Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #
- # This script does simple things but oh so well :)
- # @Author: Mr.Rebel
- #
- #Set-ExecutionPolicy RemoteSigned
- #./MpCmdRun.exe -Scan -ScanType 2
- #https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus
- echo "*************************************"
- echo "RUNNING FOR BOX: $box"
- echo "*************************************"
- function build_wall{
- #while(1){
- echo "Putting old rules into rules.txt!!!!"
- Get-NetFirewallRule | Out-File -FilePath .\rules.txt -NoClobber
- echo "Restoring firewall rules to default"
- netsh advfirewall reset
- netsh advfirewall set allprofiles state on
- netsh advfirewall firewall delete rule name=all
- netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound
- #Remove-NetFirewallRule -All
- echo "*****************************"
- echo "BUILDING WALL"
- echo "*****************************"
- for($num = 21; $num -lt 2000; $num++){
- #depending on box we don't want to block certain ports
- if($num -eq 80 -OR $num -eq 443 -OR $num -eq 53 -OR $num -eq 514){
- continue
- }
- echo "Blocking port + $num"
- echo "Blocking TCP"
- netsh advfirewall firewall add rule name="Blocktcp_in + $num" protocol=TCP dir=in localport=$num action=block
- netsh advfirewall firewall add rule name="Blocktcp_out + $num" protocol=TCP dir=out localport=$num action=block
- echo "Blocking UDP"
- netsh advfirewall firewall add rule name="Blocktcp_in + $num" protocol=UDP dir=in localport=$num action=block
- netsh advfirewall firewall add rule name="Blocktcp_out + $num" protocol=UDP dir=out localport=$num action=block
- }
- #Sleep for 180 seconds before running again
- #Start-Sleep -s 180
- #}
- }
- function stop_process{
- echo "Dummping running processes into proccess.txt"
- tasklist | Out-File "processes.txt"
- $tasklist = tasklist.exe
- $tasklist = $tasklist.Split(" ")
- $truetaskList = @()
- ForEach($task in $tasklist){
- if (($task -match '.exe' -OR -$task -match '.py' -OR $task -match '.ps1') -and -Not($truetaskList.Contains($task)) -and -Not($task -match 'powershell')){
- $truetaskList += $task
- }
- }
- ForEach($task in $truetaskList){
- Try{
- $truetask = $task.Substring(0,$task.Length-4)
- if($truetask -eq "powershell.exe" -OR $truetask -eq "turnoff.ps1"){
- continue
- }
- echo "Stopping: $truetask"
- Stop-Process -Name $truetask
- }
- Catch{
- continue
- }
- }
- }
- function change_users{
- $Accounts = Get-WmiObject -Class Win32_UserAccount -filter "LocalAccount = True"
- $ListUsers = @()
- $currentuser = $env:USERNAME
- $Accounts = $Accounts -split ' '
- ForEach($account in $Accounts){
- $stringAccount = [string]$account -split '"'
- for($i = 0; $i -lt $stringAccount.Count; $i+=1){
- if ($i -eq 3){
- $user = $stringAccount[$i]
- $ListUsers += $user
- }
- }
- }
- #Disable-LocalUser -Name $username
- $Password = (ConvertTo-SecureString -AsPlainText "TenToesDownForLife$10!" -Force)
- ForEach($user in $ListUsers){
- Try{
- echo "Changing password for User: $user"
- $User | Set-LocalUser -Password $Password
- echo "Successfully changed password for $User"
- }
- Catch{
- $string_err = $_ | Out-String
- echo $string_err
- continue
- }
- }
- }
- function scan{
- echo "Starting quick scan!!!!!!!"
- Try{
- Set-MpPreference -ScanParameters 2 -ScanScheduleDay 0 -ScanScheduleQuickScanTime 1 -UnknownThreatDefaultAction "Quarantine" -SevereThreatDefaultAction "Quarantine" -HighThreatDefaultAction "Quarantine" -LowThreatDefaultAction "Quarantine" -ModerateThreatDefaultAction "Quarantine" -CheckForSignaturesBeforeRunningScan 1 -DisableRealtimeMonitoring 0
- Start-MpScan -ThrottleLimit 0 -ScanType 1
- echo "Sleeping for 30 seconds then running full scan!"
- Start-Sleep 30
- Start-MpScan -ThrottleLimit 0 -ScanType 2
- }
- Catch{
- Try{
- C:\"Program Files"\"Windows Defender"\MpCmdRun.exe -Scan -ScanType 1
- echo "Sleeping for 60 seconds then running full scan!"
- Start-Sleep 30
- C:\"Program Files"\"Windows Defender"\MpCmdRun.exe -Scan -ScanType 2
- }
- Catch{
- $string_err = $_ | Out-String
- echo $string_err
- }
- }
- }
- function dump_tasks{
- echo "Putting scheduledtasks into tasks.txt"
- Get-ScheduledTask | Out-File "tasks.txt"
- echo "Putting scheduledtask information into tasksinfo.txt"
- Get-ScheduledTask | Get-ScheduledTaskInfo | Out-File "tasksinfo.txt"
- }
- function main{
- Clear
- #$UserAccount = Get-LocalUser -Name "Administrator"
- # Disable SMB if not scored service!
- Try{
- echo "Disabling SMB1"
- Disable-WindowsOptionalFeature -Online -FeatureName 'SMB1Protocol' -ErrorAction SilentlyContinue -WarningAction SilentlyContinue -NoRestart | Out-Null
- echo "Disabling SMB2"
- Set-SmbServerConfiguration -EnableSMB2Protocol $false
- echo "Disabling SMB3"
- Set-SmbServerConfiguration -EnableSMB3Protocol $false
- }
- Catch{
- $string_err = $_ | Out-String
- echo $string_err
- }
- }
- echo "Disabling RDP!!!"
- try{
- Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0
- echo "RDP Disabled"
- }
- Catch{
- $string_err = $_ | Out-String
- echo $string_err
- }
- }
- # set mp preferences
- # set environment policy and rerun script!!!
- echo "Setting lockdown policy"
- Try{
- [Environment]::SetEnvironmentVariable('__PSLockdownPolicy', '4', 'Machine')
- }
- Catch{
- $string_err = $_ | Out-String
- echo $string_err
- }
- dump_tasks
- change_users
- stop_process
- build_wall
- scan
- }
- main
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement