b00stfr3ak

Thanks, I fixed the add admin syntax and it has been pushed to github. What are the syntax issues with the main menu? x32 works on x64 OS. It might have been a network issue, because the powershell code did reach the metasploit server. I'm thinking about adding the option to not use a stager, but i'll have to do that later. For any issues can you post them to github so I can keep track of them. Thanks!

Hey! I've re-written my power-ducky toolkit. It can be downloaded at https://github.com/b00stfr3ak/power-ducky Main Menu: ********************************************************************************* * Power Ducky * ********************************************************************************* Main Menu host: No Server started 1) PowerShell ports: No Ports used 2) CMD 3) Exit PowerShell Menu ********************************************************************************* * Power Ducky * ********************************************************************************* Powershell Menu host: No Server started 1) WIFI Dump TCP ports: No Ports used 2) WGET Execute 3) Launch Meterpreter 4) Hash Dump TCP 5) Lsass Dump TCP 6) Main Menu WIFI Dump TCP: Dump WIFI profiles and send them to a server over TCP WGET Execute: Download exe using powershell and execute the downloaded file Launch Meterpreter: Execute Meterpreter via web delivery or reflectively Hash Dump TCP: Save sec, system and same using reg.exe and send the files to a server over TCP Lsass Dump TCP: Perform a proc dump of the lsass process using powershell and send the file to a server over TCP CMD Menu: ********************************************************************************* * Power Ducky * ********************************************************************************* CMD Menu host: No Server started 1) Add User ports: No Ports used 2) Main Menu Add User: Add a user to the local machine. You can also add the new user to a the local admin group

Please do a git pull or just re clone the repo this was fixed last week Not sure what you are asking. This holds the psh script on a web server downloads it in memory and executes it on the machine.

I have fixed the issue with msfvenom, let me know if you run into any more issues.

Does the script fail with DNS names? It should just pass everything to metasploit. I'll take a look tonight. I plan on re-writting the tool, because the code looks so bad.

Sorry havn't checked this in a long time. I'll try to take a look tonight, should be simple. Take a look at https://forums.hak5.org/index.php?/topic/30333-power-ducky-toolkit/ for the time being, fast meterpreter is the same concept but finishes in seconds. I plan on re-writting that because the code is real bad. Does the script fail with DNS names? It should just pass everything to metasploit.

Yeah that is the one I tried, but running two vm's and the screen recorder uses to much CPU for my laptop. It misses key presses from the ducky.

I tried to make the videos today but they didn't turn out right. If any one knows of a screen recording software for Linux that is low recourse, please list it. I have updated the repo and tested it on a new kali box and confirmed the scripts are working.

It would be a good idea to create some video's on this, I just haven't had time. Can you clone the newest repo, this should get rid of the hex option (it was broke and took to much time). The best option to try is fast meterpreter. It is the fastest command and an instant meterpreter shell in memory (so no AV to worry about). Wget Execute is OK but then you have to worry about dropping a binary file and not get caught by AV

This could be implemented. I would just need to ask if I could use his script. If a computer is on the domain by default it keeps a number of cached credentials stored just in case the workstation can't talk to the domain controller.

Has anyone tried this?

Fast Meterpreter has been added to the power-ducky toolkit. This payload stores a meterpreter script on a web server and then all the ducky has to do is download that script through ssl and then execute it. The beauty about this script is that it is 10 lines long and the actual powershell command is less then 200 characters. Ideas from: http://www.pentestgeek.com/2013/09/18/invoke-shellcode/ https://forums.hak5.org/index.php?/topic/30398-payload-the-fastest-meterpreter-shell-youll-ever-get/

The power-ducky toolkit has been updated to support SSL. Now you can transfer files from the victim to the attacker all encrypted. It does take a while with larger files however it does work, and happens in the background on the victim computer so they wont notice. Once the correct reg files are downloaded the script will print the hashes to the screen and write them to a file

Hey I have added your idea to my power-ducky toolkit, It should work but I don't have a windows laptop with wireless to test. https://forums.hak5.org/index.php?/topic/30333-power-ducky-toolkit/

Created a quick script that will allow you to use any server to host the powershell script and any powershell script to execute on the victims computer. The web server that the script will set up is real basic and you can use http or https. You can also add a real cert if you want, right now it is just a self-sign. I doesn't set anything up for the ducky yet, that will come soon. Working on something else right now that has me a little stuck (transferring 40MB of data using powershell and ssl). But this will be added by this weekend. https://github.com/b00stfr3ak/fast_meterpreter