b00stfr3ak Posted August 25, 2013 Share Posted August 25, 2013 So I know we have hash dumps already, but from what I have seen they mount the ducky and load the hashes from there or maybe there is an ftp version (if not why not, easy to write). I took a new approach to the attack and wanted to grab hashes off multiple computers at any time and not be worried about having space, over writing what I had from another computer or being caught during a pentest trying to be sneaky. So I have created the following script that does just that. It starts an admin cmd (Thanks to Darren) grabs the needed reg files and then dumps them through a TCP socket. It uses powershell so no worry about AV (if there was something to catch). Code: https://github.com/b00stfr3ak/ducky_hashdump_tcp ruby ducky_hashdump_tcp.rb [!] Enter the host ip to listen on: 192.168.1.202 [+] Using 192.168.1.202 as server [!] Enter the port you would like to use or leave blank for [443]: [+] Using 443 [!] Would you like to set up the server now?[yes/no] yes [*] Starting Server! [+] Got sam file! [+] Got sys file! The server that is setup is multi threaded so you can collect reg files from multiple computers or servers.Make sure you click on the UAC pop up for the ducky to click yes! Let me know what you guys Think! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.