mirror of https://github.com/hak5/omg-payloads.git
NOPs removed, formatting and header best practices
parent
52e0b4fa1b
commit
937f1c46ae
|
@ -1,25 +1,25 @@
|
|||
REM_BLOCK
|
||||
Title: The Bypass Buddy
|
||||
Title: The Bypass Buddy
|
||||
Author: salt-or-ester | salt-or-ester@protonmail.com | https://gitgud.io/saltorester
|
||||
Description: Evade Windows Script Execution Policy
|
||||
Target: Windows 11
|
||||
Device: O.MG Plug | https://hak5.org/products/omg-plug
|
||||
Device: O.MG Plug | https://hak5.org/products/omg-plug
|
||||
Version: 1.1
|
||||
Category: Execution
|
||||
|
||||
Tested on: O.MG Plug Elite, Windows 11
|
||||
Will likely work on other devices and Windows flavors
|
||||
Tested on: O.MG Plug Elite, Windows 11
|
||||
Will likely work on other devices and Windows flavors
|
||||
|
||||
The Bypass Buddy implements a method to evade Windows script execution
|
||||
policy protections.
|
||||
The Bypass Buddy implements a method to evade Windows script execution
|
||||
policy protections.
|
||||
|
||||
The approach involves downloading a Powershell script into memory (not disk),
|
||||
and running it on-the-fly.
|
||||
The approach involves downloading a Powershell script into memory (not disk),
|
||||
and running it on-the-fly.
|
||||
|
||||
This can be accomplished without administrative rights.
|
||||
This can be accomplished without administrative rights.
|
||||
END_REM
|
||||
|
||||
REM Formatting is 'untabbed' to comply with O.MG Editor/UI
|
||||
REM Formatting is not indented to comply with O.MG Editor/UI
|
||||
FUNCTION EVADE_SCRIPT_EXECUTION_POLICY()
|
||||
REM Normally I would add this below the header, as it's a constant, but moving it here for portability
|
||||
REM Payload to download and run in memory
|
||||
|
|
Loading…
Reference in New Issue