资 源 简 介
一个使用svchost.exe去启动,平时不开端口,可以进行反连接的后门程序(和小榕的BITS是同一类型的后门).这里先要对bingle致万二分感谢,没有他开放的svchostdll的代码,就不会有这个后门的出现,后门中有三分一代码是bingle的代码,所以banner只会显示PortLess BackDoor这样字眼.除了有上面的特点外,还加入了相当部分的功能在这后门,加入的功能分别是:V1.1的功能1.检测克隆帐户2.清日志3.克隆帐户4.删除系统帐户(内建用户Guest,Administrator都能删除)5.枚举系统帐户6.http下载7.安装终端8.查看系统所有IP9.注销系统10.关系统电源11.重启12.关闭系统13.查看系统信息14.查看或修改终端端口V1.2增加功能15.端口到程序关联(fport)16.查进程(pslist)17.杀进程(pskill)18.查看服务信息19.停止服务20.启动服务21.配置服务启动值22.删除服务23.从正向连接的Shell中可以返回到[Syrinx]#状态继续使用后门提供的以上命令 -By default to the use of an activated normally not open ports can be connected to the anti-backdoor (and small Banyan BITS is the same type of back door). Bingle right here first to express my heartfelt gratitude, he did not open svchostdll code, there will be the emergence of this back door, the back door a third of a bingle code is the code, the banner will show PortLess BackDoor such wording. in addition to the above features, but also by adding a considerable part of the function of the back door, by adding the fu