Ntauthority remote play patch9/1/2023 Another option, a bit stealthier is to set cmd.exe as the debugger for sethc.exe, ending up with a high privileged shell as well. Say you replace them by cmd.exe and you will be able to run a high privileged shell on the machine without being authenticated. Both can be replaced by other executables if one has sufficient rights on the system. There are two executables, sethc.exe and utilman.exe. Those features run an executable as NT AUTHORITY\SYSTEM. On a Windows system, it is possible to enable accessibility features and sticky keys even on the login screen, i.e. The sticky-keys backdoor is using a simple trick. Some time ago I read a tweet about hunting so-called “sticky-keys backdoors”, referencing a presentation at DEFCON 24, In addition to the presentation, the team released a tool called “Sticky Keys Slayer” that is publicly available on GitHub,
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |