Webshell cannot add 3389 account breakthrough Summary

Webshell has the SYSTEM permission, but cannot successfully Add the administrators user. Therefore, it cannot connect to 3389.

The reasons are as follows:
I. Killing Software
1,360 anti-virus software
2. Coffee antivirus software
3. Kaspersky Antivirus Software
4. Other anti-virus software or protection software
Ii. Policy
1, port change
2. You cannot add an account.
3. Administrator restrictions
4. The system has reached the maximum number of connections.

-------- I. Kill soft articles ----------
1,360 anti-virus software
Some servers in China often encounter 360 anti-virus and protection software. If you use webshell to add an administrators account, 360 will block and prompt the administrator, resulting in an error in adding the account.
So how can we break through the 360 limit? 360 cannot perfectly support the Server system, that is, it is actually very simple.
Preventing Webshell from adding an account is mainly because 360 takes the initiative to defend against the attack and ends the active defense. The 360 anti-virus solution is essentially a decoration.
On that day, I searched Baidu for the keyword blackbap.org and found it on the 360 forum. It turned out that the php Trojan developed by Silic was reported to the 360 Forum by a server administrator.
Basically, this network manager passed the webshell, saying that 360 could not be found, and hoped to update the virus database cloud. As a result, 360 engineers said that 360 could be killed after reading the results, as a result, the network administrator says that the update still cannot be killed. Then the engineer said what to install, the network manager said it was installed, or it could not be killed, and then the engineer reduced his head. It can be seen that 360 is very spam on the server. In the words of Tom, please spend more money on R & D products.
Well, it's time to let it go.
Run tasklist to check the process list, and then
Taskkill/im Import Name .exe/f
Copy code
End active defense
360 the related processes are as follows:
360tray.exe,360rp.exe,Zhudongfangyu.exe,360rps.exe, the blocks are eliminated. Basically, the 360 blocks are cleared. The add account and account, and the pr is set to pr.
The special nature of Apache + PHP in Windows has resulted in many webshells on the php site having SYSTEM permissions. Therefore, it is easy to end 360.
Even if it is not a SYSTEM, there is a way. For example, ASPX and asp.net have a process manipulation function. View the code (pulled directly from webshell ):

12345678910

protected void kp_Click(object sender, EventArgs e){Process[] kp = Process.GetProcesses ();foreach ( Process kp1 in kp )if (kp1.ProcessName == ListBox1.SelectedValue.ToString()){try{kp1.Kill();Response.Write("