The purpose of Sticky Keys enables users to teach inward key combinations yesteryear pressing keys inward sequence rather than simultaneously. This is desirable, peculiarly for users who are unable to press the keys inward combination due to to a greater extent than or less form of physical challenges. Although the method of enabling Sticky keys helps inward simplifying diverse tasks, it also opens upwards a backdoor entry for hackers.
What are Sticky Key Backdoor attacks
The assault involves 2 steps:
- Attackers supervene upon Ease of Access organization files similar sethc.exe, utilman.exe, osk.exe, narrator.exe, magnify.exe, displayswitch.exe amongst programs similar cmd.exe, or powershell.exe.
- Attackers gear upwards cmd.exe or other trounce programs equally debuggers for the above-listed accessibility programs
Once the executables are switched, y'all tin give the sack press the Shift fundamental v times inward a row to bypass the login in addition to teach a organization score ascendancy prompt if sethc.exe has been replaced. It utilman.exe is replaced, in addition to thus y'all volition accept to press Win+U keys.
The assailant in addition to thus effectively gets a trounce without needing to authenticate in addition to since the replacement uses a legitimate Windows binary (cmd.exe) it makes the procedure of identifying the Sticky Keys assault actually difficult.
Once the assault has been identified, the close acknowledged in addition to effective remedial method is to forestall the assailant from getting administrative privileges since, modifying or changing the necessary keys or files inward this assault requires administrative privileges.
An slowly means to forestall such Sticky Key Backdoor attacks is yesteryear disabling Sticky Keys on your Window computer. To practise this, opened upwards Control Panel > Ease of Access Center > Make the keyboard easier to purpose > Uncheck the Turn on Sticky keys checkbox equally shown to a higher house inward the image.
There are 2 ways y'all tin give the sack uncovering such attacks. Match the Hashes or become through the Windows Registry. This tin give the sack endure tin give the sack eat both, fourth dimension in addition to efforts.
Sticky Keys Backdoor Scanner is a complimentary tool that volition scan your organization for binary replacements in addition to registry modification, that tin give the sack signal that your reckoner may accept been compromised yesteryear a Sticky Key Backdoor.
See how y'all tin give the sack reset Administrator password inward Windows using Sticky Keys.
Sticky Keys Backdoor Scanner
Sticky Keys Backdoor Scanner is a PowerShell scanner that scans for the beingness of a Sticky Keys backdoor. Once inward action, Sticky Keys Scanner looks for both backdoor variants – binary replacement in addition to registry alteration in addition to alerts you.
A user tin give the sack either import in addition to piece of employment this PowerShell component locally on the suspected reckoner or purpose PowerShell remoting to piece of employment the scanner across multiple computers using the Invoke-Command cmdlet.
It is available for download from Github should y'all demand it.
TIP: Our Ease Of Access Replacer lets y'all supervene upon Ease of Access push inward Windows amongst useful tools.
Source: https://www.thewindowsclub.com/
comment 0 Comments
more_vert