Created
December 24, 2012 06:29
-
-
Save lexrus/4368074 to your computer and use it in GitHub Desktop.
有些变态的公司不让员工安装一些 Windows 常用软件~ 这个脚本帮助你骗过运维的远程注册表扫描程序,“非法”安装一些应用。运行后会在桌面上生成已经安装的软件列表,选择哪些要假装删除,然后运行桌面上的这个脚本,运维就扫描不到了。
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <job id="TheShawshankHammer"> | |
| <script language="JScript" id="env"> | |
| var fso = new ActiveXObject("Scripting.FileSystemObject"); | |
| var WshShell = WScript.CreateObject("WScript.Shell"); | |
| var deskPath = WshShell.SpecialFolders("Desktop"); | |
| var arg = WScript.Arguments; | |
| var scriptPath = WScript.ScriptFullName.split('\\').slice(0, -1).join('\\') + '\\'; | |
| </script> | |
| <script language="JScript" id="scan"> | |
| function scan() { | |
| var oShellLink = WshShell.CreateShortcut(deskPath + "\\TheShawshankHammer.lnk"); | |
| oShellLink.TargetPath = WScript.ScriptFullName; | |
| oShellLink.WindowStyle = 1; | |
| oShellLink.IconLocation = "explorer.exe, 1"; | |
| oShellLink.Description = "FREEDOM!!!"; | |
| oShellLink.WorkingDirectory = deskPath; | |
| oShellLink.Save(); | |
| WshShell["r"+"un"]("regedit /e C:\\uninstall.reg HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 9, true); | |
| read("C:\\uninstall.reg"); | |
| } | |
| function read(filename) { | |
| var stm = new ActiveXObject("ADO"+"DB.Str"+"eam"); | |
| stm.type = 2; | |
| stm.mode = 3; | |
| stm.charset = "UNICODE"; | |
| stm.open(); | |
| stm.loadFromFile(filename); | |
| var s = stm.readText(900*1024); | |
| stm.close(); | |
| var stm2 = new ActiveXObject("ADO"+"DB.Str"+"eam"); | |
| stm2.type = 2; | |
| stm2.mode = 3; | |
| stm2.charset = "UTF-8"; | |
| stm2.open(); | |
| stm2.writeText(wsfContainer(filter(s))); | |
| stm2['saveT'+'oFile'](deskPath+"\\FREEDOM_NOW\!\!\!.wsf", 2); | |
| stm2.close(); | |
| return s; | |
| } | |
| function filter(s) { | |
| s = new String(s); | |
| s = s.replace(/^Windows Registry Editor Version 500/img, ""); | |
| s = s.replace(/[^\w\d\"\=\\\[\]\n\ \%\(\)\{\}\-\_\.\u4e00-\u9fa5]+/ig, ""); | |
| s = s.replace(/^"DisplayName"="([^"]+)"$/igm, "[$1]\n"); | |
| s = s.replace(/^[^\[].+[^\]]$/img, ""); | |
| s = s.replace(/\n\n\n+/g, "\n"); | |
| s = s.replace(/^\[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\([^\]]+)\]$\n+/igm, noKB); | |
| s = s.replace(/^d\('.+(d\(')/img, "$1"); | |
| s = s.replace(/^\!\@\#.+$/img, ""); | |
| s = s.replace(/\n{2,}/g, "\n"); | |
| s = s.replace(/(^\n|\n$)/mg, ""); | |
| s = s.replace(/$/mg, "');"); | |
| return s; | |
| } | |
| function d(k, n) { | |
| try { | |
| wsh.RegDelete("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\"+k+"\\DisplayName"); | |
| } catch(e) {} | |
| } | |
| function wsfContainer(s) { | |
| return '<job id="PROJECT_FREEDOM"><script language="JScript" id="mass_delete">var wsh=WScript.CreateObject("WScript.Shell");' | |
| + d.toString() + ";\n" + s + "\nWScript.echo('删除成功!你自由了!');\n</scr"+'ipt></jo'+'b>'; | |
| } | |
| function noKB(a, s) { | |
| if (s.indexOf('KB')==0 | |
| || /\{[^\}]+\}\.KB[\d\w]+/i.test(s) | |
| || /\{[^\}]+\}_VisualWebDeveloper_.+/.test(s) | |
| ) return '!@#'; | |
| var s = "d('"+s+"',"; | |
| //return s; | |
| return s + (new Array(Math.abs(70-s.length))).join(' ') + "'"; | |
| } | |
| </script> | |
| <script language="JScript" id="main"> | |
| // 如果是单独运行,就不会有参数 | |
| if (0 == arg.length) { | |
| scan(); | |
| try { | |
| WshShell.run("notepad++ \""+ deskPath + "\\FREEDOM_NOW\!\!\!.wsf\"", 3); | |
| } catch(e) {} | |
| } | |
| </script> | |
| </job> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment