Automatically import registry, with detection:
On Error Resume Next
Dim Msg,fso,shell
Set FSO = WScript.CreateObject ("Scripting.FileSystemObject")
Set WshShell = WScript. CreateObject ("Wscript.Shell")
Set shell = WScript.CreateObject ("Wscript.Shell")
IF (FSO). FileExists ("E:\ Orchestra \reg.reg") Then
Shell.run "c:\windows\regedit.exe/s E:\ Orchestra \reg.reg"
Shell.run "E:\ Jin Orchestra \o2jam.exe"
Else
Msg=msgbox ("The registry is not imported, the game may not start, such as unable to enter the game please call network management ~", 1, "Out of the question!!" ")
Shell.run "E:\ Jin Orchestra \o2jam.exe"
End If
With no detection:
On Error Resume Next
Dim Oshell,fso
Set Oshell = WScript.CreateObject ("Wscript.Shell")
Set fso = CreateObject ("Scripting.FileSystemObject")
Oshell.run "regedit/s 9you.reg"
Oshell.run "D:\ Network game \ Jin Orchestra \o2jam.exe"
To automatically load a virtual optical drive:
Dim Oshell
Set oshell= wscript.createobject ("Wscript.Shell")
Oshell.run "C:\progra~1\daemon~1\daemon.exe-mount 0,d:\lan\ Battlefield 2\bf2cd1mini.mds"
Wscript.Sleep 5000
Oshell.run "D:\lan\ Battlefield 2\bf2.exe"
Another example:
Dim Wsh,dmpath,isopath
Dmpath = "X:\Y\daemon.exe" Set DM path
Isopath = "Z:\ millionaire seven \rich7b.mds" set mirrored file path
Set Wsh = WScript.CreateObject ("Wscript.Shell")
Wsh.run CHR & Dmpath & Chr (a) & "-mount 0," &isopath,0,true
Wscript.Sleep 3000 ' best delay a few seconds wait for the mirror to load complete 1000 = 1 seconds
Wsh.run "Z:\ millionaire seven \rich7.exe"
Set WSH = Nothing
Wscript.Quit
Automatically import the registry and program every time you turn on
Option Explicit
Dim Folder
folder = "D:\AAA" Sets the folders you want to execute
Dim Wsh,fso
Set Wsh = WScript.CreateObject ("Wscript.Shell")
Set fso = CreateObject ("Scripting.FileSystemObject")
Dim F,fc,f1,ext
Set f = fso. GetFolder (Folder)
Set FC = F.files
For each F1 in FC
ext = LCase (FSO. Getextensionname (F1))
Select Case Ext
Case "EXE"
Wsh.run F1,,true
Case "Reg"
Wsh.run "regedit/s" & F1,,true
End Select
Next
Set fso=nothing
Set Wsh = Nothing
Wscript.Quit
Exclude specified file or folder delete unnecessary files or folders, Black fire original
Option Explicit
"" "" "" "" "" "" "" "" "
' Net Alliance-making black Fire, giving to friends in need.
The format of the ' profile ' Listfile.ini is as follows:
' What to delete (file | directory) = folder to perform deletion = exclude 1; exclude 2; Exclude 3 ...
' Profiles can have multiple lines to operate on multiple directories.
The behavior comment line that starts with "/" in the configuration file.
' When multiple content is excluded, use a semicolon '; are separated.
