From 937f1c46ae59ad7939a96c261309b9b1f2c7faa8 Mon Sep 17 00:00:00 2001 From: salt-or-ester <133813929+salt-or-ester@users.noreply.github.com> Date: Fri, 13 Sep 2024 19:19:16 -0700 Subject: [PATCH] NOPs removed, formatting and header best practices --- .../execution/bypass-buddy/bypass-buddy.txt | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/payloads/library/execution/bypass-buddy/bypass-buddy.txt b/payloads/library/execution/bypass-buddy/bypass-buddy.txt index 7b7f9e0..466acfa 100644 --- a/payloads/library/execution/bypass-buddy/bypass-buddy.txt +++ b/payloads/library/execution/bypass-buddy/bypass-buddy.txt @@ -1,25 +1,25 @@ REM_BLOCK - Title: The Bypass Buddy + Title: The Bypass Buddy Author: salt-or-ester | salt-or-ester@protonmail.com | https://gitgud.io/saltorester Description: Evade Windows Script Execution Policy Target: Windows 11 - Device: O.MG Plug | https://hak5.org/products/omg-plug + Device: O.MG Plug | https://hak5.org/products/omg-plug Version: 1.1 Category: Execution - Tested on: O.MG Plug Elite, Windows 11 - Will likely work on other devices and Windows flavors - - The Bypass Buddy implements a method to evade Windows script execution - policy protections. - - The approach involves downloading a Powershell script into memory (not disk), - and running it on-the-fly. - - This can be accomplished without administrative rights. + Tested on: O.MG Plug Elite, Windows 11 + Will likely work on other devices and Windows flavors + + The Bypass Buddy implements a method to evade Windows script execution + policy protections. + + The approach involves downloading a Powershell script into memory (not disk), + and running it on-the-fly. + + This can be accomplished without administrative rights. END_REM -REM Formatting is 'untabbed' to comply with O.MG Editor/UI +REM Formatting is not indented to comply with O.MG Editor/UI FUNCTION EVADE_SCRIPT_EXECUTION_POLICY() REM Normally I would add this below the header, as it's a constant, but moving it here for portability REM Payload to download and run in memory