elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Security Series.XSS. [Cross Site Scripting]


+  Foro de elhacker.net
|-+  Programación
| |-+  Scripting
| | |-+  [APORTE] [PowerShell] SetACL.exe | Get Full Registry Ownership
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: [APORTE] [PowerShell] SetACL.exe | Get Full Registry Ownership  (Leído 2,607 veces)
Eleкtro
Ex-Staff
*
Desconectado Desconectado

Mensajes: 9.885



Ver Perfil
[APORTE] [PowerShell] SetACL.exe | Get Full Registry Ownership
« en: 4 Marzo 2024, 15:31 pm »

El siguiente script desarrollado en PowerShell y dependiente del programa de terceros SetACL (https://helgeklein.com/download/#), sirve para adquirir propiedad absoluta sobre todas las claves de registro del sistema, lo que puede servir en algunos escenarios de prueba (generalmente en máquinas virtuales), o de infecciones por malware.

UTILIZAR ESTE SCRIPT BAJO SU PROPIA RESPONSABILIDAD, Y BAJO UNA CUENTA DE ADMINISTRADOR.

MODIFICAR LOS PERMISOS DE ALGUNAS CLAVES DEL REGISTRO DE WINDOWS PUEDE CONLLEVAR CONSECUENCIAS IMPREVISTAS QUE PROVOQUEN UN MALFUNCIONAMIENTO DEL SISTEMA OPERATIVO E IMPIDAN INICIAR SESIÓN DE USUARIO.

NO ME HAGO RESPONSABLE DE NADA.






Código
  1. <#
  2. ===========================================================================================
  3. |                                                                                         |
  4. |                                    Functions                                            |
  5. |                                                                                         |
  6. ===========================================================================================
  7. #>
  8.  
  9. function Show-WelcomeScreen {
  10.    Clear-Host
  11.    Write-Output ""
  12.    Write-Output " $($host.ui.RawUI.WindowTitle)"
  13.    Write-Output " +====================================================================+"
  14.    Write-Output " |                                                                    |"
  15.    Write-Output " | This script will take the ownership and ACE (Access Control Entry) |"
  16.    Write-Output " | of all the registry keys and subkeys in the current computer,      |"
  17.    Write-Output " | giving full access and permissions for the current user.           |"
  18.    Write-Output " |                                                                    |"
  19.    Write-Output " +====================================================================+"
  20.    Write-Output ""
  21.    Write-Host   " CHANGING THE OWNER AND PERMISSIONS COULD BREAK THINGS," -ForegroundColor Red
  22.    Write-Host   " SO PROCEED WITH CAUTION AND DO IT AT YOUR OWN RISK !!" -ForegroundColor Red
  23.    Write-Output ""
  24.    Write-Output " CURRENT SCRIPT CONFIG:"
  25.    Write-Output " ----------------------"
  26.    Write-Output " -SetAclFilePath: $SetAclFilePath"
  27.    Write-Output " -UserName......: $UserName"
  28.    Write-Output " -RegKeys.......:"
  29.    Write-Output ($RegKeys | ForEach-Object {"                  $_"})
  30.    Write-Output ""
  31. }
  32.  
  33. function Confirm-Continue {
  34.    Write-Host " Press 'Y' key to continue or 'N' to exit."
  35.    Write-Host ""
  36.    Write-Host " -Continue? (Y/N)"
  37.    do {
  38.        $key = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  39.        $char = $key.Character.ToString().ToUpper()
  40.        if ($char -ne "Y" -and $char -ne "N") {
  41.            [console]::beep(1500, 500)
  42.        }
  43.    } while ($char -ne "Y" -and $char -ne "N")
  44.    if ($char -eq "N") {Exit(1)} else {Clear-Host}
  45. }
  46.  
  47. function Get-RegistryOwnership {
  48.    param(
  49.        [string]$setAclFilePath = "$env:ProgramFiles\SetACL\setacl.exe",
  50.        [string[]]$regKeys,
  51.        [string]$userName = "$env:UserName"
  52.    )
  53.  
  54.    try {
  55.        if (-not (Test-Path $setAclFilePath)) {
  56.            $ex = New-Object System.IO.FileNotFoundException("SetACL.exe file not found at path '$setAclFilePath'.", $setAclFilePath)
  57.            throw $ex
  58.        }
  59.  
  60.        $logFile = New-TemporaryFile
  61.  
  62.        foreach ($key in $regKeys) {
  63.            Start-Process -Wait -FilePath "$setAclFilePath" -ArgumentList "-on", "`"$key`"", "-ot", "reg", "-actn", "setowner", "-ownr", "`"n:$userName`"", "-rec", "Yes", "-actn", "ace", "-ace", "`"n:$userName;p:full`"", "-rec", "Yes", "-log", "`"$($logFile.FullName)`"" -NoNewWindow -PassThru
  64.            #$logContent = Get-Content -Path $logFile.FullName
  65.            Write-Output ""
  66.            #Write-Output $logContent
  67.        }
  68.  
  69.    } catch {
  70.        Write-Host "Something went wrong when calling '$($MyInvocation.MyCommand.Name)' method:"
  71.        Write-Host ""
  72.        Write-Warning ($_.Exception)
  73.        Write-Host ""
  74.        Write-Error -Message ($_.Exception | Format-List * -Force | Out-String)
  75.        Write-Host ""
  76.        Write-Host "Press any key to exit..."
  77.        $key = $Host.UI.RawUI.ReadKey("NoEcho, IncludeKeyDown")
  78.        Exit(1)
  79.    }
  80. }
  81.  
  82. function Show-GoodbyeScreen {
  83.    Write-Host "Operation Completed!" -BackgroundColor Black -ForegroundColor Green
  84.    Write-Host ""
  85.    Write-Host "Press any key to exit..."
  86.    $key = $Host.UI.RawUI.ReadKey("NoEcho, IncludeKeyDown")
  87.    Exit(0)
  88. }
  89.  
  90. <#
  91. ===========================================================================================
  92. |                                                                                         |
  93. |                                         Main                                            |
  94. |                                                                                         |
  95. ===========================================================================================
  96. #>
  97.  
  98. [System.Console]::Title = "Get Full Registry Ownership Tool - by Elektro"
  99. [CultureInfo]::CurrentUICulture = "en-US"
  100.  
  101. $SetAclFilePath = "$env:ProgramFiles\SetACL\SetACL.exe"
  102. $RegKeys = "HKEY_CLASSES_ROOT", "HKEY_CURRENT_USER", "HKEY_LOCAL_MACHINE", "HKEY_USERS", "HKEY_CURRENT_CONFIG"
  103. $UserName = $env:UserName
  104.  
  105. try { Set-ExecutionPolicy -ExecutionPolicy "Unrestricted" -Scope "Process" } catch { }
  106.  
  107. Show-WelcomeScreen
  108. Confirm-Continue
  109. Get-RegistryOwnership -SetAclFilePath $SetAclFilePath -RegKeys $RegKeys -UserName $UserName
  110. Show-GoodbyeScreen


« Última modificación: 4 Marzo 2024, 15:34 pm por Eleкtro » En línea



Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
[APORTE] [PowerShell] Windows Event Logs Cleaner
Scripting
Eleкtro 0 1,733 Último mensaje 3 Marzo 2024, 21:54 pm
por Eleкtro
[APORTE] [PowerShell] Truncate Log Files
Scripting
Eleкtro 0 1,188 Último mensaje 3 Marzo 2024, 22:14 pm
por Eleкtro
[APORTE] [PowerShell] ImageMagick | Convert image files to ICO
Scripting
Eleкtro 0 1,247 Último mensaje 4 Marzo 2024, 14:41 pm
por Eleкtro
[APORTE] [PowerShell] IrfanView | Convert image files to JPG
Scripting
Eleкtro 0 1,008 Último mensaje 4 Marzo 2024, 14:45 pm
por Eleкtro
[APORTE] [PowerShell] IrfanView | Crop image files
Scripting
Eleкtro 0 1,179 Último mensaje 4 Marzo 2024, 14:48 pm
por Eleкtro
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines