This bash script tests for sticky keys and utilman backdoors. The script will connect to an RDP server, send both the sticky keys and utilman triggers and screenshot the result.
- Connects to RDP using rdesktop
- Sends shift 5 times using xdotool to trigger sethc.exe backdoors
- Sends Windows+u using xdotool to trigger utilman.exe backdoors
- Takes screenshot
- Kills RDP connection
- Linux host running an X server
- The following packages: xdotool imagemagick rdesktop bc
3. Debian/Ubuntu/Kali install:
apt-get install xdotool imagemagick rdesktop bc
- Screen cannot be locked during this process or all of the screenshots will turn out black
Scan a single host: ./stickyKeysHunter.sh 192.168.1.10
Scan Multiple hosts: for i in $(cat list.txt); do ./stickyKeysHunter.sh "${i}"; done
- Automatically analyze screenshots with OCR or image processing to identify backdoors.
- Speed up/multithread the tool.