-
-
Save Dhanvesh/abcc26792f08755827bc2cd64c50ac3c to your computer and use it in GitHub Desktop.
| @echo off | |
| title Windows 10 ALL version activator&cls&echo ************************************&echo Supported products:&echo - Windows 10 Home&echo - Windows 10 Professional&echo - Windows 10 Enterprise, Enterprise LTSB&echo - Windows 10 Education&echo.&echo.&echo ************************************ &echo Windows 10 activation... | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk TX9XD-98N7V-6WMQ6-BX7FG-H8Q99 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk 3KHY7-WNT83-DGQKR-F7HPR-844BM >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk PVMJN-6DFY6-9CCP6-7BKTT-D3WVR >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk MH37W-N47XK-V7XM9-C7227-GCQG9 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk NW6C2-QMPVW-D7KKK-3GKT6-VCFB2 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2WH4N-8QGBV-H22JP-CT43Q-MDWWJ >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk WNMTR-4C88C-JK8YV-HQ7T2-76DF9 >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2F77B-TNFGY-69QQF-B8YKP-D69TJ >nul | |
| echo ************************************ &echo.&echo.&set i=1 | |
| :server | |
| if %i%==1 set KMS_Sev=kms.shuax.com | |
| if %i%==2 set KMS_Sev=NextLevel.uk.to | |
| if %i%==3 set KMS_Sev=GuangPeng.uk.to | |
| if %i%==4 set KMS_Sev=AlwaysSmile.uk.to | |
| if %i%==5 set KMS_Sev=kms.chinancce.com | |
| if %i%==6 exit | |
| cscript //nologo c:\windows\system32\slmgr.vbs /skms %KMS_Sev% >nul | |
| cscript //nologo c:\windows\system32\slmgr.vbs /ato | find /i "successfully" && (echo.& echo ************************************ & echo. & choice /n /c YN /m "Do you want to restart your PC now [Y,N]?" & if errorlevel 2 exit) || (echo The connection to the server failed! Trying to connect to another one... & echo Please wait... & echo. & echo. & set /a i+=1 & goto server) | |
| shutdown.exe /r /t 00 |
thankyou a lot .
Not working for me. its shuts down everytime after 4 line of server filed written line, it doesn't show the usual "shut down y/n" message. the water mark disappears but after some time probably 2 to3 hours later the water mark appears again.
my system is Windows 10 Enterprise Version 22H2.
don't know if its only me or what.
It seemed to keep saying "failed to connect to the server."
Yes, I ran it as an admin.
While I.m about to excute it all I does I blinks the file then no cmd screen displays help
March 2023, Still works.
- save txt file as .bat
- Run as admin
- press enter when CMD opens
- wait for batch to finish running
- restart computer
Same problem as @Adeelaman.
https://msguides.com/windows-11#:~:text=%40echo%20off%0Atitle,halt%0Apause%20%3Enul works.
Thanks man this one worked for me. Even though it was for win 11 my win 10 pc is showing its activated..
Don us it it downloads (Trojan:Win32/Skeeyah.A!MTB). This trojan scam malware beware!!!!!!!!!!!!!!!!!!!!
@Abzelite, per what? Do you have an AV report you can share?
Per https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, @Abzelite is potentially correct – https://www.quora.com/Is-KMS-Activator-a-virus-program-malware/answer/Lonnie-King-Jr-1 explains more.
GitHub is investigating as of 20230502T170936+0100.
This is insecure.. It changes the servers to malicious servers (as example: https://www.chinancce.com/, it will show insecure certificate) which is obviously not microsoft servers so dont use it and report it to github. Thanks for taking your time and not falling to this.
does this still work?
@Simon1907, https://www.chinancce.com/ has a valid certificate currently. However, whether it did or not wouldn't be a useful distinction anyway, since unless you're going to operate your own KMS server, external (and thus fundamentally untrusted due to their illegality) servers are choices available. Note that it's https://www.kms.chinancce.com/ that is used in the script.
Although https://adsecurity.org/?p=284 demonstrates that installation of the KMS opens a port, I'd hope that it can only accept very basic data, and thus shouldn't generate vulnerability. Anyone wanna bother asking on Quora etc. for us?
ITS A MALWARE. YOU WILL BE LISTED AS A VICTIM ON DARK NET. DON'T USE THIS. ITS A MALWARE. IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, , IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE
YOU WILL BE LISTED AS A VICTIM ON DARK NET.
