adil
/
DigiSpark-Payloads
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
DigiSpark-Payloads/payloads/PayLoad Dropper
History
Muhammad Talha Khan 302a2cef69
Update README.md 		2020-05-03 13:49:33 +05:00
..
Payload_dropper.ino Create Payload_dropper.ino 2020-04-05 17:18:32 +05:00
README.md Update README.md 2020-05-03 13:49:33 +05:00
Remote_PS_Exec.ino Create Remote_PS_Exec.ino 2020-05-03 13:46:10 +05:00

README.md

Payload Dropper

Description:

A simple script which downloads file from internet and execute the downloaded file.

1. PayLoad_Dropper.ino:
Starts run window and dump the whole payload string and execute it which downloads and execute the file after placing it on Desktop.

2. Remote_PS_Exec.ino:
Execute powershell script placed in a remote location. Following script uses MS16-032 local windows exploit to escalate privileges.

Tested on:

OS: Windows 10 Pro
User: Normal/Admin
Hardware: ATtiny85 (Chinese)

Requirements:

Internet Access

Screenshot

Fun Fact:

During creating this i found out that my antivirus was not allowing powershell -command invoke-item $env:UserProfile\desktop\catz.jpeg to execute through RUN. Which i bypassed with powershell -command i'n'vo'k'e-it'e'm $env:UserProfile\desktop\catz.jpeg a very common method used by malware.