Author: alpha Article Source: Unknown Nature article: Original Views: 25 Published: 2004-12-27 We have been to do a good and depressed the back door, the back door of those ready-made software is difficult to escape chasing antivirus software Kill, and you write the back door to these beep worms, it seems unrealistic. Below I will teach you a method, let you build a back door that belongs to yourself! Tools: A cmd.asp is enough, write one or find one, but it is recommended to write a very simple! And you will not be killed. There is a very detailed note in the CMD.asp in the CD, you can take a look! Creating a process: Suppose you have attacked a machine. I started working! I believe everyone still remembers that there is an article that puts the application protection in IIS to: low (IIS process) and run the ASP Trojan has system rights! We will set him into: medium (shared), then let our cmd.asp run in System permissions. (Figure 1) This tool is used by Adsutil.vbs. Adsutil.vbs is a tool that comes with your own, used to manage IIS, usually under C: / INETPUB / Adminscripts. As for the specific use of Adsutil.vbs, it is no longer elaborated here, please check it online! Where the application protection is set to "in": LM / W3SVC / InProcessisapiapps, ISAPI is launched within the process. LM / W3SVC / INPROCESSISAPIAPPS is an array that contains a set of path points to some ISAPI. When the ISAPI in this array is running directly by inetinfo.exe, inherits INetInfo.exe's local system rights; not in it is ISAPI, is started by the Dllhost.exe process derived by svchost.exe, running The identity is iWam_name, however we have to do is manually adding asp.dll to here. Pay attention to this thing can't be added, only overwritten! ! Execute: CScript Adsutil.vbs Get / W3SVC / InProcessisapiapps See if there are those: (Figure 2) and then execute: cscript adsutil.vbs set / w3svc / inProcessisapiapps "c: /windows/system32/inetsrv/httpext.dll" "CSRV/HTTPEXT.DLL" : /Windows/system32/inetsrv/httpodbc.dll "C: /Windows/system32/inetsrv/ssinc.dll" C: /Windows/system32/msw3prt.dll "" C: /Windows/Microsoft.net/framework/ V1.1.4322 / askNET_ISAPI.DLL "" C: /Windows/system32/inetsrv/asp.dll "Note Between each value is used in a space, it is not a return! As shown below (Figure 3), it is not used in this application protection setting, we are still system permissions! Then let us create an anti-virus software can't kill, the manager can't find the folder to put cmd.asp! (Figure 4) Let's open the folder to see, you will magically discover AAA and AAA. (The AAA .. /) folder when building a folder is 1.txt (Figure 5) Where is the 2.txt? In fact, we open AAA. The folder is actually in the AAA folder.