You're making stuff up. Don't just espouse what seems correct when you've obviously little understanding of this kind of stuff. We can't even be certain that it's malware, since none of us here are knowledgeable enough to identify the patterns that VirusTotal can.
Don't assume that someone has been malicious until you've very good evidence, even regarding code - chances are that the OP posted this because it worked for them.
However, more importantly than all of that, I doubt anyone wants to be notified for comments like yours, which are just copy-pasted CAPITAL LETTERS.
This is insecure.. It changes the servers to malicious servers (as example: https://www.chinancce.com/, it will show insecure certificate) which is obviously not microsoft servers so dont use it and report it to github. Thanks for taking your time and not falling to this.
Interestingly enough, since a small boy obsessed with c.s. I have found microsoft servers to be insecure and malicious (fundamentally as they are closed source) and hide my valuable information from the operating system itself via encryption of data drives. It has since turned into so much profit I think I was on to something. The KMS insecurity you speak of would manifest itself regardless as well as many closed source open bi directional (like KMS) microsoft ports vulnerabilities do.
does this still work?
Still working for me <3
@Abzelite, per what? Do you have an AV report you can share?Per https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, @Abzelite is potentially correct – https://www.quora.com/Is-KMS-Activator-a-virus-program-malware/answer/Lonnie-King-Jr-1 explains more.
GitHub is investigating as of 20230502T170936+0100.
Its really short code just search what every line does. Remembering microsoft is closed source. It does activate windows using their own protocols.
It's pretty useless to punch 26 lines of code into virustotal. You really should not trust AV's either for example the false positive you posted is expected, sometimes changing variable names will get rid of false positive (roflmao). I get that they are good for the masses in many ways but this is github just ask someone what the code does.
@ileathan, this code doesn't use Microsoft's KMS activation servers. That's literally its sole purpose – to change the KMS server and then verify against that. In truth, it could install a KMS server locally and then prompt localhost, but this is more guaranteed to work.
Also, you think too highly of yourself. Microsoft does not have bidirectional port vulnerabilities exploitable by the general public. That would be insane.
@ileathan, this code doesn't use Microsoft's KMS activation servers. That's literally its sole purpose – to change the KMS server and then verify against that. In truth, it could install a KMS server locally and then prompt
localhost, but this is more guaranteed to work.Also, you think too highly of yourself. Microsoft does not have bidirectional port vulnerabilities exploitable by the general public. That would be insane.
It is indeed using the official msft KMS protocol. The code above uses a remote server set with /skms %KMS_Sev%. And can be verified after with slmgr.vbs /dlv You could change it to any appropriate KMS server so long as it downloads the Microsoft expected licensing binary associated with the keypair you chose it will work. Also of course Microsoft has port vulnerabilities which are exploitable by the general public haha. It is closed source after all. Use a search engine if your curious.
Sorry if what I wrote was rude, it just honestly really is a bad idea to copy paste few lines of code into a AV like that you linked an expected false positive. What I wrote about how to trick AV's is true and is from personal experience I can explain more if you would like, but it is a bad idea unless I guess you have no way to read the code or any way to ask someone what it does.
it just honestly really is a bad idea to copy paste few lines of code into a AV
There's nothing better except hiring a developer, and even then, the virus definitions may well find patterns that they wouldn't.
The code above uses a remote server set with
/skms %KMS_Sev%
I know what a variable is. You obviously haven't read https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c#file-win10activation-txt to see how it's being used, though:
if %i%==1 set KMS_Sev=kms.shuax.com
if %i%==2 set KMS_Sev=NextLevel.uk.to
if %i%==3 set KMS_Sev=GuangPeng.uk.to
if %i%==4 set KMS_Sev=AlwaysSmile.uk.to
if %i%==5 set KMS_Sev=kms.chinancce.com
cscript //nologo c:\windows\system32\slmgr.vbs /skms %KMS_Sev% >nulThose are not Microsoft-owned domains. As previously stated, that's the entire point of this script – to disable the KMS client's ability to call home to Microsoft, at least during activation.
it just honestly really is a bad idea to copy paste few lines of code into a AV
There's nothing better except hiring a developer, and even then, the virus definitions may well find patterns that they wouldn't.