' ↓↓↓ configuration file Example: ↓↓↓
'/configuration file start
' Directory =d:\=system Volume information; online games; games; small games
' Directory =c:\program files=qq; WinRAR
' File =d:\ Network game = file 1.exe; file 2.exe
'/configuration file end
"" "" "" "" "" "" "" "" "
Dim Fso,listfile,objlistfile
ListFile = "" To set the profile path, if the configuration file and script are put together, leave it as is
If listfile = "" Then listfile = "Listfile.ini"
Set Fso = CreateObject ("Scripting.FileSystemObject")
On Error Resume Next
Set objlistfile = Fso.opentextfile (listfile,1)
If ERR Then
Err. Clear
Msgbox "No configuration file found" &listfile,16, "error"
Wscript.Quit
End If
On Error GoTo 0
Dim Flnum,fdnum,t1,t2,tm
Flnum=0
Fdnum=0
T1 = timer ()
Dim Myline,linearr,listarr
Do While Objlistfile.atendofstream <> True
Myline = LCase (Replace (objlistfile.readline, "=", "="))
If Left (myline,1) = "/" Then
' Objlistfile.skipline
ElseIf checkline (myline) = 2 Then
Linearr = Split (myline, "=")
' Dofolder = Linearr (1)
Listarr = Split (Linearr (2), ";")
' MsgBox Linearr (0)
If Linearr (0) = "Directory" Then Delfolder Linearr (1), Listarr
If Linearr (0) = "file" Then delfile Linearr (1), Listarr
End If
Loop
T2 = Timer ()
TM=CSTR (int ((T2-T1) *10000) +0.5)/10)
MsgBox "Scan complete, delete" &fdnum& "directory," &flnum& "file. "& VbCrLf & Time Consuming" &tm& "milliseconds", 64, "execution completed"
' Do not need to display the report, comment out the above line
Set fso=nothing
Wscript.Quit
Sub Delfolder (Folder,listarr)
Dim Objfolder,subfolders,subfolder
Set Objfolder=fso.getfolder (Folder)
Set subfolders=objfolder.subfolders
For each subfolder in subfolders
If not InArray (Listarr,lcase (subfolder.name)) Then
On Error Resume Next
subfolder. Delete (True)
If ERR Then
Err. Clear
Msgbox "Cannot delete directory, please check" &subfolder,16, "error"
Else
Fdnum = fdnum + 1
End If
On Error GoTo 0
End If
Next
End Sub
Sub Delfile (Folder,listarr)
Dim Objfolder,files,file
Set Objfolder=fso.getfolder (Folder)
Set Files=objfolder.files
For each File in Files
If not InArray (Listarr,lcase (file.name)) Then
On Error Resume Next
File.delete (True)
If ERR Then
Err. Clear
Msgbox "Cannot delete file, please check" &file,16, "error"
Else
Flnum = flnum + 1
End If
On Error GoTo 0
End If
Next
End Sub
Function Checkline (StrLine)
Dim lineregexp,matches
Set lineregexp = New RegExp
Lineregexp.pattern = ". =."
Lineregexp.global = True
Set matches = Lineregexp.execute (strLine)
Checkline = Matches.count
End Function
Function InArray (Myarray,strin)
Dim strtemp
InArray = True
For each strtemp in myarray
If Strin = strtemp Then
Exit Function
Exit for
End If
Next
InArray = False
End Function
! Get the path to a particular folder (for example, the actual location of the current user's desktop on the disk, and so on, equivalent to the SHGetSpecialFolderPath () function in VC)
Set Wsshell = CreateObject ("Wscript.Shell")
DesktopPath = Wsshell.specialfolders ("Desktop")
! Get the current user name
Set WSHNetwork = WScript.CreateObject ("Wscript.Network")
Username= Wshnetwork.username
! Get the system variable%systemroot% (other system variables, of course, can be analogous, but not all of them have to be relayed through the process)
Set fso = CreateObject ("Scripting.FileSystemObject")
Set wshsysenv = wsshell.environment ("PROCESS")
SystemRoot = wshsysenv ("windir")
! Add a domain user or lease to a local group
Set Objgroup = GetObject ("Winnt://./administrators")
Set objuser = GetObject ("Winnt://testnet/engineers")
Objgroup.add (Objuser.adspath)
! Modify Local Administrator password
Set objcnlar = GetObject ("winnt://./administrator, user")
Objcnla. SetPassword "P@ssw0rd"
Objcnla. SetInfo
! A dialog box pops up YES or NO, and different options execute different code
Intanswer = Msgbox ("Do your want to delete these files?", vbYesNo, "delete Files")
If intanswer = vbyes Then
Msgbox "You answered yes."
Else Msgbox "You answered no."
End If
! Running the cmd command line command
Set Obshell=wscript.createobject ("Wscript.Shell")
Obshell.run ("ipconfig"), true
If you want to run a command that contains double quotes, use &CHR & instead
! Ignore code error continue execution
On Error Resume Next
Placed at the very beginning of the code, does not stop when the code is running, but continues the next one. Proper application can be very effective.
! Breaking Download Limits
DIM WSH
SET Wsh=wscript. CreateObject ("WSCRIPT.") SHELL ")
WSH. POPUP ("The role of this program is to solve problems that cannot be downloaded")
WSH. POPUP ("Especially when the Registry is disabled")
WSH. POPUP ("Made by Zeng Cheng")
WSH. RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet settings\zones\3\1803", 0, "REG_DWORD"
WSH. POPUP ("Now you can download the program!")
! Reading machine "Computer name"
' Readcomputername.vbs
Dim Readcomputername
Set readcomputername=wscript.createobject ("Wscript.Shell")
Dim Computername,regpath
Regpath= "Hklm\system\currentcontrolset\control\computername\computername\computername"
Computername=readcomputername.regread (Regpath)
MsgBox ("Computer name" &computername)
! Hide the small arrows on the shortcut icon
' Hidden.vbs
Dim Hiddenarrowicon
Set hiddenarrowicon=wscript.createobject ("Wscript.Shell")
Dim Regpath1,regpath2
regpath1= "Hkcr\lnkfile\isshortcut"
Regpath2= "Hkcr\piffile\isshortcut"
Hiddenarrowicon.regdelete (REGPATH1)
Hiddenarrowicon.regdelete (REGPATH2)
! Change the Start menu
' Changestartmenu.vbs
Dim Changestartmenu
Set changestartmenu=wscript.createobject ("Wscript.Shell")
Regpath= "Hkcr\software\microsoft\windows\currentversion\policies\"
Type_name= "REG_DWORD"
Key_data=1
Startmenu_run= "NoRun"
Startmenu_find= "Nofind"
Startmenu_close= "Noclose"
Sub Change (Argument)
Changestartmenu.regwrite Regpath&argument,key_data,type_name
MsgBox ("success!")
End Sub
Call Change (Startmenu_run) ' Disables the ' run ' feature in the Start menu
Call Change (Startmenu_find) ' Disables the ' Find ' feature in the Start menu
' Turn off system ' feature in the Start menu is disabled by call Change (Startmenu_close)
! To add a self-starter program to Windows
The program can be run automatically when it is powered on.
' Addautorunprogram.vbs
' Suppose the program is in the C:\myfile folder, the file name is Autorun.exe
Dim Autorunprogram
Set autorunprogram=wscript.createobject ("Wscript.Shell")
Regpath= "Hklm\software\microsoft\windows\currentversion\run\"
Type_name= "REG_SZ"
Key_name= "AutoRun"
Key_data= "C:\Myfile\autorun.exe"
' Full path filename for the self-starter program
Autorunprogram.write Regpath&key_name,key_data,type_name
' Add the Self-starter program to the Startup group Autorun.exe
MsgBox ("success!")
First, unlock the Registry Editor
Edit the following in Notepad:
DIM WSH
SET Wsh=wscript. CreateObject ("WSCRIPT.") SHELL ")" Wscript.Shell object
WSH. POPUP (Unlock Registry Editor!)
' Show pop-up message unlock Registry Editor! '
WSH. RegWrite "Hkcu\software\microsoft\windows\currentversion
\policies\system\disableregistrytools ", 0," REG_DWORD "
' Unlock Registry Editor
WSH. POPUP ("Registry unlocked successfully!")
' Show pop-up info ' registry unlock success! '
Save as a file with a. vbs extension and double-click it when you use it.
Second, close the win nt/2000 default sharing
Edit the following in Notepad:
Dim WshShell ' defines a variable
Set Wshshell=createobject ("Wscript.Shell") ' creates an object that communicates with the operating system WshShell
Dim FSO,DC
Set fso=createobject ("Scripting.FileSystemObject") ' Creates file system objects
Set DC=FSO. Drives ' Get all drive letter
For each D in DC
Dim Str
Wshshell.run ("net share" &d.driveletter & "$/delete") ' Turn off hidden shares for all drives
Next
Wshshell.run ("net share admin$/delete")
Wshshell.run ("net share ipc$/delete") ' closes admin$ and ipc$ pipeline share
Now to test, first open cmd.exe, input net share command can see their own machine on the share. After you double-click the execution stopshare.vbs, you will see the window flash past. And then enter the net share command in CMD, the shared list is not found at this time
Third, display the native IP address
There are many times when we need to know the IP address of this computer, although it is possible to use a variety of software, but the VBS script is also very convenient. Edit the following in Notepad:
Dim WS
Set ws=createobject ("Mswinsock.winsock")
Ipaddress=ws. Localip
MsgBox "Local ip=" & IPAddress
Save the above content as Showip.vbs, double-click to execute to get the native IP address.
