`alternateshell`¶

$ target-query <path/to/target> -f alternateshell

Details¶
Module	`dissect.target.plugins.os.windows.generic.GenericPlugin`
Output	`records`

Module documentation

Generic Windows plugin.

Provides Windows operating system plugins too small to fit in a separate plugin.

Function documentation

Return the AlternateShell registry key value.

The AlternateShell registry key, HKEY_LOCAL_MACHINESystemCurrentControlSetControlSafeboot, specifies the shell that is used when a Windows system is started in “Safe Mode with Command Prompt”. Can be leveraged as a persistence mechanism.

References:

https://technet.microsoft.com/en-us/library/cc976124.aspx

alternateshell¶

`alternateshell`¶