I'm working on some kind of malware for Windows systems(for testing purposes of course :) ) for some time, and since I'm very busy with all the things I'm doing at the moment, this little application won't be finished soon.
But in the last days I was coding something about startup, and I've remembered one way of hidden startup that is not so popular or known. And the strange thing is that Microsoft is not fixing this bug for a long time.
What is it all about?
Windows Registry Editor for 2k and XP systems has a design flaw that alows to hide registry information from viewing or editing. And the best thing is that this exploitation also includes even users with administrative access.
Easiest way to exploit this bug is to:
1. Create a new string value in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run with Registry editor(Regedit32.exe)
2. Fill the name of the key with some string of 258 characters
3. Create one more string value, and type some name(of you program), and for data insert the path to your program.
4. Now press F5 to refresh it, and voila :) the key disappeared!
5. Restart the system, and your program will be executed.
Simple as that... :)
posted by Jovica at 11:47 PM
|
|
0 Comments:
<< back home
Post a Comment