On Error Resume Next
Set outstreem=Wscript.stdout
If (LCase(Right(Wscript.fullname,11))="Wscript.exe") Then
Set objShell=Wscript.CreateObject("Wscript.shell")
objShell.Run("cmd.exe /k cscript //nologo "&Chr(34)&Wscript.ScriptFullName&Chr(34))
Wscript.Quit
End If
If Wscript.arguments.Count<4 Then
usage()
Wscript.echo "Not enough Parameters."
Wscript.Quit
End If
ip=Wscript.arguments(0)
username=Wscript.arguments(1)
password=Wscript.arguments(2)
CmdStr=Wscript.arguments(3)
foldername="c:\\windows\\temp\\"
wsh.echo "Conneting "&ip&" ...."
Set objlocator=CreateObject("wbemscripting.swbemlocator")
Set objswbemservices=objlocator.connectserver(ip,"root/cimv2",username,password)
showerror(err.number)
Set Win_Process=objswbemservices.Get("Win32_ProcessStartup")
Set Hide_Windows=Win_Process.SpawnInstance_
Hide_Windows.ShowWindow=12
Set Rcmd=objswbemservices.Get("Win32_Process")
Set colFiles = objswbemservices.ExecQuery _
("Select * from CIM_Datafile Where Name = '"&foldername&"read.vbs'")
If colFiles.Count = 0 Then
wsh.echo "Not found read.vbs! Create Now!"
Create_read()
End If
msg1=Rcmd.create("cmd /c "&CmdStr&">%windir%\temp\tmp~386",Null,Hide_Windows,intProcessID)
If msg1 =0 Then wsh.echo "Command success..."&Chr(13)&Chr(10)&"Wait Write reg..."
wsh.sleep(2000)
msg2=Rcmd.create("cmd /c cscript %windir%\temp\read.vbs",Null,Hide_Windows,intProcessID)
If msg1 = 0 And msg2 = 0 Then
wsh.echo "Command success..."
Else
showerror(Err.Number)
End If
wsh.echo "Please Wait 4 Second ...."
wsh.sleep(4000)
Set StdOut = Wscript.StdOut
Set objinstreg=objlocator.connectserver(ip,"root/default",username,password).Get("stdregprov")
objinstreg.GetMultiStringValue &H80000002,"SOFTWARE\Clients","cmd" ,arrValues
wsh.echo String(79,"*")
wsh.echo cmdstr&Chr(13)&Chr(10)
For Each strValue In arrValues
StdOut.WriteLine strValue
Next
h
Sub Create_read()
RunYN = Rcmd.create("cmd /c echo On Error Resume Next:File=^""%windir%\temp\tmp~386^"">%windir%\temp\read.vbs"_
&"&&echo Set f=CreateObject(^""Scripting.FileSystemObject^"")>> %windir%\temp\read.vbs"_
&"&&echo Set ff=f.OpenTextFile(File,1,False):str=ff.readall:ff.Close:If str=^""^"" Then str=^""Nothing????^"">> %windir%\temp\read.vbs"_
&"&&echo Set oReg=GetObject(^""winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv^"")>> %windir%\temp\read.vbs"_
&"&&echo oReg.SetMultiStringValue ^&H80000002,^""SOFTWARE\Clients^"",^""cmd^"",Array(str)>> %windir%\temp\read.vbs"_
&"&&echo Wsh.sleep(500):f.DeleteFile(File):Set f=Nothing>> %windir%\temp\read.vbs",Null,Hide_Windows,intProcessID)
If RunYN = 0 Then
wsh.echo "read.vbs Created!!!"
Else
showerror(Err.Number)
End If
End Sub
Function showerroronly(errornumber)
If errornumber Then
Wscript.echo "Error 0x"&CStr(Hex(Err.Number))&" ."
If Err.Description <> "" Then
Wscript.echo "Error Description: "&Err.Description&"."
End If
Wscript.Quit
Else
outstreem.Write "."
End If
End Function
Sub usage()
wsh.echo string(79,"*")
wsh.echo "Rcmd v1.00 by NetPatch"
wsh.echo "Usage:"
wsh.echo "cscript "&wscript.scriptfullname&" targetIP username password Command"
wsh.echo string(79,"*")&vbcrlf
end Sub
 |
 |
Rcmd.vbs [Remote Cmd with wmi]
相关黑客文章
