https://zachgrace.com/tags/persistence/Recent content in Persistence on Zach GraceHugoen-usMon, 23 Mar 2015 00:00:00 +0000https://zachgrace.com/posts/hunting-sticky-keys-backdoors/Mon, 23 Mar 2015 00:00:00 +0000https://zachgrace.com/posts/hunting-sticky-keys-backdoors/<p>The &ldquo;sticky keys&rdquo; backdoor method has been a favorite for hackers for years and it&rsquo;s been gaining popularity as a malware-free persistence method. This backdoor method gives an attacker pre-authentication, SYSTEM-level access to a target remotely over RDP or locally via the console.</p> <p>The backdoor can be installed in one of two ways:</p> <ol> <li>Copy <em>cmd.exe</em> over <em>sethc.exe</em> or <em>utilman.exe</em></li> <li>Set <em>cmd.exe</em> as the debugger for <em>sethc.exe</em> or <em>utilman.exe</em></li> </ol> <p>The <em>sethc.exe</em> backdoor can be triggered by pressing the shift key five times in rapid succession. The <em>utilman.exe</em> backdoor can be triggered by pressing windows+u.</p>