"), true

If the command you want to run contains double quotes, use & chr (34) & instead of

! Ignore code errors and continue execution

On Error Resume Next

Place it at the beginning of the code, and when the code goes wrong, it doesn't stop jumping out, but moves on to the next one. Proper application will be very effective.

! Crack download restrictions

DIM WSH

SET WSH=WSCRIPT.CreateObject ("WSCRIPT.SHELL")

WSH.POPUP ("the purpose of this program is to solve problems that cannot be downloaded")

WSH.POPUP ("especially when the registry is disabled")

WSH.POPUP (produced by Zeng Cheng)

WSH.Regwrite "HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Internet Settings\ Zones\ 3\ 1803", 0, "REG_DWORD"

WSH.POPUP ("now you can download the program!")

! Read the computer name of this computer.

'ReadComputerName.vbs

Dim ReadComputerName

Set ReadComputerName=WScript.CreateObject ("WScript.Shell")

Dim ComputerName,RegPath

RegPath= "HKLM\ System\ CurrentControlSet\ Control\ ComputerName\ ComputerName\ ComputerName"

ComputerName=ReadComputerName.RegRead (RegPath)

MsgBox ("computer name" & ComputerName)

! Hide the small arrow on the shortcut icon

'Hidden.vbs

Dim HiddenArrowIcon

Set HiddenArrowIcon=WScript.CreateObject ("WScript.Shell")

Dim RegPath2,RegPath3

RegPath2= "HKCR\ lnkfile\ IsShortCut"

RegPath3= "HKCR\ piffile\ IsShortCut"

HiddenArrowIcon.RegDelete (RegPath2)

HiddenArrowIcon.RegDelete (RegPath3)

! Modify the start menu

'ChangeStartMenu.vbs

Dim ChangeStartMenu

Set ChangeStartMenu=WScript.CreateObject ("WScript.Shell")

RegPath= "HKCR\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\"

Type_Name= "REG_DWORD"

Key_Data=1

StartMenu_Run= "NoRun"

StartMenu_Find= "NoFind"

StartMenu_Close= "NoClose"

Sub Change (Argument)

ChangeStartMenu.RegWrite RegPath&Argument,Key_Data,Type_Name

MsgBox ("Success!")

End Sub

Call Change (StartMenu_Run) 'disable the run feature in the start menu

Call Change (StartMenu_Find) 'disable the find feature in the start menu

Call Change (StartMenu_Close) 'disable the shutdown function on the start menu

! Add a self-starting program to Windows

The program can run automatically when it is turned on.

'AddAutoRunProgram.vbs

'assume that the program is in the c:\ myfile folder and the file name is autorun.exe

Dim AutoRunProgram

Set AutoRunProgram=WScript.CreateObject ("WScript.Shell")

RegPath= "HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\"

Type_Name= "REG_SZ"

Key_Name= "AutoRun"

Key_Data= "C:\ Myfile\ autorun.exe"

'The full-path file name of the self-starting program

AutoRunProgram.Write RegPath&Key_Name,Key_Data,Type_Name

'add the self-startup program autorun.exe to the startup group

MsgBox ("Success!")

Unlock the registry editor

Use notepad to edit the following:

DIM WSH

SET WSH=WSCRIPT.CreateObject ("WSCRIPT.SHELL") 'inactivate WScript.Shell object

WSH.POPUP ("unlock Registry Editor!")

'Show the pop-up message "unlock Registry Editor!"

WSH.Regwrite "HKCU\ Software\ Microsoft\ Windows\ CurrentVersion

\ Policies\ System\ DisableRegistryTools ", 0," REG_DWORD "

'Unlock the registry editor

WSH.POPUP ("registry unlocked successfully!")

'displays the pop-up message "Registry unlocked successfully!"

Save to a file with a .vbs extension and double-click when you use it.

2. Disable the default sharing of Win NT/2000

Use notepad to edit the following:

Dim WSHShell' defines variables

Set WSHShell=CreateObject ("WScript.shell") 'create an object WSHShell that can communicate with the operating system

Dim fso,dc

Set fso=CreateObject ("Scripting.FileSystemObject") 'create a file system object

Set dc=fso.Drives' get all drive letters

For Each d in dc

Dim str

WSHShell.run ("net share" & d.driveletter & "$/ delete") 'turns off hidden sharing for all drives

Next

WSHShell.run ("net share admin$ / delete")

WSHShell.run ("net share ipc$ / delete") 'turns off admin$ and ipc$ pipe sharing

Now to test it, open cmd.exe first, enter the net share command and you can see the share on your machine. When you double-click to execute stopshare.vbs, you will see the window flash by. Then type the net share command in cmd, and no share list is found.

3. Display the local IP address

There are many times, we need to know the local IP address, although it can be done with a variety of software, but it is also very convenient to use VBS scripts. Use notepad to edit the following:

Dim WS

Set WS=CreateObject ("MSWinsock.Winsock")

IPAddress=WS.LocalIP

MsgBox "Local IP=" & IPAddress

Save the above as ShowIP.vbs, and double-click to execute to get the native IP address.

Use script programming to delete logs

The first thing a hacker does after a successful intrusion into the system is to clear the log. If you remotely control the other machine or log in from the terminal with a graphical interface, it is not difficult to delete the log. Although the log is also run as a service, it is different from a service like http,ftp, which can be stopped and then deleted under the command line. Using net stop eventlog under the command line cannot be stopped. So some people think that it is very difficult to delete logs under the command line, but in fact this is not the case. For example, you can delete logs by using VMI in scripting programming, and it is very simple and convenient. The source code is as follows:

StrComputer= "."

Set objWMIService = GetObject ("winmgmts:" _

& "{impersonationLevel=impersonate, (Backup)}!\" & _

StrComputer & "\ root\ cimv2")

Dim mylogs (3)

Mylogs (1) = "application"

Mylogs (2) = "system"

Mylogs (3) = "security"

For Each logs in mylogs

Set colLogFiles=objWMIService.ExecQuery _

("Select * from Win32_NTEventLogFile where LogFileName='" & logs& "'")

For Each objLogfile in colLogFiles

ObjLogFile.ClearEventLog ()

Next

Next

Just save the above code as a cleanevent.vbs file. In the above code, you first get the object object, and then use its clearEventLog () method to delete the log. Create an array, application,security,system, and join the array if there are other logs. Then use a for loop to delete each element in the array, that is, each log.

Fifth, use scripts to forge logs

After deleting the log, any intelligent administrator will immediately react to being hacked in the face of an empty log, so a smart hacker learns how to forge a log. Creating a log using the eventlog method in scripting is very simple, take a look at the following code:

Set ws=wscript.createobject ("Wscript.shell")

Ws.logevent 0, "write log success" 'create a successful execution log

Just save the above code as createlog.vbs. This code is easy to understand, first getting a shell object of wscript, and then using the logevent method of the shell object. Usage of logevent: logevent eventtype, "description" [, remote system], where eventtype is a log type. The parameters that can be used are as follows: 0 indicates successful execution, 1 execution error, 2 warnings, 4 messages, 8 successful audit, 16 fault audit. So in the above code, change 0 to 1, 2, 4, 8, 16, and the contents in quotation marks are log descriptions. The log written by this method has a disadvantage, that is, it can only be written to the application log, and the log source can only be WSH, that is, Windows Scripting Host, so it can not play too much hidden role, here for your reference only.

Disable the start menu option

Use notepad to edit the following:

Dim ChangeStartMenu

Set ChangeStartMenu=WScript.CreateObject ("WScript.Shell")

RegPath= "HKCR\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\"

Type_Name= "REG_DWORD"

Key_Data=1

StartMenu_Run= "NoRun"

StartMenu_Find= "NoFind"

StartMenu_Close= "NoClose"

Sub Change (Argument)

ChangeStartMenu.RegWrite RegPath&Argument,Key_Data,Type_Name

MsgBox ("Success!")

End Sub

Call Change (StartMenu_Run) 'disable the run feature in the start menu

Call Change (StartMenu_Find) 'disable the find feature in the start menu

Call Change (StartMenu_Close) 'disable the shutdown function on the start menu

Save the above code as a ChangeStartMenu.vbs file and double-click when you use it.

VII. Execute external procedures

Use notepad to edit the following:

DIM objShell

Set objShell=wscript.createObject ("wscript.shell")

IReturn=objShell.Run ("cmd.exe / C set var=world", 1, TRUE)

Just save as a .vbs file. In this code, we first set an environment variable named var, and the value is world, the user can use% Comspec% instead of cmd.exe, and can change the command: set var=world to other commands, so that it can run arbitrary commands.

