[APORTE] [PowerShell] SetACL.exe | Get Full Registry Ownership

(1/1)

Eleкtro:
El siguiente script desarrollado en PowerShell y dependiente del programa de terceros SetACL (https://helgeklein.com/download/#), sirve para adquirir propiedad absoluta sobre todas las claves de registro del sistema, lo que puede servir en algunos escenarios de prueba (generalmente en máquinas virtuales), o de infecciones por malware.

UTILIZAR ESTE SCRIPT BAJO SU PROPIA RESPONSABILIDAD, Y BAJO UNA CUENTA DE ADMINISTRADOR.

MODIFICAR LOS PERMISOS DE ALGUNAS CLAVES DEL REGISTRO DE WINDOWS PUEDE CONLLEVAR CONSECUENCIAS IMPREVISTAS QUE PROVOQUEN UN MALFUNCIONAMIENTO DEL SISTEMA OPERATIVO E IMPIDAN INICIAR SESIÓN DE USUARIO.

NO ME HAGO RESPONSABLE DE NADA.




Código
<#
===========================================================================================
|                                                                                         |
|                                    Functions                                            |
|                                                                                         |
===========================================================================================
#>
 
function Show-WelcomeScreen {
   Clear-Host
   Write-Output ""
   Write-Output " $($host.ui.RawUI.WindowTitle)"
   Write-Output " +====================================================================+"
   Write-Output " |                                                                    |"
   Write-Output " | This script will take the ownership and ACE (Access Control Entry) |"
   Write-Output " | of all the registry keys and subkeys in the current computer,      |"
   Write-Output " | giving full access and permissions for the current user.           |"
   Write-Output " |                                                                    |"
   Write-Output " +====================================================================+"
   Write-Output ""
   Write-Host   " CHANGING THE OWNER AND PERMISSIONS COULD BREAK THINGS," -ForegroundColor Red
   Write-Host   " SO PROCEED WITH CAUTION AND DO IT AT YOUR OWN RISK !!" -ForegroundColor Red
   Write-Output ""
   Write-Output " CURRENT SCRIPT CONFIG:"
   Write-Output " ----------------------"
   Write-Output " -SetAclFilePath: $SetAclFilePath"
   Write-Output " -UserName......: $UserName"
   Write-Output " -RegKeys.......:"
   Write-Output ($RegKeys | ForEach-Object {"                  $_"})
   Write-Output ""
}
 
function Confirm-Continue {
   Write-Host " Press 'Y' key to continue or 'N' to exit."
   Write-Host ""
   Write-Host " -Continue? (Y/N)"
   do {
       $key = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
       $char = $key.Character.ToString().ToUpper()
       if ($char -ne "Y" -and $char -ne "N") {
           [console]::beep(1500, 500)
       }
   } while ($char -ne "Y" -and $char -ne "N")
   if ($char -eq "N") {Exit(1)} else {Clear-Host}
}
 
function Get-RegistryOwnership {
   param(
       [string]$setAclFilePath = "$env:ProgramFiles\SetACL\setacl.exe",
       [string[]]$regKeys,
       [string]$userName = "$env:UserName"
   )
 
   try {
       if (-not (Test-Path $setAclFilePath)) {
           $ex = New-Object System.IO.FileNotFoundException("SetACL.exe file not found at path '$setAclFilePath'.", $setAclFilePath)
           throw $ex
       }
 
       $logFile = New-TemporaryFile
 
       foreach ($key in $regKeys) {
           Start-Process -Wait -FilePath "$setAclFilePath" -ArgumentList "-on", "`"$key`"", "-ot", "reg", "-actn", "setowner", "-ownr", "`"n:$userName`"", "-rec", "Yes", "-actn", "ace", "-ace", "`"n:$userName;p:full`"", "-rec", "Yes", "-log", "`"$($logFile.FullName)`"" -NoNewWindow -PassThru
           #$logContent = Get-Content -Path $logFile.FullName
           Write-Output ""
           #Write-Output $logContent
       }
 
   } catch {
       Write-Host "Something went wrong when calling '$($MyInvocation.MyCommand.Name)' method:"
       Write-Host ""
       Write-Warning ($_.Exception)
       Write-Host ""
       Write-Error -Message ($_.Exception | Format-List * -Force | Out-String)
       Write-Host ""
       Write-Host "Press any key to exit..."
       $key = $Host.UI.RawUI.ReadKey("NoEcho, IncludeKeyDown")
       Exit(1)
   }
}
 
function Show-GoodbyeScreen {
   Write-Host "Operation Completed!" -BackgroundColor Black -ForegroundColor Green
   Write-Host ""
   Write-Host "Press any key to exit..."
   $key = $Host.UI.RawUI.ReadKey("NoEcho, IncludeKeyDown")
   Exit(0)
}
 
<#
===========================================================================================
|                                                                                         |
|                                         Main                                            |
|                                                                                         |
===========================================================================================
#>
 
[System.Console]::Title = "Get Full Registry Ownership Tool - by Elektro"
[CultureInfo]::CurrentUICulture = "en-US"
 
$SetAclFilePath = "$env:ProgramFiles\SetACL\SetACL.exe"
$RegKeys = "HKEY_CLASSES_ROOT", "HKEY_CURRENT_USER", "HKEY_LOCAL_MACHINE", "HKEY_USERS", "HKEY_CURRENT_CONFIG"
$UserName = $env:UserName
 
try { Set-ExecutionPolicy -ExecutionPolicy "Unrestricted" -Scope "Process" } catch { }
 
Show-WelcomeScreen
Confirm-Continue
Get-RegistryOwnership -SetAclFilePath $SetAclFilePath -RegKeys $RegKeys -UserName $UserName
Show-GoodbyeScreen

Navegación

[0] Índice de Mensajes