Violate-Defender #220
Violate-Defender #220
Conversation
### FOR EDUCATIONAL PURPOSES ONLY #### This is a simple DuckyScript that has been tested on the O.MG cable. it is designed to create a rule expection to a folder usering powershell to circumvent Windows Defender. this may only work if the user/target in quesiton has elevated rights to run a cmd/powershell prompt as Administrator. the script will use the curl command and download a file from your attacker machine and place it into a created folder of your choice while applying the execption to that folder.
|
Would you mind adding a readme to this, so other users know how to use? Also, as a general suggestion, there are commands like If you add the README, I will get this approved. |
|
Good afternoon ! Thank you for the feedback I would be more than happy to address the topics you’ve laid out here and will get to work right away, please allow me a few days or so as I am in the middle of moving to a new state, I will be more than happy to address these comments. Thank you for taking the steps to get this approved for me! On May 24, 2024, at 3:01 PM, Kalani Helekunihi ***@***.***> wrote:
Would you mind adding a readme to this, so other users know how to use?
Also, as a general suggestion, there are commands like DEFAULT_DELAY 200, which you could use to get the same effect as you have in your script, while making it cleaner and more maintainable. Same with things like REPEAT TAB 5, or STRINGLN powershell which will automatically append the ENTER for you. Finally, as a best practice thing, generally you should use a variable via DEFINE #IPADDRESS x.x.x.x at the top of your file, and then call via #IPADDRESS later to substitute the value. This makes it more clear and obvious to an end user what they need to modify to make it work.
If you add the README, I will get this approved.
The other stuff would definitely be nice to have though.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
Update, I’m currently on my GitHub page and I do have a read me file, how much more comprehensive would you like me to be for this script in particular ? Just so I know what direction to take and limit the amount of word-fu On May 24, 2024, at 3:42 PM, Tyler Day ***@***.***> wrote:Good afternoon ! Thank you for the feedback I would be more than happy to address the topics you’ve laid out here and will get to work right away, please allow me a few days or so as I am in the middle of moving to a new state, I will be more than happy to address these comments. Thank you for taking the steps to get this approved for me! On May 24, 2024, at 3:01 PM, Kalani Helekunihi ***@***.***> wrote:
Would you mind adding a readme to this, so other users know how to use?
Also, as a general suggestion, there are commands like DEFAULT_DELAY 200, which you could use to get the same effect as you have in your script, while making it cleaner and more maintainable. Same with things like REPEAT TAB 5, or STRINGLN powershell which will automatically append the ENTER for you. Finally, as a best practice thing, generally you should use a variable via DEFINE #IPADDRESS x.x.x.x at the top of your file, and then call via #IPADDRESS later to substitute the value. This makes it more clear and obvious to an end user what they need to modify to make it work.
If you add the README, I will get this approved.
The other stuff would definitely be nice to have though.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
|
I am not seeing the readme, only the file: Might this only be in your local branch and not in the pull request itself? |
|
I was taking a look at your branch: Damaged-Justice@c188292 It appears that you only created the payload itself, and then added what normally would be a README to the Commit Message. Unfortunately, as soon as that's merged, that doc becomes mostly unreadable to other people. Let's do this: Create Violate-Defender FOR EDUCATIONAL PURPOSES ONLYThis is a simple DuckyScript that has been tested on the O.MG cable. it is designed to create a rule expection to a folder usering powershell to circumvent Windows Defender. this may only work if the user/target in quesiton has elevated rights to run a cmd/powershell prompt as Administrator. the script will use the curl command and download a file from your attacker machine and place it into a created folder of your choice while applying the execption to that folder. That should address the minimum stuff I'd need to merge it. |
|
@kalanihelekunihi Good morning, i was able to create a new branch within the o.mg payload dir under the main Hak5 repo, i create my own branch as i didnt wanna overwrite or surpass anyone elses additions to the master branch. i also re-added the README as specified. i will make technical updates to the payload when i have more time to make changes. thanks for the help @kalanihelekunihi |
|
Yep, I see that on your repo. But you’ve not yet updated the pull request with those changes. As soon as you do, I will get this approved. You can always update or expand upon things in the future. |
FOR EDUCATIONAL PURPOSES ONLY
This is a simple DuckyScript that has been tested on the O.MG cable. it is designed to create a rule expection to a folder usering powershell to circumvent Windows Defender. this may only work if the user/target in quesiton has elevated rights to run a cmd/powershell prompt as Administrator. the script will use the curl command and download a file from your attacker machine and place it into a created folder of your choice while applying the execption to that folder.