揭秘国内IDC商家那点小把戏


发布人:admin分类:网络安全浏览量:42发布时间:2017-12-12

现在国内大多数的IDC服务提供商多不胜数,参差不齐,现在不讨论其安全问题。你在买服务器的同时是否检测过商家给你的机器配置是否真的是真是的呢?真的是Q9300 4G吗?真的是Q9300 8G吗?真的是i5,i7的吗?Linux就不说了

下面就由Flyfish简单给大家说下IDC商家在Windows2003下作假的手段!

用到的文件和工具:

1.Reshacker-资源查看编辑工具,也可以使用EXeScope或其他同类工具;

2.sysdm.cpl-系统设置模块文件,在你的C盘"C:\windows\system"目录下(主意:此文件要和你修改的系统一样,不能把Win7的放到03下,会出错);

3.记事本;

好了,开工:

打开Reshacker,将sysdm.cpl拖进去,点到对话框,101下面,看到了吗?

将它修改为你想在你电脑右键属性里显示的任何值!改完之后保存,将其复制并替换以下两个文件

"c:\windows\system32\dllcache\sysdm.cpl"
"c:\windows\system32\sysdm.cpl"

注意大部分系统都开了文件还原,替换后会自动还原,你可以手动关闭,也可以用系统文件替换工具操作!

这样是不是就完了呢?打开你的设备管理器里边看一下,CPU信息还没有变,下面来改CPU:

改CPU就需要操作注册表了,因为它的信息都是保存在注册表里的,要修改的地方有16处,以下位置需要你手动添加权限,不然是看不到的,主要修改的地方如下:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"

应该能看懂把!改完之后看看设备管理器那里是不是变了,但是还没有完,只要你一重启由都还原了!是不是可以做个批处理添加到开机启动项里呢?(目前只想到这个办法)

下面我给出一个我写的批处理(开机自动修改,与手动修改效果是一样的!)

@ECHO OFF
::停止并删除windows文件的保护功能
NET stop cryptsvc
SC config cryptsvc start= disabled
::SC delete cryptsvc
::替换文件,修改内存
COPY sysdm.cpl c:\windows\system32\dllcache\sysdm.cpl /y
COPY sysdm.cpl c:\windows\system32\sysdm.cpl /y
::命令操作以下注册表位置,需要先用Regini命令逐条获取权限
ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3[1 7 17]>>c:\reg.iniECHO HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor[1 7 17]>>c:\reg.ini
REGINI c:\reg.ini
DEL c:\reg.ini
::这里用脚本演示,批处理开机会弹出黑框
ECHO on error resume next>C:\tmp.VBS
ECHO Set Fs = CreateObject("Wscript.Shell")>>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
::添加启动项
REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\WINDOWS\CurrentVersion\Run" /v 测试 /t REG_SZ /D "C:\tmp.VBS" /F
START C:\tmp.VBS

将上面代码保存为.bat文件,运行即可!

其实用鲁大师、CPUZ或其他系统工具一测就检测出来了,但是并不是所有人都有这个习惯!演示条件有限,不上太多图了!不过是我事先测试过的,有问题请指出,仅供测试哦!


被黑站点统计 - 文章版权1、本主题所有言论和图片纯属会员个人意见,与本文章立场无关
2、本站所有主题由该文章作者发表,该文章作者与被黑站点统计享有文章相关版权
3、其他单位或个人使用、转载或引用本文时必须同时征得该文章作者和被黑站点统计的同意
4、文章作者须承担一切因本文发表而直接或间接导致的民事或刑事法律责任
5、本帖部分内容转载自其它媒体,但并不代表本站赞同其观点和对其真实性负责
6、如本帖侵犯到任何版权问题,请立即告知本站,本站将及时予与删除并致以最深的歉意
7、被黑站点统计管理员有权不事先通知发贴者而删除本文

免责声明

本站主要通过网络搜集国内被黑网站信息,统计分析数据,为部署安全型网络提供强有力的依据.本站所有工作人员均不参与黑站,挂马或赢利性行为,所有数据均为网民提供,提交者不一定是黑站人,所有提交采取不记名,先提交先审核的方式,如有任何疑问请及时与我们联系.

admin  的文章


微信公众号

微信公众号


Copyright © 2012-2022被黑网站统计系统All Rights Reserved
页面总访问量:21397140(PV) 页面执行时间:72.695(MS)
  • xml
  • 网站地图