For example, the recent flash network horse call:
VaR flashver = (New activexobject ("shockwaveflash. shockwaveflash.9"). getvariable ("$ version"). Split (",");
Where does shockwaveflash. shockwaveflash.9 come from? Open flash9f. ocx with exclusive and select typelib. Then you can see the shockwaveflash. shockwaveflash.9 pair function, where getvariable exists. This raises another question. How do we know that we want to open flash9f. ocx? For this purpose, use the IE component manager.
So what about the components of the mstsc.exe and 3389 connectors that we can call them? Check the Registration Form for mstsc.exe and find the hkey_classes_root \ CLSID \ {3523c2fb-4031-44e4-9a3b-f1e94986ee7f} \ inprocserver32 is c: \ windows \ system32 \ mstscax. DLL, and then open it with exparts. You can also see the functions, attributes, and methods of this component. The following can be a simple example (md, which can only change the attribute values of various aspects of mstsc.exe. The connection interface cannot be opened all the time. Who will change the value ?) :
Sub executeconnection (strserver, struser, strpw)
'Create the client
Dim objmsrdpclient
Set objmsrdpclient = Createobject ("mstscax. mstscax.3 ")
Objmsrdpclient. Server = strserver
Objmsrdpclient. Username = struser
Objmsrdpclient. fullscreen = false
Objmsrdpclient. advancedsettings2.redirectdrives = false
Objmsrdpclient. advancedsettings2.redirectprinters = false
Objmsrdpclient. advancedsettings2.redirectports = false
Objmsrdpclient. advancedsettings2.redirectsmartcards = false
Objmsrdpclient. advancedsettings2.cleartextpassword = strpw
Objmsrdpclient. startconnected = true
Wscript. Echo "Before connecting"
Wscript. Echo objmsrdpclient. Version
Dim intresult
Intresult = objmsrdpclient. Connect
Wscript. Echo "after connecting Result:" & intresult
End sub
Call the component, not only the hkey_classes_root \ CLSID \ {signature} \ progid found in the registry can be used (the above example is Createobject ("mstscax. mstscax.3 ")
), You can also use hkey_classes_root \ CLSID, Which is why classid can also be used in ASP Trojans, such as in the top 2006 + source code of Haiyang:
<Object runat = "server" id = "ws" Scope = "page" classid = "CLSID: 72c24dd5-d70a-438b-8a42-98417b88afb8"> </Object>
<Object runat = "server" id = "FSO" Scope = "page" classid = "CLSID: 0d43fe01-f093-11cf-8940-00a0c9054228"> </Object>
<Object runat = "server" id = "ws" Scope = "page" classid = "CLSID: F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"> </Object>
<Object runat = "server" id = "sa" Scope = "page" classid = "CLSID: 13709620-c279-11ce-a49e-444553540000"> </Object>
Of course, other network horses basically call clsid. You can find some network horses at will.
However, in vbs, it seems that you cannot directly call classid and put it in the WSF file. Of course, HTML and other things do not matter.
Here is just a brief introduction. If you want to see the graphic tutorial, you can take a look at this: