Sticky-Keys-Slayer: Scans for accessibility tools backdoors via RDP
Sticky-Keys-Slayer
Scans for accessibility tools backdoors via RDP
stickyKeysSlayer.sh
Establishes a Remote Desktop session (RDP) with the specified hosts and sends keypresses to launch the accessibility tools within the Windows Login screen. stickyKeysSlayer.sh will analyze the console and alert if a command prompt window opens up. Screenshots will be put into a folder (‘./rdp-screenshots’ by default) and screenshots with a cmd.exe window are put in a subfolder (‘./rdp-screenshots/discovered’ by default). stickyKeysSlayer.sh accepts a single host or a list of hosts, delimited by line and works with multiple hosts in parallel.
stickyKeysSlayer.sh incorporates code from Zach Grace’s sticky_keys_hunter
Installation
apt-get update
apt-get -y install imagemagick xdotool parallel bc
git clone https://github.com/linuz/Sticky-Keys-Slayer.git
Usage
Demo
Copyright (C) linuz
Source: https://github.com/linuz/