Iv. using scripting to delete logs
The first thing hackers do after a successful intrusion system is to clear the log, if the graphics interface to remotely control the other machine or access from the terminal, delete log is not a difficult thing, because although the log is also as a service operation, but unlike the HTTP,FTP services, you can stop at the command line, and then delete, net stop eventlog cannot be stopped at the command line, so it is considered difficult to delete the log at the command line, but it is not, for example, using the VMI in scripting to delete logs, and is very simple and convenient. The source code is as follows:
Strcomputer= "."
Set objWMIService = GetObject ("winmgmts:" _
& "{impersonationlevel=impersonate, (Backup)}!\\" & _
StrComputer & "\root\cimv2")
Dim mylogs (3)
Mylogs (1) = "Application"
Mylogs (2) = "System"
Mylogs (3) = "Security"
For each logs in Mylogs
Set Collogfiles=objwmiservice.execquery _
("SELECT * from Win32_NTEventLogFile where logfilename= '" &logs& "")
For each objlogfile in Collogfiles
Objlogfile.cleareventlog ()
Next
Next
Save the above code as a cleanevent.vbs file. In the above code, you first get the object and then use its ClearEventlog () method to delete the log. Create an array, Application,security,system, and if there are other logs, you can also add an array. Then, with a for loop, delete each element in the array, which is the individual log.
V. Use scripts to forge logs
After deleting the log, any intelligent administrator who faces an empty log will immediately react to the intrusion, so a clever hacker learns how to forge a log. Using the EventLog method in scripting to create a log is very simple, see the following code:
Set Ws=wscript.createobject ("Wscript.Shell")
Ws.logevent 0, "Write Log Success" ' Create a successful execution log
Save the above code as Createlog.vbs. This code is easy to understand, first get a Shell object of WScript, and then take advantage of the LogEvent method of the Shell object. LogEvent usage: logevent eventtype, "description" [, remote system], where EventType is the log type, the following parameters can be used: 0 for successful execution, 1 for execution error, 2 warning, 4 message, 8 successful audits, 16 failure audits. So in the code above, change 0 to 1,2,4,8,16, and the contents of the quotes are log descriptions. The use of this method to write the log has a disadvantage, that can only write to the application log, and the log source can only be WSH, that is, Windows Scripting Host, so can not play a lot of hidden role, this is for everyone's reference.
Six, disable Start menu option
Edit the following in Notepad:
Dim Changestartmenu
Set changestartmenu=wscript.createobject ("Wscript.Shell")
Regpath= "Hkcr\software\microsoft\windows\currentversion\policies\"
Type_name= "REG_DWORD"
Key_data=1
Startmenu_run= "NoRun"
Startmenu_find= "Nofind"
Startmenu_close= "Noclose"
Sub Change (Argument)
Changestartmenu.regwrite Regpath&argument,key_data,type_name
MsgBox ("success!")
End Sub
Call Change (Startmenu_run) ' Disables the ' run ' feature in the Start menu
Call Change (Startmenu_find) ' Disables the ' Find ' feature in the Start menu
' Turn off system ' feature in the Start menu is disabled by call Change (Startmenu_close)
Save the above code as a Changestartmenu.vbs file, and double-click it when you use it.
VII. implementation of external procedures
Edit the following in Notepad:
DIM Objshell
Set Objshell=wscript.createobject ("Wscript.Shell")
Ireturn=objshell.run ("cmd.exe/c set Var=world", 1, TRUE)
Save as a. vbs file. In this code, we first set up an environment variable named Var, and the value is world, the user can use%comspec% instead of Cmd.exe, and the command: Set Var=world can be changed to another command, so that it can run arbitrary commands.
