In-depth exploration of Windows Script Technology

Http://www.ph4nt0m.org
2004-11-18
-------------------------------------------------------

To make the Code involved in this article clean and tidy, the PHP tag of the Forum will be used for processing. (No VBS label, code label is not easy to use, depressing)
If you reprint this article, make adjustments accordingly.

[Directory]
1. Preface
2. Review WSH objects
3. WMI Service
4. The script also has a GUI
5. Anti-Virus
6. Create a backdoor.
7. Conclusion
8. References

[Preface]
This article describes some Windows Script Programming knowledge and skills. Here, Windows scripts refer to "Windows Script Host" (WSH Windows Script Host), rather than scripts in HTML or ASP. The former is explained by Wscript or Cscript, and the latter is explained by IE and IIS respectively. The description language is VBScript. This article assumes that the reader has a certain foundation for Windows Script Programming. If you do not know about this, please first learn Windows Script technology [1].

[Review WSH object]
Thanks to the support of com technology, WSH can provide more powerful functions than batch processing (. bat. To put it bluntly, wsh only calls the ready-made "control" as an object and uses the attributes and methods of the object to achieve its purpose.

Common objects include:
WScript
The root object of the Windows Script Host object model cannot be left without WSH. It provides multiple sub-objects, such as WScript. Arguments and WScript. Shell. The former provides access to the entire command line parameter set, and the latter can run programs, manipulate registry content, create shortcuts, or access system folders.

Scripting. FileSystemObject
It is mainly designed for IIS to access the file system. This is probably the most common object, because almost all Windows Script Viruses need to copy and infect others.

ADODB. Stream
The sub-object of the ActiveX Data Objects database, which provides the ability to access files through a stream. This is part of the database, but thanks to Microsoft, ADO comes with the system.

Microsoft. XMLHTTP
Objects designed to support XML are accessed over http. This vulnerability is often used for cross-site scripting and SQL injection.

There are many other uncommon ones:
Objects related to the Active Directory Service Interface (ADSI), which has a wide range of functions and is mainly used for Windows Domain Management.
InternetExplorer object-do all the things that IE can do.
Word, Excel, and Outlook objects-used to process Word documents, excel forms, and emails.
WBEM object -- WBEM is Web-Based Enterprise Management. It provides powerful functions for Windows Management. The WMI Service mentioned in the next section provides interfaces for this object.

Obviously, WSH can exploit more objects than that. This article describes some useful objects and their usage.
First, let's look at an example that supports resumable download of web resources. It uses the four common objects mentioned above.
Codz:
If (lcase (right (wscript. fullname, 11) = "wscript.exe") then determines the name of The Script Host
Die ("Script host must be CScript.exe.") The Script host is not a CScript, so it is die.
End if

If wscript. arguments. count <1 then, there must be at least one parameter.
Die ("Usage: cscript webdl. vbs url [filename]") Although Sparrow is small and dirty, Usage cannot be forgotten
End if

Url = wscript. arguments (0) parameter array subscript starts from 0
If url = "" then die ("URL cant be null.") dare to tell me, empty url may not work
If wscript. arguments. count> 1 then, first judge whether the number of parameters is greater than 1
Filename = wscript. arguments (1) And then access the second parameter
If else does not provide a file name, it will get it from the url.
T = faster Rev (url, "/") to get the last "/" Location
If t = 0 or t = len (url) then die ("Can not get filename to save.") No "/" or end "/"
Filename = right (url, len (url)-t) Get the file name to save
End if
If not left (url, 7) = "http: //" then url = "http: //" & url, if you forget "http: //" carelessly, add

Set fso = wscript. createobject ("Scripting. FileSystemObject") FSO, ASO, and HTTP cannot be less than one.
Set aso = wscript. createobject ("ADODB. Stream ")
Set http = wscript. createobject ("Microsoft. XMLHTTP ")

If fso. fileexists (filename) then determines whether the object to be downloaded already exists
Start = fso. getfile (filename). size exists, with the current file size as the starting position
Else
Start = 0 does not exist. Everything starts from scratch.
Fso. createtextfile (filename). close New File
End if

Wscript. stdout. write "Connectting ..."
Current = start the current position, that is, the start position
Do
Http. open "GET", url, true here HTTP is called Asynchronously
Http. setrequestheader "Range", "bytes =" & start & "-" & cstr (start + 20480) The secret of resumable data transfer is here
Http. setrequestheader "Content-Type:", "application/octet-stream"
Http. send starts sending after data packets are constructed

For 1 to 120