类型:GUI Hack
方法:注册表项操作
目标:system32netplwiz.exe
组件:攻击者定义
Works from: window 10
HKCUSoftwareClassesFoldershellopencommand
单击netplwiz.exe中的“管理密码”按钮时调用
using System;using System.Linq;
using System.Diagnostics;
using System.Management;
namespace GetProcessList {
public static class Program {
static void Main(string[] args) {
Process[] processlist = Process.GetProcesses();
foreach(Process theprocess in processlist) {
Console.WriteLine("Process: {0} ID: {1} CmdLine: {2}", theprocess.ProcessName, theprocess.Id, GetCommandLine(theprocess));
}
}
private static string GetCommandLine(this Process process) {
using(ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT CommandLine FROM Win32_Process WHERE ProcessId = " + process.Id)) using(ManagementObjectCollection objects = searcher.Get()) {
return objects.Cast < ManagementBaseObject > ().SingleOrDefault() ? ["CommandLine"] ? .ToString();
}
}
}}