.txt
extension (among many others) are mapped to applictions that can open those files in Windows registry located at Computer\HKEY_CLASSES_ROOT
.notepad.exe %1
, where %1
is the argument for notepad.exe, which specifies a file name the notepad should open:c:\tools\hell.cmd
will launch a simple netcat reverse shell to the attacking system and also a notepad with the test.txt
file as an argument.Computer\HKEY_CLASSES_ROOT\txtfile\shell\open\command
to c:\tools\shell.cmd %1
as shown below: