PowerShell Login Script

[Asphyxia]

try
{

#Disable close start
$code = @'
using System;
using System.Runtime.InteropServices;

namespace CloseButtonToggle {

internal static class WinAPI {
   [DllImport("kernel32.dll")]
   internal static extern IntPtr GetConsoleWindow();

   [DllImport("user32.dll")]
   [return: MarshalAs(UnmanagedType.Bool)]
   internal static extern bool DeleteMenu(IntPtr hMenu,
                          uint uPosition, uint uFlags);

   [DllImport("user32.dll")]
   [return: MarshalAs(UnmanagedType.Bool)]
   internal static extern bool DrawMenuBar(IntPtr hWnd);

   [DllImport("user32.dll")]
   internal static extern IntPtr GetSystemMenu(IntPtr hWnd,
              [MarshalAs(UnmanagedType.Bool)]bool bRevert);

   const uint SC_CLOSE     = 0xf060;
   const uint MF_BYCOMMAND = 0;

   internal static void ChangeCurrentState(bool state) {
     IntPtr hMenu = GetSystemMenu(GetConsoleWindow(), state);
     DeleteMenu(hMenu, SC_CLOSE, MF_BYCOMMAND);
     DrawMenuBar(GetConsoleWindow());
   }
}

public static class Status {
   public static void Disable() {
     WinAPI.ChangeCurrentState(false); //its 'true' if need to enable
   }
}
}
'@

Add-Type $code
[CloseButtonToggle.Status]::Disable()
#Disable close end

#Dark theme start
$Host.UI.RawUI.BackgroundColor = 'Black'
$Host.UI.RawUI.ForegroundColor = 'White'
$Host.PrivateData.ErrorForegroundColor = 'DarkRed'
$Host.PrivateData.ErrorBackgroundColor = 'Black'
$Host.PrivateData.WarningForegroundColor = 'Yellow'
$Host.PrivateData.WarningBackgroundColor = 'Black'
$Host.PrivateData.DebugForegroundColor = 'Yellow'
$Host.PrivateData.DebugBackgroundColor = 'Black'
$Host.PrivateData.VerboseForegroundColor = 'Green'
$Host.PrivateData.VerboseBackgroundColor = 'Black'
$Host.PrivateData.ProgressForegroundColor = 'DarkGray'
$Host.PrivateData.ProgressBackgroundColor = 'Black'
#Dark theme end

#Maximize start
$sig = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);'
Add-Type -MemberDefinition $sig -name NativeMethods -namespace Win32
$hwnd = @(Get-Process Powershell)[0].MainWindowHandle

# Restore window
[Win32.NativeMethods]::ShowWindowAsync($hwnd, 3)
#Maximize end

Clear
$host.ui.RawUI.WindowTitle = "Please login"

$authCount = 0
    Do {
$securedValue = Read-Host -AsSecureString
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securedValue)
$value = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
clear

$authCount++
$host.ui.RawUI.WindowTitle = "Authentication attempt " + $authCount

#Check credentials
if($value -eq "magic") {
   echo "### You are now authorized ###"
$authCount = 0
}else {
   echo "### You are unauthorized ###"
}

#Check failed attempts
if($authCount -gt 4){
echo "### You have failed more than 4 times, please wait 10 seconds ###"
echo "### WHEN THE SCREEN CLEARS, TRY AGAIN ###"
Start-Sleep -Seconds 10
clear
}

} While(1)
}
finally
{
Stop-Process -Name "powershell"
}

This is pretty fucking awesome, I think?!?

Let me know what you think..

 

[Asphyxia]

P.S. usage looks like:

1. Replace explorer.exe as the shell - switch to this PowerShell script instead (Group Policy).

2. Craft your own auth method, take the value and pass encrypted to a web server or what not

3. Get token response perhaps, to have the token used for duration.

Can even roll in username (in addition to password), plus even throw 2FA (Two-Factor) inside.

Optionally, can start explorer process once user is authorized into session.

When user Windows/Locks it can count as log off, all software closes forcibly this enhances the idea to save your work.. it takes mere seconds to get back into apps. Then crucial info should ideally be pushed away from memory.

The Windows account could be password-free, just a single user account "CompanyUser", "SecurityUser", "SupportUser".. all password-free.

But the shell replacement enables the username and password component. All these accounts would NOT have admin access.

Also, like I said 2FA tied in would be quite simple this way.

I would disable: WinRM and PowerShell remoting.. in addition to block port 3389 among disabling other needless Windows services that could pose risk.

This would be ideal for a rather small business, and could use some tweaking.

It's probably old school and especially only useful if you have a generically shared system and want everyone to share system use for using specific company apps.

It's not designed to be a full shell replacement, just handling authentication for either users or a generic password for shared usage like maybe a factory assembly line to sort/move products around like item tracking for shipping or whatever hope this makes sense.