hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/credentials/win_problemstepsrecorder
History
TW-D 5e95ba3d40
Add Win_ProblemStepsRecorder (#488) 
Abuse of "Windows Problem Steps Recorder" to spy on a user's activities.
 		2022-01-28 11:53:24 -06:00
..
README.md Add Win_ProblemStepsRecorder (#488) 2022-01-28 11:53:24 -06:00
payload.ps1 Add Win_ProblemStepsRecorder (#488) 2022-01-28 11:53:24 -06:00
payload.txt Add Win_ProblemStepsRecorder (#488) 2022-01-28 11:53:24 -06:00

README.md

"Microsoft Windows" Problem Steps Recorder

  • Title: Win_ProblemStepsRecorder
  • Author: TW-D
  • Version: 1.0
  • Target: Microsoft Windows
  • Category: Credentials

Description

  1. Partially avoids "PowerShell Script Block Logging".
  2. Closing of all windows.
  3. Hide "PowerShell" window.
  4. Abuse of "Windows Problem Steps Recorder" to spy on a user's activities.
  5. Writes the file system cache to disk.
  6. Safely eject.

Configuration

From "payload.txt" change the values of the following constants :


######## INITIALIZATION ########

readonly BB_LABEL="BashBunny"
readonly RECORDER_TIME=300