fport. vbs for XP/2 0 0 3-vulnerability warning-the black bar safety net

2006-12-03T00:00:00
ID MYHACK58:62200613130
Type myhack58
Reporter 佚名
Modified 2006-12-03T00:00:00

Description

XP/2 0 0 3 the netstat with the"-o"option, so it is easy to use script to achieve fport features.

with new regexp . pattern="(..P\s+\S+\s+\S+\s+[A-Z])\s([0-9]+)" . global=true set ms=. execute(createobject("wscript. shell"). exec("netstat-ano"). stdout. readall) end with for each ps in getobject("winmgmts:\\.\ root\cimv2:win32_process"). instances_ f=0 for each m in ms if m. submatches(1)=ps. handle then if f=0 then f=1 s=s&">"&ps. handle&vbtab&ps. name&vbtab&ps. executablepath&vbcrlf end if s=s&" "& m. submatches(0)&vbcrlf end if next next wscript. echo s

As usual, given the echo version in a remote shell in use:

@echo with new regexp:. pattern="(..P\s+\S+\s+\S+\s+[A-Z])\s([0-9]+)":. global=true:set ms=. execute(createobject("wscript. shell"). exec("netstat-ano"). stdout. readall):end with:for each ps in getobject("winmgmts:\\.\ root\cimv2:win32_process"). instances_:f=0:for each m in ms:if m. submatches(1)=ps. handle then if f=0 then wscript. echo ">"^&ps. handle^&vbtab^&ps. name^&vbtab^&ps. executablepath:f=1:end if:wscript. echo " "^&m. submatches(0):end if:next:next>fp. vbs&@cscript //nologo fp. vbs&del fp. vbs