utilizing powershell is an easy way to remotely troubleshoot your computer in the event of a physical lockout.
By replacing the sethc.exe filename with regedit.exe you can easily create a shortcut to the registry.
replacing the renamed copy of sethc.exe onto a computer connected through ssh is easy, and here's how:
in short, to create an access point to be able to inject the renamed sethc.exe file in ducky script
[NOT FOR PROMPT-I wanted to see if i could get gpt to write ducky/ for me. in this case, after exfiltration hitting shift five times will pull up the system registry with admin rights. alternatively, you can replace 'regedit' with 'cmd' which will then pull up a admin level command prompt. obviously not the best for system stability, so i would advise that you put your toys back where you found them lest they break/brick]