AutoRDPwn v4.8 – The Shadow Attack Framework

AutoRDPwn v4.8 - The Shadow Attack Framework

AutoRDPwn is a script created in Powershell and designed to automate the Shadow assault on Microsoft Windows computer systems. This vulnerability permits a distant attacker to view his sufferer’s desktop with out his consent, and even management it on request. For its right operation, it’s essential to adjust to the necessities described within the person information.

Powershell 4.Zero or greater


Version 4.8
• Compatibility with Powershell 4.0
• Automatic copy of the content material to the clipboard (passwords, hashes, dumps, and so on.)
• Automatic exclusion in Windows Defender (Four completely different strategies)
• Remote execution with out password for PSexec, WMI and Invoke-Command
• New obtainable assault: DCOM Passwordless Execution
• New obtainable module:
Remote Access / Metasploit Web Delivery
• New module obtainable: Remote VNC Server (designed for legacy environments)
• Autocomplete the host, person and password fields by urgent Enter
• It is now doable to run the device with out administrator privileges with the -noadmin parameter
*The remainder of the modifications will be consulted within the CHANGELOG file

This utility can be utilized regionally, remotely or to pivot between computer systems. Thanks to the extra modules, it’s doable to dump hashes and passwords, get hold of a distant shell, add and obtain information and even get well the historical past of RDP connections or passwords of wi-fi networks.
One line execution:
powershell -ep bypass “cd $env:temp ; iwr -outfile AutoRDPwn.ps1 ; .AutoRDPwn.ps1″
The detailed information of use will be discovered on the following hyperlink:


Credits and Acknowledgments
Mark Russinovich for his device PsExec ->
HarmJ0y & Matt Graeber for his script Get-System ->
Stas’M Corp. for its RDP device Wrapper ->
Kevin Robertson for his script Invoke-TheHash ->
Benjamin Delpy for his device Mimikatz ->
Halil Dalabasmaz for his script Invoke-Phant0m ->

This software program doesn’t provide any form of assure. Its use is unique for instructional environments and / or safety audits with the corresponding consent of the consumer. I’m not accountable for its misuse or for any doable harm brought on by it.
For extra info, you may contact by means of [email protected]


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.