-
Notifications
You must be signed in to change notification settings - Fork 2.5k
/
Copy pathRemove-PoshRat.ps1
41 lines (31 loc) · 1023 Bytes
/
Remove-PoshRat.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
function Remove-PoshRat
{
<#
.SYNOPSIS
Nishang script which removes firewall rules installed by PoshRat.
.DESCRIPTION
Use this script to remove firewall rules installed by PoshRat.
Firewall rules with the name of
"Windows Update HTTPS" are removed by this script.
The script must be run from an elevated shell.
.PARAMETER IPAddress
The IP address which was specified for listener.
.EXAMPLE
PS > Remove-PoshRat -IPAddress 192.168.254.1
Above removes the certificates and firewall rules added by Invoke-PoshRatHttps
.EXAMPLE
PS > Remove-PoshRat
.LINK
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-3.html
https://github.com/subTee/PoshRat
https://github.com/samratashok/nishang
#>
[CmdletBinding()] Param(
[Parameter(Position = 0, Mandatory = $true)]
[String]
$IPAddress
)
#Delete the Firewall rules
netsh advfirewall firewall delete rule name="WindowsUpdate HTTPS"
netsh advfirewall firewall delete rule name="WindowsUpdate HTTP"
}