Restart the specified IIS service

Use notepad to edit the following:

Const ADS_SERVICE_STOPPED = 1

Set objComputer = GetObject ("WinNT://MYCOMPUTER,computer")

Set objService = objComputer.GetObject ("Service", "MYSERVICE")

If (objService.Status = ADS_SERVICE_STOPPED) Then

ObjService.Start

End If

/ / check for specific characters in specific files in the Search directory and put the results in Result.txt

Set objNetwork = CreateObject ("Wscript.Network")

StrComputer = objNetwork.ComputerName

Const ForReading = 1

Const ForAppending = 8

Dim arrFileLines ()

ITunes 0

Set objWMIService = GetObject ("winmgmts:" & "{impersonationLevel=impersonate}!\" & strComputer & "

Ootcimv2 ")

Set colFiles = objWMIService.ExecQuery ("Select * from CIM_DataFile where Path ='\ search\'")

For Each objFile in colFiles

If objFile.Extension = "log" Then

FileName = objFile.Name

Wscript.Echo FileName

End IF

Next

Set objFSO = CreateObject ("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile ("input.txt", ForReading)

InputLine = objFile.ReadLine

ObjFile.Close

Set objFile = objFSO.OpenTextFile (FileName,ForReading)

Do Until objFile.AtEndOfStream

SearchLine = objFile.ReadLine

If InStr (SearchLine,InputLine) = 0 Then

Else

Redim Preserve arrFileLines (I)

ArrFileLines (I) = SearchLine

I=i+1

End If

Loop

ObjFile.Close

Set objFile = objFSO.OpenTextFile ("result.txt", ForAppending)

For l = Ubound (arrFileLines) to LBound (arrFileLines) Step-1

ObjFile.WriteLine arrFileLines (l)

Next

ObjFile.Close

/ / clear all administrator accounts when the user logs in, keep only Administrator and NetShowServices, and change the password of Administrator to 55555555

Set objNetwork = CreateObject ("Wscript.Network")

StrComputer = objNetwork.ComputerName

StrUser = objNetwork.Name

StrStat = "False"

Set colGroups = GetObject ("WinNT://" & strComputer & "")

ColGroups.Filter = Array ("group")

For Each objGroup In colGroups

For Each objUser in objGroup.Members

If objUser.name = StrUser Then

If objGroup.Name = "Aadministrators" Then

StrStat = "True"

End If

End If

Next

Next

Set objGroup = GetObject ("WinNT://" & strComputer & "/ Administrators")

For Each objUser in objGroup.Members

If objUser.Name = "Administrator" OR objUser.Name = "NetShowServices" Then

If objUser.Name = "Administrator" AND StrStat = "True" Then

ObjUser.SetPassword "55555555"

End If

Else

ObjGroup.Remove (objUser.ADsPath)

End If

Next

/ / clever use of scripts and batches to remove traces from the computer

Two files are used to achieve this function, the VBS script file reg.vbs (you can define your own file name) and the batch file reg.bat (you can define your own file name).

The 1.VBS script file is as follows:

Dim WSHShell

Set WSHShell=WScript.CreateObject ("WScript.Shell")

WSHShell.RegWrite "HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\ reg", "reg.vbs"

WSHShell.RegWrite "HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ RunOnce\ deldel", "reg.bat"

WSHShell.RegWrite "HKCU\ Software\ Microsoft\ Internet Explorer\ Main\ Start Page", "about:blank"

WSHShell.RegWrite "HKCU\ Software\ Microsoft\ Internet Explorer\ TypedURLs\", ""

WSHShell.RegDelete "HKCU\ Software\ Microsoft\ Internet Explorer\ TypedURLs\"

WSHShell.RegWrite "HKCU\ Software\ Microsoft\ Internet Explorer\ TypedURLs\", ""

WSHShell.RegWrite "HKCU\ Software\ 3721\ InputCns\", ""

WSHShell.RegDelete "HKCU\ Software\ 3721\ InputCns\"

WSHShell.RegWrite "HKCU\ Software\ 3721\ InputCns\", ""

The first two behaviors of this script define variables, please write according to them. Starting from the third line, it is the processing of the registry. The third line and the fourth behavior add the process file that runs automatically when the computer starts up in the registry, one is that the script itself is reg.vbs, and the other is the reg.bat batch file. The fifth behavior restores the IE start page to "about:blank"; the sixth, seventh and eighth actions remove the web address names that have been viewed in the IE browser address bar; and the ninth, tenth and eleventh actions clear the network real names in the IE address bar.

two。 The batch file is as follows:

Deltree-y c:\ windows\ temp\ *. *

Deltree-y c:\ windows\ "Temporary Internet Files"\ *. *

Deltree-y c:\ windows\ History\ *. *

@ deltree-y C:\ Windows\ Recent\ *. *

@ deltree-y C:\ RECYCLED\ *. *

@ deltree-y C:\ WINDOWS\ Cookies\ *. *

Thank you for reading! On "how to use VBS to replace BAT or CMD files to command" this article is shared here, I hope the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good, you can share it out for more people to see it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.