Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
有些变态的公司不让员工安装一些 Windows 常用软件~ 这个脚本帮助你骗过运维的远程注册表扫描程序,“非法”安装一些应用。运行后会在桌面上生成已经安装的软件列表,选择哪些要假装删除,然后运行桌面上的这个脚本,运维就扫描不到了。
<job id="TheShawshankHammer">
<script language="JScript" id="env">
var fso = new ActiveXObject("Scripting.FileSystemObject");
var WshShell = WScript.CreateObject("WScript.Shell");
var deskPath = WshShell.SpecialFolders("Desktop");
var arg = WScript.Arguments;
var scriptPath = WScript.ScriptFullName.split('\\').slice(0, -1).join('\\') + '\\';
</script>
<script language="JScript" id="scan">
function scan() {
var oShellLink = WshShell.CreateShortcut(deskPath + "\\TheShawshankHammer.lnk");
oShellLink.TargetPath = WScript.ScriptFullName;
oShellLink.WindowStyle = 1;
oShellLink.IconLocation = "explorer.exe, 1";
oShellLink.Description = "FREEDOM!!!";
oShellLink.WorkingDirectory = deskPath;
oShellLink.Save();
WshShell["r"+"un"]("regedit /e C:\\uninstall.reg HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 9, true);
read("C:\\uninstall.reg");
}
function read(filename) {
var stm = new ActiveXObject("ADO"+"DB.Str"+"eam");
stm.type = 2;
stm.mode = 3;
stm.charset = "UNICODE";
stm.open();
stm.loadFromFile(filename);
var s = stm.readText(900*1024);
stm.close();
var stm2 = new ActiveXObject("ADO"+"DB.Str"+"eam");
stm2.type = 2;
stm2.mode = 3;
stm2.charset = "UTF-8";
stm2.open();
stm2.writeText(wsfContainer(filter(s)));
stm2['saveT'+'oFile'](deskPath+"\\FREEDOM_NOW\!\!\!.wsf", 2);
stm2.close();
return s;
}
function filter(s) {
s = new String(s);
s = s.replace(/^Windows Registry Editor Version 500/img, "");
s = s.replace(/[^\w\d\"\=\\\[\]\n\ \%\(\)\{\}\-\_\.\u4e00-\u9fa5]+/ig, "");
s = s.replace(/^"DisplayName"="([^"]+)"$/igm, "[$1]\n");
s = s.replace(/^[^\[].+[^\]]$/img, "");
s = s.replace(/\n\n\n+/g, "\n");
s = s.replace(/^\[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\([^\]]+)\]$\n+/igm, noKB);
s = s.replace(/^d\('.+(d\(')/img, "$1");
s = s.replace(/^\!\@\#.+$/img, "");
s = s.replace(/\n{2,}/g, "\n");
s = s.replace(/(^\n|\n$)/mg, "");
s = s.replace(/$/mg, "');");
return s;
}
function d(k, n) {
try {
wsh.RegDelete("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\"+k+"\\DisplayName");
} catch(e) {}
}
function wsfContainer(s) {
return '<job id="PROJECT_FREEDOM"><script language="JScript" id="mass_delete">var wsh=WScript.CreateObject("WScript.Shell");'
+ d.toString() + ";\n" + s + "\nWScript.echo('删除成功!你自由了!');\n</scr"+'ipt></jo'+'b>';
}
function noKB(a, s) {
if (s.indexOf('KB')==0
|| /\{[^\}]+\}\.KB[\d\w]+/i.test(s)
|| /\{[^\}]+\}_VisualWebDeveloper_.+/.test(s)
) return '!@#';
var s = "d('"+s+"',";
//return s;
return s + (new Array(Math.abs(70-s.length))).join(' ') + "'";
}
</script>
<script language="JScript" id="main">
// 如果是单独运行,就不会有参数
if (0 == arg.length) {
scan();
try {
WshShell.run("notepad++ \""+ deskPath + "\\FREEDOM_NOW\!\!\!.wsf\"", 3);
} catch(e) {}
}
</script>
</job>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.