Jump to content

[Payload] Hash Dump

Recommended Posts

So I know we have hash dumps already, but from what I have seen they mount the ducky and load the hashes from there or maybe there is an ftp version (if not why not, easy to write).

I took a new approach to the attack and wanted to grab hashes off multiple computers at any time and not be worried about having space, over writing what I had from another computer or being caught during a pentest trying to be sneaky.

So I have created the following script that does just that. It starts an admin cmd (Thanks to Darren) grabs the needed reg files and then dumps them through a TCP socket. It uses powershell so no worry about AV (if there was something to catch).

Code: https://github.com/b00stfr3ak/ducky_hashdump_tcp

ruby ducky_hashdump_tcp.rb
[!] Enter the host ip to listen on:
[+] Using as server
[!] Enter the port you would like to use or leave blank for [443]:
[+] Using 443
[!] Would you like to set up the server now?[yes/no] yes
[*] Starting Server!
[+] Got sam file!
[+] Got sys file!

The server that is setup is multi threaded so you can collect reg files from multiple computers or servers.

Make sure you click on the UAC pop up for the ducky to click yes!

Let me know what you guys Think!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...