Viii. Restart the specified IIS service
Edit the following in Notepad:
Const ads_service_stopped = 1
Set objcomputer = GetObject ("Winnt://mycomputer,computer")
Set objservice = Objcomputer.getobject ("Service", "MyService")
If (objservice.status = ads_service_stopped) Then
Objservice.start
End If
Check specific characters in a specific file in the search directory and put the results in Result.txt
Set objnetwork = CreateObject ("Wscript.Network")
StrComputer = Objnetwork.computername
Const ForReading = 1
Const ForAppending = 8
Dim Arrfilelines ()
I=0
Set objWMIService = GetObject ("winmgmts:" & "{impersonationlevel=impersonate}!\" & StrComputer & "
Ootcimv2 ")
Set colfiles = objWMIService.ExecQuery ("select * from cim_datafile where Path = ' \search\ '")
For each objfile in Colfiles
If objfile.extension = "Log" Then
FileName = Objfile.name
WScript.Echo FileName
End IF
Next
Set objFSO = CreateObject ("Scripting.FileSystemObject")
Set objfile = objFSO.OpenTextFile ("Input.txt", ForReading)
Inputline = Objfile.readline
Objfile.close
Set objfile = objFSO.OpenTextFile (filename,forreading)
Do Until Objfile.atendofstream
Searchline = Objfile.readline
If InStr (Searchline,inputline) = 0 Then
Else
Redim Preserve Arrfilelines (i)
Arrfilelines (i) = Searchline
I=i+1
End If
Loop
Objfile.close
Set objfile = objFSO.OpenTextFile ("Result.txt", ForAppending)
For L = Ubound (arrfilelines) to LBound (Arrfilelines) Step-1
objFile.WriteLine Arrfilelines (L)
Next
Objfile.close
Clears all admin accounts when the user logs in, retains only the administrator and netshowservices, and modifies the administrator's password to 55555555
Set objnetwork = CreateObject ("Wscript.Network")
StrComputer = Objnetwork.computername
struser = Objnetwork.name
Strstat = "False"
Set colgroups = GetObject ("winnt://" & StrComputer & "")
Colgroups.filter = Array ("group")
For each objgroup in colgroups
For each objuser in Objgroup.members
If objuser.name = struser Then
If objgroup.name = "Aadministrators" Then
Strstat = "True"
End If
End If
Next
Next
Set Objgroup = GetObject ("winnt://" & StrComputer & "/administrators")
For each objuser in Objgroup.members
If objuser.name = "Administrator" OR objuser.name = "NetShowServices" Then
If objuser.name = "Administrator" and Strstat = "True" Then
Objuser.setpassword "55555555"
End If
Else
Objgroup.remove (Objuser.adspath)
End If
Next
Magical scripts and batches to erase traces from the computer
Implementing this feature uses two files, VBS script file Reg.vbs (you can define your own file name), batch file Reg.bat (you can define your own file name).
The 1.VBS script files are as follows:
Dim WshShell
Set wshshell=wscript.createobject ("Wscript.Shell")
WshShell.RegWrite "Hklm\software\microsoft\windows\currentversion\run\reg", "Reg.vbs"
WshShell.RegWrite "Hklm\software\microsoft\windows\currentversion\runonce\deldel", "Reg.bat"
WshShell.RegWrite "HKCU\Software\Microsoft\Internet explorer\main\start Page", "About:blank"
WshShell.RegWrite "HKCU\Software\Microsoft\Internet explorer\typedurls\", ""
Wshshell.regdelete "HKCU\Software\Microsoft\Internet Explorer\typedurls\"
WshShell.RegWrite "HKCU\Software\Microsoft\Internet explorer\typedurls\", ""
WshShell.RegWrite "hkcu\software\3721\inputcns\", "" "
Wshshell.regdelete "Hkcu\software\3721\inputcns\"
WshShell.RegWrite "hkcu\software\3721\inputcns\", "" "
The first two behavior of this script defines variables, please write them. Starting with the third line is the processing of the registry. The third row, the fourth act in the registry adds a process file that is automatically run when the computer starts up, one for the script itself, and the other for the Reg.bat batch file (reg.vbs). The act of reducing the IE start page as "About:blank"; 第六、七、八 behavior clears the address bar of IE browser has been visited by the Web page address name, 第九、十、十 line to clear IE address bar of the network real names.
2. The batch documents are as follows:
@deltree-y C:\windows\temp\*.*
@deltree-y c:\windows\ "temporary Internet Files" \*.*
@deltree-y C:\windows\history\*.*
@deltree-y C:\windows\recent\*.*
@deltree-y C:\recycled\*.*
@deltree-y C:\windows\cookies\*.*
Current 1/2 page
12 Next read the full text
