Difference between revisions of "Goose Desktop"

Purpose

One of my users complained their computer was cursed.

Setup

• Download the files, place on network share.
• Either sign the powershell script, or be bad and disable protections

new-pssession -computername <remote computer> | enter-pssession
new-Itemproperty -Path 'HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' -Name 'ExecutionPolicy' -Value 'Bypass' -PropertyType 'string

• Create scheduled task on the target system to run the following when the target user logs in.

    <Exec>
      <Command>powershell</Command>
      <Arguments>-windowstyle hidden -f '\\<network share>\goose.ps1'</Arguments>
    </Exec>

• Create goose.ps1

$path1='\\<network share>'
sleep5
while ($true) {
    if (test-path "$path1\on.txt") {
        if (!(Get-process -name GooseDesktop -ErrorAction SilentlyContinue)) {
            $exe="$path1\GooseDesktop.exe"
            invoke-expression $exe
            #echo 'this should be on'
            sleep 1
        }
    } else {
        Stop-Process -Name GooseDesktop
        #echo 'this should be off'
        sleep 1
    }

• If all is well, when the user logs in they may see a brief terminal but it goes away. At which point you can create a text file called on.txt in the network share that will start the goose. Deleting or renaming the file will kill the goose.

Ultimately I am setting this up for my users to use against their coworkers. I would like a web interface for this, but for now separate network shares with permissions will suffice.