Using cmd hide from anti-virus and firewall method-vulnerability warning-the black bar safety net

2009-04-14T00:00:00
ID MYHACK58:62200922904
Type myhack58
Reporter 佚名
Modified 2009-04-14T00:00:00

Description

我们 可以 把 SkSockServer.exe 更改 为 sk.jpg

In this case, antivirus software will not check out.

In direct double-click to perform the change through the extension of the program time, the system will ask in what way open, that is to say windows didn't recognize it.

But we in the cmd command line it can execute. And and didn't change the extension when the effect is the same.

The difference is, when we want to change the extension of the program when you need to hit the full name(the extension is also playing).

Here's what I have on this machine installed sksockserver(sk.jpg): the

First of all:

We use didn't change the extension of the program:

E:\>SkSockServer-install

Access is denied.

Then you pop the rising of the virus

Below we look at the change in the extension.

E:\>sk.jpg -install

Snake SockProxy Service installed.

E:\>sk.jpg -config of port 1 8 0 0

The Port value have set to 1 8 0 0

E:\>sk.jpg -config starttype 2

The New StartType have set to 2 -- Auto

E:\>net start skserver

Snake SockProxy Service service is starting .

Snake SockProxy Service Service has been started successfully.

ok! Success!

Now we are not afraid of antivirus software! And the other in the command line execution of the program can also be used in this method.

Principle:

In fact the principle is very simple, we use the cmd determines the file type of the method:

In the CMD, the system first determines the type of file whether it is executable file,

The determination method is not the file extension but the file header of the PE segment.

In the case of executing the file, then execute it.

If not, then according to the corresponding Association to start the appropriate program.

As there is no input filename, the system will default to the extension BAT, EXE,COM

Sequentially determined.

That is, the program changes the extension after only cmd. exe can“recognize”out of it,

Because cmd is not based on the extension to determine the file type.

And windows is on the extension to determine the file type.

Thus, we can lie to windows and antivirus.