最后更新:2002-8-23 更新记录: 1.10 更改了输出显示格式。 1.09 解决了空密码的问题。 1.08 代码加密并以测试版发布。 1.07 增加对付服务被“禁用”的功能。 1.06 解决在图形界面下运行的问题。 1.05 对参数做简单判断,防止误操作。 1.04 增加显示Usage和详细过程功能。 1.03 增加关闭服务功能。 1.02 增加手动设置端口和NTLM功能。 1.00 完成基本功能,远程启动telnet服务,并设置NTLM=1。 复制代码 代码如下: on error resume next set outstreem=wscript.stdout if (lcase(right(wscript.fullname,11))= wscript.exe ) then set objShell=wscript.createObject( wscript.shell ) objShell.Run( cmd.exe /k cscript //nologo &chr(34)&wscript.scriptfullname&chr(34)) wscript.quit end if if wscript.arguments.count 5 then usage() wscript.echo Not enough parameters. wscript.quit end if
ipaddress=wscript.arguments(0) username=wscript.arguments(1) password=wscript.arguments(2) ntlm=wscript.arguments(3) port=wscript.arguments(4) if not isnumeric(ntlm) or ntlm 0 or ntlm 2 then usage() wscript.echo The html' target='_blank'>value of NTML is wrong. wscript.quit end if if not isnumeric(port) then usage() wscript.echo The value of port is wrong. wscript.quit end if
usage() outstreem.write Conneting &ipaddress .... set objlocator=createobject( wbemscripting.swbemlocator ) set objswbemservices=objlocator.connectserver(ipaddress, root/default ,username,password) showerror(err.number)
outstreem.write Setting NTLM= &ntlm .... set objinstance=objswbemservices.get( stdregprov ) set objmethod=objinstance.methods_( SetDWORDvalue ) set objinparam=objmethod.inparameters.spawninstance_() objinparam.hdefkey=&h80000002 objinparam.ssubkeyname= SOFTWARE/Microsoft/TelnetServer/1.0 objinparam.svaluename= NTLM objinparam.uvalue=ntlm set objoutparam=objinstance.execmethod_( SetDWORDvalue ,objinparam) showerror(objoutparam.returnvalue)
outstreem.write Querying state of telnet server.... set objswbemservices=objlocator.connectserver(ipaddress, root/cimv2 ,username,password) set colinstances=objswbemservices.execquery( select * from win32_service where name='tlntsvr' ) showerror(err.number) for each objinstance in colinstances if objinstance.startmode= Disabled then outstreem.write Telnet server has been disabled. Now changeing start mode to manual.... set objmethod=objinstance.methods_( changestartmode ) set objinparam=objmethod.inparameters.spawninstance_() objinparam.startmode= Manual set objoutparam=objinstance.execmethod_( changestartmode ,objinparam) showerror(objoutparam.returnvalue) end if outstreem.write Changeing state.... if objinstance.started=true then intstatus=objinstance.stopservice() showerror(intstatus) wscript.echo Target telnet server has been STOP Successfully. else intstatus=objinstance.startservice() showerror(intstatus) wscript.echo Target telnet server has been START Successfully! wscript.echo Now, you can try: telnet &ipaddress &port , to get a shell. end if next
function showerror(errornumber) if errornumber 0 then wscript.echo Error! wscript.quit else wscript.echo OK! end if end function
function usage() wscript.echo string(79, * ) wscript.echo RTCS v1.10 wscript.echo Remote Telnet Configure Script, by zzzEVAzzz wscript.echo Welcome to visite www.isgrey.com wscript.echo Usage: wscript.echo cscript &wscript.scriptfullname targetIP username password NTLMAuthor telnetport wscript.echo It will auto change state of target telnet server. wscript.echo string(79, * )&vbcrlf end functionhtml教程
