Goose Desktop
Revision as of 15:42, 5 February 2020 by Michael.mast (talk | contribs) (Created page with "==Purpose== One of my users complained their computer was cursed. ==Setup== *Download the files, place on network share. *Either sign the powershell script, or be bad and dis...")
Purpose
One of my users complained their computer was cursed.
Setup
- Download the files, place on network share.
- Either sign the powershell script, or be bad and disable protections
new-pssession -computername <remote computer> | enter-pssession new-Itemproperty -Path 'HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' -Name 'ExecutionPolicy' -Value 'Bypass' -PropertyType 'string
- Create scheduled task on the target system to run the following when the target user logs in.
<Exec> <Command>powershell</Command> <Arguments>-windowstyle hidden -f '\\<network share>\goose.ps1'</Arguments> </Exec>
- Create goose.ps1
$path1='\\<network share>' sleep5 while ($true) { if (test-path "$path1\on.txt") { if (!(Get-process -name GooseDesktop -ErrorAction SilentlyContinue)) { $exe="$path1\GooseDesktop.exe" invoke-expression $exe #echo 'this should be on' sleep 1 } } else { Stop-Process -Name GooseDesktop #echo 'this should be off' sleep 1 }
- If all is well, when the user logs in they may see a brief terminal but it goes away. At which point you can create a text file called on.txt in the network share that will start the goose. Deleting or renaming the file will kill the goose.
Ultimately I am setting this up for my users to use against their coworkers. I would like a web interface for this, but for now separate network shares with permissions will suffice.