Goose Desktop

From Michael's Information Zone
Revision as of 15:42, 5 February 2020 by Michael.mast (talk | contribs) (Created page with "==Purpose== One of my users complained their computer was cursed. ==Setup== *Download the files, place on network share. *Either sign the powershell script, or be bad and dis...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Purpose

One of my users complained their computer was cursed.

Setup

  • Download the files, place on network share.
  • Either sign the powershell script, or be bad and disable protections
new-pssession -computername <remote computer> | enter-pssession
new-Itemproperty -Path 'HKLM:\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' -Name 'ExecutionPolicy' -Value 'Bypass' -PropertyType 'string
  • Create scheduled task on the target system to run the following when the target user logs in.
    <Exec>
      <Command>powershell</Command>
      <Arguments>-windowstyle hidden -f '\\<network share>\goose.ps1'</Arguments>
    </Exec>
  • Create goose.ps1
$path1='\\<network share>'
sleep5
while ($true) {
    if (test-path "$path1\on.txt") {
        if (!(Get-process -name GooseDesktop -ErrorAction SilentlyContinue)) {
            $exe="$path1\GooseDesktop.exe"
            invoke-expression $exe
            #echo 'this should be on'
            sleep 1
        }
    } else {
        Stop-Process -Name GooseDesktop
        #echo 'this should be off'
        sleep 1
    }
  • If all is well, when the user logs in they may see a brief terminal but it goes away. At which point you can create a text file called on.txt in the network share that will start the goose. Deleting or renaming the file will kill the goose.



Ultimately I am setting this up for my users to use against their coworkers. I would like a web interface for this, but for now separate network shares with permissions will suffice.