ztgrace / sticky_keys_hunter

A script to test an RDP host for sticky keys and utilman backdoor.
GNU General Public License v3.0
257 stars 61 forks source link

Idea #4

Open BustedSec opened 7 years ago

BustedSec commented 7 years ago

have it scan the pictures for black pixels which indicate command prompt

ztgrace commented 7 years ago

Hey @BustedSec,

Thanks for the idea. The black detection was originally part of this PoC, but I found it was really bad at detecting shells, both false positives and false negatives. Another project, https://github.com/linuz/Sticky-Keys-Slayer, extended this PoC and does use black pixel detection. However, I prefer to use this opencv script I wrote to do feature matching against screenshots of shells: https://github.com/ztgrace/junk_drawer/blob/master/screenshot_detect.py

Let me know if you have any questions.

Cheers, Zach