A quickly script for Rubber Ducky to disable w10 defender on large scale
In my activities as a technician I have to format many computers during the month, and as many refuse to buy the license
i have to use a lot of crack (although I do not recommend every time, but the money they pull at the time ...).
Since the windows 10 defenses are slightly improved compared to the previous ones
(even if it is still punctured like a colander ...),
I had the need to write a quick rubber ducky script that would disable Windows Defender on windows 10 platforms (the more installed system in our time).
I have also added an additional script that reports UAC and windows defender to the recommended settings. The Scripts are two: Killer and Healer, the first disables and the second of course rehabilitates everything.
As you can see in the first script I set first the initial delay to 2000 ms, but I suggest to increase up to 5000/10000 ms according to the victimized computer, the more powerful the computer is and the less it will read the DUCKY drivers when it comes attached to the victim computer for the first time.
After disabling the UAC control, note that I have used only commands that disable the various functions from interface GUAR, and without closing the final window this to allow you to see if the script worked even if you were not careful ....
Once disabled The UAC was enough to type the string "virus pro" in the windows bar, I chose "virus pro" as it can work both with my native language (protezione virus) and in English (virus protection) thus making it multilingual script, also because in Italy it is so much whether these things affect 100 people ....
DELAY 2000
REM first disable UAC
CONTROL ESCAPE
DELAY 200
STRING uac
DELAY 200
ENTER
DELAY 200
DOWNARROW
DELAY 200
DOWNARROW
DELAY 200
DOWNARROW
DELAY 200
TAB
DELAY 200
ENTER
DELAY 200
LEFT
DELAY 200
ENTER
DELAY 200
REM it's time to disable the fuckin' defender....
CONTROL ESCAPE
DELAY 200
STRING virus pro
DELAY 200
ENTER
DELAY 200
TAB
DELAY 200
TAB
DELAY 200
TAB
DELAY 200
TAB
DELAY 200
ENTER
DELAY 200
SPACE
DELAY 200
TAB
DELAY 200
SPACE
DELAY 200
TAB
DELAY 200
TAB
DELAY 200
SPACE
The second script instead rehabilitates the UAC first and then takes care of Windows Defender, in this case I chose to close the window to have no further action to do, so if the script does not work will remain locked on a random window ...
DELAY 2000
REM first enable the fuckin' defender....
CONTROL ESCAPE
DELAY 200
STRING virus pro
DELAY 200
ENTER
DELAY 200
TAB
DELAY 200
TAB
DELAY 200
TAB
DELAY 200
ENTER
DELAY 200
SPACE
DELAY 200
TAB
DELAY 200
TAB
DELAY 200
SPACE
DELAY 200
TAB
DELAY 200
TAB
DELAY 200
TAB
DELAY 200
SPACE
DELAY 200
REM alt f4 close the window
ALT F4
REM it's time to enable UAC
CONTROL ESCAPE
DELAY 200
STRING uac
DELAY 200
ENTER
DELAY 200
TAB
DELAY 200
UPARROW
DELAY 200
UPARROW
DELAY 200
TAB
DELAY 200
ENTER
1803 (latest oct. 2018)
Click on the image below to see the video demonstration of the scripts.
This fast script can be very useful in cases like the one explained above.
The script is not particularly short, this because I did not feel the need, and it is not even hidden, but as I said also this was done on purpose, so as to allow you to see the screen and understand so if the script worked, as it is not a script dedicated to attacks but serves a specific purpose.
The two inject.bin files were created specifically for Italian keyboards, if you have other keyboards you can copy the script and use the ducktoolkit https://ducktoolkit.com/encoder/ to create a binary file for your keyboard.