alternateshell
#
$ target-query <path/to/target> -f alternateshell
Module |
|
Output |
|
Module documentation
Generic Windows plugin.
Provides some plugins that don’t fit in a separate plugin.
Function documentation
Return the AlternateShell registry key value.
The AlternateShell registry key, HKEY_LOCAL_MACHINESystemCurrentControlSetControlSafeboot, specifies the shell that is used when a Windows system is started in “Safe Mode with Command Prompt”. Can be leveraged as a persistence mechanism.