korang Posted June 5, 2017 Share Posted June 5, 2017 So , I am playing with my first script. I am setting up impacket with HID attack to replicate to 2 second ducky attack. My question is, can i get a windows machine to map to the share I create when the desktop is locked. So far my script works great on an unlocked machine. TIA Quote Link to comment Share on other sites More sharing options...
Dice Posted June 5, 2017 Share Posted June 5, 2017 A bit more information please, running a ducky script is based on reenacting keystrokes from the hid. As you are unable to create a mapping while a computer is locked its not possible to have the hid do the same Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted June 5, 2017 Share Posted June 5, 2017 2 hours ago, korang said: So , I am playing with my first script. I am setting up impacket with HID attack to replicate to 2 second ducky attack. My question is, can i get a windows machine to map to the share I create when the desktop is locked. So far my script works great on an unlocked machine. TIA Nope unless you exploit it via the network side from the bunny with a vulnerability it is vuln to. Why does quickcreds and bunnytap work? They use network traffic to work. Responder responds to requests with an authentication request so even when the machine is locked if it sends out requests, it can be tricked to giving up hashed creds. bunnytap works by serving a captive portal full of javascript. The captive portal part is the one that causes some windows machines to fire off a browser automatically to go to it. Other times, it could do nothing but let you know in the lower right that you need to authenticate on a page before going online or something like that similar to what phones do on hotel hotspots with captive portals. To get a share to map you will need to interact with the machine via the console or network access. Unless you know the network credentials, you cannot interact without HID. With the screen being locked and you not knowing the password, you cannot get onto the machine in a way to setup a mapped share. So, you either make it map through HID typing or you autoexploit a vuln in the machine with a payload that maps the drive. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.