This bash script tests for sticky keys and utilman backdoors. The script will connect to an RDP server, send both the sticky keys and utilman triggers and screenshot the result.
How does it work?
Prerequisites
Usage
Scan a single host:
Scan Multiple hosts:
TODO
![]()
How does it work?
- Connects to RDP using rdesktop
- Sends shift 5 times using xdotool to trigger sethc.exe backdoors
- Sends Windows+u using xdotool to trigger utilman.exe backdoors
- Takes screenshot
- Kills RDP connection
Prerequisites
- Linux host running an X server
- The following packages: xdotool imagemagick rdesktop bc
- Debian/Ubuntu/Kali install:
apt-get install xdotool imagemagick rdesktop bc
- Debian/Ubuntu/Kali install:
- Screen cannot be locked during this process or all of the screenshots will turn out black
Usage
Scan a single host:
./stickyKeysHunter.sh 192.168.1.10 Scan Multiple hosts:
for i in $(cat list.txt); do ./stickyKeysHunter.sh "${i}"; done TODO
- Automatically analyze screenshots with OCR or image processing to identify backdoors.
- Speed up/multithread the tool.