russianmonk

Hey guy, Sorry for the slooooowwwww reply. I'll take a look at this soon and do some more testing. Been pretty busy lately. It's such a fun script though :)

Malwarebytes and MS Security Essentials couldn't find anything on my computer.

Well I wanted to make the original Reverse Shell script a little more useful for "remote administration". I wrote a batch file of this a while ago so I figured I would use it on the ducky....worked perfect. Basically it makes it so the file is in \windows\system32 and makes it run at startup. It first creates runwinupdate.vbs (this allows the command to start the remote program at boot in a hidden cmd window). Next it creates a reg key that runs the vbs script on boot. Then it deleted the reg file after adding it to the registry. Next it creates the winupdate.bat which has the command to run the remote program at start. (I also renamed the remote.exe to adobe.exe...little more sneaky). At the bottom of the code I put a little "cleanup" bat file code. Makes it easier if you are testing it instead of having to delete everything one by one. Any questions or suggestion let me know! ***If this description doesn't make sense sorry....im tired*** Cleanup Run this in a bat file if you wanna clean up the files @echo off del c:\windows\system32\adobe.exe del c:\windows\system32\winupdate.bat del c:\windows\system32\runwinupdate.bat del c:\windows\system32\runwinupdate.vbs reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v windowsupdates pause