nik321

Escalating Privileges in Windows & Staged Reverse Shells [DID NOT WORK HELP]

11 posts in this topic

So I literally just finished copying this tutorial ...

https://www.youtube.com/watch?v=fmRRX7-G4lc

And everything went smoothly... Apart from when I plugged in the duck... Nothing happened on my Kali MSF... No shells were caught?

I should first off mention that my target machine was actually a 64 bit windows, so i had to change the msfvenom -a to x64 and change the payload to windows/x64/meterpreter/reverse_tcp...

But besides that everything went ok... So because the shell wasnt being caught, I decided to open up powershell my self, and manually type in the code that the ducky inject.bin is trying to run in powershell.... and i got this error...

So I think the reason nothing happens when I plug the duck in, is because in the background (because obviously it is commanded to be hidden in the inject.bin) this is happening... making MSF not catch a shell...

 

Please could anyone take a look at this and help me overcome this error please. I would be forever grateful! Thank you hak5 enthusiasts! <3

0

Share this post


Link to post
Share on other sites

Posted (edited)

59 minutes ago, nik321 said:

I should first off mention that my target machine was actually a 64 bit windows

x86 should work just fine on x64

 

Edited by Lord_KamOS
0

Share this post


Link to post
Share on other sites
3 minutes ago, Lord_KamOS said:

x86 should works just fine on x64

 

Oh really? So I can still go ahead and make the payload for a 32 bit computer (like in the video) and still run it on a 64 bit machine? ok that is interesting. Thank you. I do know about 32 bit being cross compatible with 64, but not the other way around. 

But besides that. Is there a reason that the ducky script, once opened up in powershell, is not actually pulling my payload (website.com/bob.exe) or my vbs file (website.com/ggg.txt - As made in the video) from my website?

(You also commented on my other help thread for the turtle. Thank you for being active and trying to help me with my endeavors.)

1

Share this post


Link to post
Share on other sites
56 minutes ago, nik321 said:

But besides that. Is there a reason that the ducky script, once opened up in powershell, is not actually pulling my payload (website.com/bob.exe) or my vbs file (website.com/ggg.txt - As made in the video) from my website?

I am not sure, and sadly i cant test it right now, but maybe you can look into the twinduck firmware. I find it more effective just mounting sd card and run the payload from the duck itself.

 

0

Share this post


Link to post
Share on other sites
11 minutes ago, Lord_KamOS said:

I am not sure, and sadly i cant test it right now, but maybe you can look into the twinduck firmware. I find it more effective just mounting sd card and run the payload from the duck itself.

 

This is something that also interested me! I would prefer to be able to host the payload on the pendrive as well as the inject.bin > I like the idea of it all being contained in its self. I will take a look a the twinduck firmware setup on YouTube. Thank you for this.

1

Share this post


Link to post
Share on other sites

Ok so I did a bit of googling, and it turns out the powershell commands in the inject.bin are not real commands.. Is this because there might of been an update since the make of that video rendering those commands useless now?

0

Share this post


Link to post
Share on other sites

The download command is right. the '%temp%/update.vbs is wrong.

You want to run update.vbs right? 

try somehting like cd %temp%; ./update.vbs

Note the './'

0

Share this post


Link to post
Share on other sites
2 hours ago, ThoughtfulDev said:

The download command is right. the '%temp%/update.vbs is wrong.

You want to run update.vbs right? 

try somehting like cd %temp%; ./update.vbs

Note the './'

I don't think its supposed to run it, rather save it as that name, rather than ggg.txt (as shown in image)

0

Share this post


Link to post
Share on other sites
19 hours ago, nik321 said:

I don't think its supposed to run it, rather save it as that name, rather than ggg.txt (as shown in image)

I know the DownloadFile command runs just fine (remove everything after the ;). The file should then be in your temp folder (named update.vbs).

The error is the line after the ';'.

This line tries to run the update.vbs located in the temp folder but if you want to run a.exe in powershell you cant just type a.exe you have to use ./a.exe (you understand my point?)

0

Share this post


Link to post
Share on other sites
22 hours ago, ThoughtfulDev said:

I know the DownloadFile command runs just fine (remove everything after the ;). The file should then be in your temp folder (named update.vbs).

The error is the line after the ';'.

This line tries to run the update.vbs located in the temp folder but if you want to run a.exe in powershell you cant just type a.exe you have to use ./a.exe (you understand my point?)

Aaaagh!! Thank you so much friend! I am going to try this out! Your help has been amazing and I thank you for trying to help me overcome this. Big thanks to you mate!

1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.