one2

It appears so! I am very new to all of this and not entirely sure how to craft the entire payload to accomplish the following: reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1 Assuming that is the right command anyway.

Yeah I guess I should have specified that I would like to primarily add the registry modification into the stealth payload (pulling up the registry and modifying the WDigest "UseLogonCredential" to 1) on the first run, rather than either loading up PowerMemory or modifying the registry manually (allotted time would be minimal). Then wait for the target machine to be rebooted before inserting the RD once more to grab the plain text.

I purchased the Rubber Ducky recently to grab windows login creds from Windows 10. I was unaware at the time that it wouldn't quite work as solid on 10 as it does with older versions of windows. After testing on various other versions and having it upload the .creds to my server nothing happened when I attempted it on my target machine (Windows 10). I played around with quite a bit and finally got the .creds uploading but with 0 data. Doing some research I came across this page explaining using PowerMemory to edit the registry for storing plaintext credentials. I did this the manual way, rebooted, and viola I have my .creds file on the server with the credentials. However this was done on a test machine and not my target machine. HERE IS MY REQUEST: Does anyone have or can write a payload to automate this process in a stealth manner much like the Mr Robot payload? Maybe I am overlooking something as I am so new to this. Also it could be possible that it would have worked without PowerMemory editing the registry as I disabled Windows Defender before trying PM as I saw it has blocked some MK features during my previous attempts. Any feedback would be greatly appreciated!