使用套接字编程的Shell挖掘

2021 International Conference on Industrial Electronics Research and Applications (ICIERA) Pub Date : 2021-12-22 DOI:10.1109/ICIERA53202.2021.9726756

Ashish Sharma, Paras Chugh, Rohan Aggarwal, Harshit Garg

{"title":"使用套接字编程的Shell挖掘","authors":"Ashish Sharma, Paras Chugh, Rohan Aggarwal, Harshit Garg","doi":"10.1109/ICIERA53202.2021.9726756","DOIUrl":null,"url":null,"abstract":"This research aims to modify the existing shell shoveling technique to gain persistent control over a target's windows system without the knowledge of the compromised user. A .exe file is executed on the target system, which initiates a connection with the server system using socket programming, giving it full control over the target system's command line. In the conventional shell shoveling technique, the connection would've been broken had the target either deleted the file or restarted his/her system. To overcome the former issue, we made sure that a separate copy of our .exe file is made in the AppData folder during the first execution of the .exe file. For the latter issue, a registry entry is made at ‘HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run’ so the file would automatically get executed every time the system is started.","PeriodicalId":220461,"journal":{"name":"2021 International Conference on Industrial Electronics Research and Applications (ICIERA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Shell Shoveling Using Socket Programming\",\"authors\":\"Ashish Sharma, Paras Chugh, Rohan Aggarwal, Harshit Garg\",\"doi\":\"10.1109/ICIERA53202.2021.9726756\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This research aims to modify the existing shell shoveling technique to gain persistent control over a target's windows system without the knowledge of the compromised user. A .exe file is executed on the target system, which initiates a connection with the server system using socket programming, giving it full control over the target system's command line. In the conventional shell shoveling technique, the connection would've been broken had the target either deleted the file or restarted his/her system. To overcome the former issue, we made sure that a separate copy of our .exe file is made in the AppData folder during the first execution of the .exe file. For the latter issue, a registry entry is made at ‘HKCU\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run’ so the file would automatically get executed every time the system is started.\",\"PeriodicalId\":220461,\"journal\":{\"name\":\"2021 International Conference on Industrial Electronics Research and Applications (ICIERA)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Industrial Electronics Research and Applications (ICIERA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIERA53202.2021.9726756\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Industrial Electronics Research and Applications (ICIERA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIERA53202.2021.9726756","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

这项研究的目的是修改现有的外壳铲技术，以获得对目标的windows系统的持久控制，而不受感染的用户的知识。在目标系统上执行.exe文件，它使用套接字编程启动与服务器系统的连接，使其完全控制目标系统的命令行。在传统的shell清除技术中，如果目标删除了文件或重新启动了他/她的系统，连接就会中断。为了克服前一个问题，我们确保在第一次执行。exe文件时，在AppData文件夹中创建。exe文件的单独副本。对于后一个问题，注册表项为“HKCU\Software\Microsoft\Windows\CurrentVersion\Run”，因此该文件将在每次系统启动时自动执行。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Shell Shoveling Using Socket Programming

This research aims to modify the existing shell shoveling technique to gain persistent control over a target's windows system without the knowledge of the compromised user. A .exe file is executed on the target system, which initiates a connection with the server system using socket programming, giving it full control over the target system's command line. In the conventional shell shoveling technique, the connection would've been broken had the target either deleted the file or restarted his/her system. To overcome the former issue, we made sure that a separate copy of our .exe file is made in the AppData folder during the first execution of the .exe file. For the latter issue, a registry entry is made at ‘HKCU\Software\Microsoft\Windows\CurrentVersion\Run’ so the file would automatically get executed every time the system is started.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 International Conference on Industrial Electronics Research and Applications (ICIERA)

自引率

0.00%

发文量