Monday, August 14, 2006

(VBS) Shutting Down Windows...

Here's some vbs code I wrote:
Dim WSHShell
Set WSHShell = WScript.CreateObject("WScript.Shell")
WSHShell.Run "shutdown -s -t 120", 1, true
Set WSHShell = Nothing

As you can see, it executes "shutdown -s -t 120" which tells Windows to terminate in 120 seconds.

To counter the effect (abort the shutdown) you may use:
Dim WSHShell
Set WSHShell = WScript.CreateObject("WScript.Shell")
WSHShell.Run "shutdown -a", 1, true
Set WSHShell = Nothing

Homework: Copy each of these pieces into a .txt file naming it exploit.vbs and csexploit.vbs (do NOT leave a trailing .txt and make sure .txt is not hidden from you by the OS). Now, double click on exploit.vbs and you will a window informing you that your system will shut down in less than 120 seconds. Quickly, double click on csexpoit.vbs to make that window disappear and ofcourse abort the process. Cool huh?

Try e-mailing this (actually the exploit.vbs file as an attachment) to your friends titled "check this out" or sth and you'll be surprised to find out how many of them actually clicked the file and faced the penalty :P
Your chances will greatly increase if the receiver of this is some bored, I-dont-know-computers secretary. How do you think so many worms have spread? Did you know that the majority of them was written in vbs?

Now... I should inform you that I could just as easily find code that let's say collects passwords from IE history or copies MSN Messenger identities and logs and have all this info mailed to me as soon as you click the file. Or maybe automatically e-mail the code to everyone in your address book. You should also fear that there have been cases in which you don't have to double click on the file. I could have it executed using a buffer overlow exploit in your Windows system. How about that?

Goodnight everyone!


Chris Thompson said...

your a tricky one.. hmmm to take the chance

George 2K8 said...

I'm not asking you to click on an unknown script :P

There code is right in front of you, clear and solid. I guess you don't know VBS or any other scripting language.

Btw, your e-mail address failed verification. You aren't using a fake ID now, are you?