A creative red team technique using pure PowerShell and social engineering over RDP.
This tool simulates a real-world initial access scenario via a weaponized Windows Server and an .rdp file. It's made for Red Team operations, adversary emulation, or lab experiments.
Goal: Trick users into enabling drive sharing through RDP and silently plant a payload for post-exploitation.
-
User connects to a remote server using the provided
.rdpfile. orserver_ip -
A custom server-side application launches and forces the Windows environment into a kiosk-style lockdown:
- Disables all key combinations:
Alt+Tab,Ctrl+Alt+Del,Win key, etc. - Prevents user from interacting with the real desktop.
- Disables all key combinations:
-
A fake security prompt is displayed:
- If Drive Sharing is already enabled, the tool moves to the next stage.
- If not, the user is shown a warning suggesting a "security feature" must be enabled, tricking them into turning on sharing.
-
When sharing is enabled, the tool:
- Gains access to the local user's system via
\\tsclient - Plants a payload in the Startup folder for persistence or further execution
- Gains access to the local user's system via
This Tools Now Just Like POC You need Custom for self use for example after everything ok delete reg key and escape from kiosk-style and show somethings...You KNOW🤣
This Tools Use edge open in kiosk mode and full screen open html tempalte generate by powershell dynamic for check with combine key user cant escape or exit🔒
- Video Setup: Watch the video
- Watch Demo video
- setup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogonfor run first process and first timeuse shell:startupandshell:commofor deploy malware and re check fake security page every time user connect for recheck.use sharpkeys toolsandreg filefor disable keys and remove.
- Pure PowerShell scripting (no external dependencies)
- Optional support for:
PS2EXEfor compiling to.exeNirCmd,Resource Hacker, orBat To Exefor behavior masking
- add more template and shell access
- Display a fake update message: Show a fake system update notification, asking the user to stay connected for a specified period (e.g., 20 minutes). This message aims to deceive the user into remaining connected longer.
- Transfer victim’s files: During this time, silently transfer files from the target system to the attacker’s server. If the user disconnects or exits the session prematurely, the timer will reset, forcing the user to stay connected longer for the attack to complete.
🚨 This tool is developed strictly for educational and authorized security testing purposes only.
🔬 It is intended to help cybersecurity professionals, researchers, and enthusiasts understand post-exploitation, red teaming, and detection techniques in lab or controlled environments.
❌ Do NOT use this tool on any system or network without explicit permission. Unauthorized use may be illegal and unethical.
🛡 The author takes no responsibility for any misuse or damage caused by this project.
Always hack responsibly. 💻🔐