[PAYLOAD] SMBHashGrab in Payloads Posted June 14, 2017 · Edited June 14, 2017 by combatwombat27 Added post quoting 5 hours ago, korang said: OK, I also put together a very similar script. I have found on my lab systems for my "work" environment, that the timing for mapping the network share had to be increased. I also ran into issues were the DUKCY ALT F4 did no close the explorer window as I had hoped. I had to use powershell to kill exploerer. This "work" system is a windows 7 x64 Laptop on a Active Directory Domain. One other weird note, due to certain GPO's we have I had to disconnect the hard wired lan cable to get it to properly map to the Bash bunny. Now , with the faster timing and ALT F4 , I found worked on my non-domain, stand alone windows 10 laptop. SO as i side note to anyone using in a professional capacity and environment. And with all PROPER PERMISSIONS, of course. May need to adjust timing and do some adjustments for it to work right, depending on any protections the workstation may have. But I will admit your script is way cleaner than mine. Awesome to see this getting some testing in the wild! I'm not entirely sure why Alt + F4 would fail in Windows 7 other than it just firing too fast, that is interesting to hear. With regards to the GPO and Lan cable, sounds to me like they have some GPOs setting what to use as the primary network connection. I would doubt many attacks written using the networking ATTACKMODE would work well on that machine given they often base their ability to intercept on the fact that being the fastest network connection makes them primary. Clean code?! 0.o I didn't expect to hear that of all comments. hahaha Thanks! Realistically I feel this isn't the most useful attack given you could use other duckyscript code to export hashes without needing to exploit network connectivity, but it certainly was a fun exercise to create, and if it helps at all then it has done some good. Thanks for checking out the tool, and bringing back some useful feedback!