4.9 KiB
4.9 KiB
注册表
Flag:等有时间,每一条都写个poc或者解释下利用方法
| 注册表项 |
|---|
| HKCU\Environment\UserInitMprLogonScript |
| HKCU\Software\Classes*\ShellEx\ContextMenuHandlers |
| HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers |
| HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers |
| HKCU\Software\Classes\Directory\Shellex\DragDropHandlers |
| HKCU\Software\Classes\Drive\ShellEx\ContextMenuHandlers |
| HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run |
| HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon |
| HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell |
| HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
| HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce |
| HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx |
| HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices |
| HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce |
| HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Windows |
| HKCU\Software\Policies\Microsoft\Windows\System\Scripts |
| HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run |
| HKLM\Software\Classes*\ShellEx\PropertySheetHandlers |
| HKLM\Software\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance |
| HKLM\Software\Classes\CLSID{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance |
| HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers |
| HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers |
| HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers |
| HKLM\Software\Classes\Directory\Shellex\DragDropHandlers |
| HKLM\Software\Classes\Filter |
| HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers |
| HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers |
| HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components |
| HKLM\Software\Microsoft\Rpc\Extensions |
| HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 |
| HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers |
| HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler |
| HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
| HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce |
| HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx |
| HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices |
| HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad |
| HKLM\Software\Policies\Microsoft\Windows\System\Scripts |
| HKLM\Software\Wow6432Node\Classes*\ShellEx\ContextMenuHandlers |
| HKLM\Software\Wow6432Node\Classes*\ShellEx\PropertySheetHandlers |
| HKLM\Software\Wow6432Node\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance |
| HKLM\Software\Wow6432Node\Classes\CLSID{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance |
| HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers |
| HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers |
| HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers |
| HKLM\Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers |
| HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers |
| HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers |
| HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components |
| HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 |
| HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler |
| HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers |
| HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects |
| HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run |
| HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad |
| HKLM\System\CurrentControlSet\Control\Lsa\ |
| HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages |
| HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages |
| HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors |
| HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |
| HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls |
| HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\ |
| HKLM\System\CurrentControlSet\Services |
| HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries |
| HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64 |
| HKU*\software\microsoft\windows\currentversion\explorer\user shell folders\startup |