tellerman5

Hey Midnitesnake - thanks for the correction! Sorry I misspelled your name in the comments as well. :-P You and Dnucna keep up the great work on the platform. Really enjoying this addition perspective for my team's pentest activities. Cheers! G1

Hi Folks, I wanted to share a new script I developed that shows a proof of concept for a rubber ducky and Windows Credential Editor (WCE) script that would would do the following: 1.) Disable Antivirus for 15 minutes which is default. (This must be done to avoid signiture detection of WCE executable) 2.) FTP to attacker machine on the network, downloading the 32-bit & 64-bit version of WCE 3.) Script then executes both versions, sending the output to a text file with the computer name as the variable of the file name. Note: One executable will fail (64 or 32 bit), but it will not write to the output file. 4.) Script will then upload the file containing cleartext passwords for users logged in based on LSASS memory 5.) The script will then remove all WCE executables as well the cleartext password file created before the antivirus program automatically start. Then closes all appropriate windows The video demo can be found at: http://youtu.be/IqUci4buvvM Below is a copy of the script. Note: This is a proof of concept and will need to be tweaked per environment and penetration testing engagement. ---------------------------------------------------------------------------------------------------------------------------------------------- code below: ------------------------------------------------------------------------------------------------------------------------