Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Violate-Defender #220

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

Damaged-Justice
Copy link

FOR EDUCATIONAL PURPOSES ONLY

This is a simple DuckyScript that has been tested on the O.MG cable. it is designed to create a rule expection to a folder usering powershell to circumvent Windows Defender. this may only work if the user/target in quesiton has elevated rights to run a cmd/powershell prompt as Administrator. the script will use the curl command and download a file from your attacker machine and place it into a created folder of your choice while applying the execption to that folder.

### FOR EDUCATIONAL PURPOSES ONLY ####  
This is a simple DuckyScript that has been tested on the O.MG cable. it is designed to create a rule expection to a folder usering powershell to circumvent Windows Defender. this may only work if the user/target in quesiton has elevated rights to run a cmd/powershell prompt as Administrator. the script will use the curl command and download a file from your attacker machine and place it into a  created folder of your choice while applying the execption to that folder.
@Damaged-Justice Damaged-Justice changed the title Create Violate-Defender Violate-Defender Jan 2, 2024
@kalanihelekunihi
Copy link
Collaborator

Would you mind adding a readme to this, so other users know how to use?

Also, as a general suggestion, there are commands like DEFAULT_DELAY 200, which you could use to get the same effect as you have in your script, while making it cleaner and more maintainable. Same with things like REPEAT TAB 5, or STRINGLN powershell which will automatically append the ENTER for you. Finally, as a best practice thing, generally you should use a variable via DEFINE #IPADDRESS x.x.x.x at the top of your file, and then call via #IPADDRESS later to substitute the value. This makes it more clear and obvious to an end user what they need to modify to make it work.

If you add the README, I will get this approved.
The other stuff would definitely be nice to have though.

@Damaged-Justice
Copy link
Author

Damaged-Justice commented May 24, 2024 via email

@Damaged-Justice
Copy link
Author

Damaged-Justice commented May 24, 2024 via email

@Damaged-Justice
Copy link
Author

Would you mind adding a readme to this, so other users know how to use?

Also, as a general suggestion, there are commands like DEFAULT_DELAY 200, which you could use to get the same effect as you have in your script, while making it cleaner and more maintainable. Same with things like REPEAT TAB 5, or STRINGLN powershell which will automatically append the ENTER for you. Finally, as a best practice thing, generally you should use a variable via DEFINE #IPADDRESS x.x.x.x at the top of your file, and then call via #IPADDRESS later to substitute the value. This makes it more clear and obvious to an end user what they need to modify to make it work.

If you add the README, I will get this approved. The other stuff would definitely be nice to have though.

@kalanihelekunihi
Copy link
Collaborator

I am not seeing the readme, only the file: payloads/library/remote_access/Violate-Defender which is your DuckyScript payload.

Might this only be in your local branch and not in the pull request itself?

@kalanihelekunihi
Copy link
Collaborator

I was taking a look at your branch: Damaged-Justice@c188292

It appears that you only created the payload itself, and then added what normally would be a README to the Commit Message.

Unfortunately, as soon as that's merged, that doc becomes mostly unreadable to other people.

Let's do this:
1: Create a folder called payloads/library/remote_access/Violate-Defender
2: Move your payload file from payloads/library/remote_access/Violate-Defender to payloads/library/remote_access/Violate-Defender/payload.txt
3: Create a text file called readme.txt, and paste the contents from your Git Commit Message, copied below for convenience:

Create Violate-Defender

FOR EDUCATIONAL PURPOSES ONLY

This is a simple DuckyScript that has been tested on the O.MG cable. it is designed to create a rule expection to a folder usering powershell to circumvent Windows Defender. this may only work if the user/target in quesiton has elevated rights to run a cmd/powershell prompt as Administrator. the script will use the curl command and download a file from your attacker machine and place it into a created folder of your choice while applying the execption to that folder.

That should address the minimum stuff I'd need to merge it.

@Damaged-Justice
Copy link
Author

@kalanihelekunihi Good morning, i was able to create a new branch within the o.mg payload dir under the main Hak5 repo, i create my own branch as i didnt wanna overwrite or surpass anyone elses additions to the master branch. i also re-added the README as specified. i will make technical updates to the payload when i have more time to make changes. thanks for the help @kalanihelekunihi

@kalanihelekunihi
Copy link
Collaborator

Yep, I see that on your repo. But you’ve not yet updated the pull request with those changes. As soon as you do, I will get this approved. You can always update or expand upon things in the future.

Copy link
Author

@Damaged-Justice Damaged-Justice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This script will work on other hak5 gadgets, but some modifications to the payload may be needed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants