"Microsoft Windows" SMB Backdoor

Download Copy
Title: "Microsoft Windows" SMB Backdoor
Author: TW-D

Adds a user account (RD_User:RD_P@ssW0rD). Adds this local user to local administrator group. Shares "C:" directory (RD_SHARE). Adds a rule to the firewall. Sets a value to "LocalAccountTokenFilterPolicy" to access the "C:" with a local account. Hides this user account.

There are many forms of remote access which may be used by different actors for various purposes. A red team may use remote access techniques that provide persistent access to an exploited target for the purposes of reconnaissance and lateral movement across the network. A systems administrator may use remote access to perform day to day operations on a network accessible computer. An array of techniques exist to obtain and maintain remote access across a network, including using a command and control server such as Cloud C². Common remote access techniques include reverse shells and may employ obfuscation techniques to mask the connection. See all remote access payloads.

This payload is for the USB Rubber Ducky — a "flash drive" that types keystroke injection payloads into unsuspecting computers at incredible speeds. It's no wonder this little quacker has made appearances on Mr. Robot, FBI, Blacklist, National Geography and more!

Submit your own payload, or browse more featured USB Rubber Ducky Payloads.

 

 

Related Payloads

Tree Structure Of The Operating System
Tree Structure Of The Operating System
This script allows the exfiltration of the structure of the files contained in a machine, through the use of the tree co
Read More
MacDocsExfill
MacDocsExfill
Exfilter all the images from the principal folders on unlocked MacOS targets. Stashes them in /loot/MacDocsExfill
Read More
Stop A Single Process In Windows
Stop A Single Process In Windows
This script can be used to quickly stop an active process on a windows machine. This script open the Task Manager app,
Read More