netzwerg Posted October 19, 2016 Share Posted October 19, 2016 I am running VMware Fusion on a Mac with a Windows 7 guest. My goal is to run the Invoke-Mimikatz payload for credential pilfering, which involves sending WIN-R (GUI R) to the Windows OS. However, because Windows 7 is running as a guest VM, the Windows OS doesn't actually see the ducky connect as a USB keyboard. The ducky connects to the host OS (Mac OSX) instead. When the script sends a 'GUI R', this doesn't seem to get passed to the guest VM (Windows), even if the focus is on the VM at the time. However, if I write a basic script that simply sends a 'STRING Hello World' and 'ENTER', then I see these characters appear, if I first open notepad to give it something to type into. Has anyone tried something like this before, or does anyone have an idea how to go about addressing this? Quote Link to comment Share on other sites More sharing options...
netzwerg Posted October 19, 2016 Author Share Posted October 19, 2016 After a bit of "research" (AKA "googling"), I found the solution to the problem. The solution is to use a forked (and more recent) version of the duckencoder, which can be found here. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.