Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About chaz

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Well done for working on this, I have made a native (C) version of PSExec (my project) but it's detected by 1 Anti-Virus.
  2. The reboot persistence? I don't mean that if a session dies it will come back to life, it will just execute again when rebooted. If you could check task scheduler to see if a task is created and get back to me that would be awesome! And thanks btw :)
  3. Yeah but you only get plaintext passwords if you have set a specific registry key (on Windows 8+).
  4. Yeah definitely, though all the powershell scripts that I've generated with S.E.T don't have any quotation marks, but for non-programmers, a very good tip!
  5. Good to hear! Glad you got it working on Windows 7, and yeah having the script as an external resource to load at runtime is probably a better idea! Interestingly I had no issues with System Privs and Windows 10, I just executed 'getsystem' in my meterpreter prompt and I got elevated (even after reboot). Thanks for your kind words :)
  6. I should add, since we are using Windows Task Scheduler, if we do get elevated privileges, when the user reboots and the 'PSExec.exe' file auto runs it will run as Admin and no UAC prompt will be shown because technically when we added the Task we were admin :)
  7. Hi there, I'm new to this forum and so I thought I'd introduce myself with a nice tutorial! :) I've created a ducky script and coded an executable which will achieve the title of this topic. This will make use of the twin duck firmware so this is a prerequisite before starting unless you can apply the same thing to ducky-decode or similar. Another prerequisite is .NET framework 4.5 but PC's with Win 8+ will have this by default and loads of applications use this so the likelihood of a PC pre Win 8 not having it is fairly low (I might make a native payload later). What the exec
  8. You could try compiling like this: "gcc -m32 -Wl,--hash-style=both 12.c -o exploit" Let me know if this works :)
  • Create New...