The code above uses a remote server set with
/skms %KMS_Sev%I know what a variable is. You obviously haven't read https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c#file-win10activation-txt to see how it's being used, though:
if %i%==1 set KMS_Sev=kms.shuax.com if %i%==2 set KMS_Sev=NextLevel.uk.to if %i%==3 set KMS_Sev=GuangPeng.uk.to if %i%==4 set KMS_Sev=AlwaysSmile.uk.to if %i%==5 set KMS_Sev=kms.chinancce.com cscript //nologo c:\windows\system32\slmgr.vbs /skms %KMS_Sev% >nulThose are not Microsoft-owned domains. As previously stated, that's the entire point of this script – to disable the KMS client's ability to call home to Microsoft, at least during activation.
It's being used to store the remote KMS server domain based on your respective keypair choice. A pattern that a AV finds can be something as illogical as a variable name and is obviously not trustworthy. I am going to drop this conversation. Also this does not disable any KMS client ability whatsoever either. It uses the official protocol/client. A official KMS server does also not need to be a official Microsoft server period a normal use case would imply the KMS host be running a msft server.
Lastly if you think Microsoft-owned domains are inherently safe then good luck haha.
If you think Microsoft-owned domains are inherently safe then good luck.
I've never said that. I don't think any of this script is safe – https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c?permalink_comment_id=4553318#gistcomment-4553318. I dunno what your obsession about Microsoft-owned domains is anyway, since you haven't yet informed me about how it's calling any of Microsoft's servers.
It's being used to pair your chosen key with its respective pair on a remote server.
Yeah – kms.shuax.com's.
A pattern that a AV finds can be something as illogical as a variable name and is obviously not trustworthy.
So look at the report logs: https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7. They're not as detailed as I'd like from a cursory evaluation, but I think we can agree that it correctly identified it as https://www.hybrid-analysis.com/search?query=vxfamily%3A%22Application.KMSTool%22, specifically Application.KMSTool.AH (https://forums.malwarebytes.com/topic/298199-what-is-applicationkmstoolah/).
Consequently, chances are that the rest of the diagnostics (which I've reviewed) are probably accurate. They're not mental things anyway – just GETs at places it probably shouldn't be invoking WebRequests from.
Sorry man I dropped the conversation. Its an expected false positive, go ask another programmer or be wrong and trust your AV.
To anyone else the script is safe and afaik is not even illegal albeit can be against tos.
@ileathan, I haven't insulted you. I've only had a technical discussion with ya. If you're willing to explain how I've wronged you (if you care) I'll be glad to apologize, but I doubt there's anything.
@ileathan, I haven't insulted you. I've only had a technical discussion with ya. If you're willing to explain how I've wronged you (if you care) I'll be glad to apologize, but I doubt there's anything.
I removed that bit although I did feel insulted. I just feel I am wasting my time. A Microsoft server AFAIK is the one that is by default suppose to negotiate the cryptographic signature that is happening in the background which is the point of KMS. I do not know anything about KMS because it is all closed source but I know very well the fundamentals of cryptographic signatures. The servers may obviously break tos but I think that is the point.
Pasting small bits of code like that into virus total which scans it with every AV is totally useless. When I was programming web miners for my website changing a variable name would get rid of of those false positives (simply because those AV's were targeting monero's variable names [totally illogical]). They are often times not logical but political and to this date monero is flagged as a virus. In your case it is not a variable name triggering it but merely that KMS was called is my guess. It really is an expected false positive.
And as far as your operating system is concerned everything going on is using the official client, protocol, and server. For example you can hot swap that domain in the code to any other KMS host (associated with your key) so a enterprise key would need an enterprise kms server.
In your case it is not a variable name triggering it but merely the fact that its a batch file
Actually, it's not a .bat file. It's been uploaded as a https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c/raw/0825bf9f1c64931542e4afa3b47b64e415fb8149/Win10Activation.txt file. This fooled https://www.hybrid-analysis.com/sample/464c5827868056036ba9aa8d396cec4fd144cf5886d337807950b94f1dc0f1e8, but didn't fool https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, which reocgnized it as Application.KMSTool.AH .
That's not an inherently dangerous file-type. It merely designates it as a KMS script, so I'm not sure why we're discussing AV false positives here.
And as far as your operating system is concerned everything going on is using the official client and protocol. For example you can hot swap that domain in the code to any other KMS host (associated with your keypair) so a enterprise key would need an enterprise kms server.
Yeah! So it's not calling Microsoft! Reverse-engineering the KMS protocol was completed about a decade ago, so there's no need for *live.com or *microsoft.com to be involved. If there was a need for a cryptographic signature using the same technology as gpg, we wouldn't be able to fool Windows's internal KMS client.
is it safe