-
Notifications
You must be signed in to change notification settings - Fork 206
Expand file tree
/
Copy pathLogonAutostartExecutionRegistryRunKeys.ps1
More file actions
60 lines (46 loc) · 2.44 KB
/
Copy pathLogonAutostartExecutionRegistryRunKeys.ps1
File metadata and controls
60 lines (46 loc) · 2.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
$global:version = "1.0.0"
$ascii = @"
.____ .__ .____ ___. _________ __
| | ____ ____ _____ | | | | _____ \_ |__ / _____/ _____/ |_ __ ________
| | / _ \_/ ___\\__ \ | | ______ | | \__ \ | __ \ \_____ \_/ __ \ __\ | \____ \
| |__( <_> ) \___ / __ \| |__ /_____/ | |___ / __ \| \_\ \/ \ ___/| | | | / |_> >
|_______ \____/ \___ >____ /____/ |_______ (____ /___ /_______ /\___ >__| |____/| __/
\/ \/ \/ \/ \/ \/ \/ \/ |__|
~ Created with <3 by @nickvourd
~ Version: $global:version
~ Type: LogonAutostartExecutionRegistryRunKeys
"@
Write-Host $ascii`n
# Set the path for the NickvourdSrv folder
$folderPath = "C:\Program Files\NickvourdSrv"
# Create the folder if it doesn't exist
if (-not (Test-Path $folderPath)) {
New-Item -Path $folderPath -ItemType Directory | Out-Null
Write-Host "[+] Folder created successfully at $folderPath`n"
} else {
Write-Host "[+] Folder already exists at $folderPath`n"
}
# Set the path for the file to be moved
$filePath = "C:\Program Files\NickvourdSrv\NCV_AMD64.exe"
# Download binary file
$url = "https://github.com/nickvourd/Windows-Local-Privilege-Escalation-Cookbook/raw/master/Lab-Setup-Binary/NCV_ADM64.exe"
Invoke-WebRequest -Uri $url -OutFile $filePath
# Add permission for all built-in users to FullControl to the NickvourdSrv folder
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Users", "FullControl", "Allow")
$acl = Get-Acl $folderPath
$acl.SetAccessRule($rule)
Set-Acl -Path $folderPath -AclObject $acl
Write-Host "`n[+] Permission has been granted to all built-in users to full control to $folderPath`n"
$keyPath = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Run'
$valueName = 'NickvourdSrv'
# Check if the registry key exists
if (-not (Test-Path $keyPath)) {
# Create the registry key if it doesn't exist
New-Item -Path $keyPath -Force
Write-Output "`n[+] The registry key '$keyPath' has been created."
} else {
Write-Output "`n[+] The registry key '$keyPath' already exists."
}
# Create the new String Value under the registry key
New-ItemProperty -Path $keyPath -Name $valueName -Value $filePath -PropertyType String -Force
Write-Output "`n[+] The '$valueName' String Value with data '$filePath' has been created under '$keyPath'."