Jump to content

map Drive While Locked


korang

Recommended Posts

So , I am playing with my first script.  I am setting up impacket with HID attack to replicate to 2 second ducky attack.  My question is, can i get a windows machine to map to the share I create when the desktop is locked.  So far my script works great on an unlocked machine.  TIA

Link to comment
Share on other sites

A bit more information please,

 

running a ducky script is based on reenacting keystrokes from the hid. As you are unable to create a mapping while a computer is locked its not possible to have the hid do the same

Link to comment
Share on other sites

2 hours ago, korang said:

So , I am playing with my first script.  I am setting up impacket with HID attack to replicate to 2 second ducky attack.  My question is, can i get a windows machine to map to the share I create when the desktop is locked.  So far my script works great on an unlocked machine.  TIA

Nope unless you exploit it via the network side from the bunny with a vulnerability it is vuln to.

Why does quickcreds and bunnytap work?

They use network traffic to work.  Responder responds to requests with an authentication request so even when the machine is locked if it sends out requests, it can be tricked to giving up hashed creds.

bunnytap works by serving a captive portal full of javascript.  The captive portal part is the one that causes some windows machines to fire off a browser automatically to go to it.  Other times, it could do nothing but let you know in the lower right that you need to authenticate on a page before going online or something like that similar to what phones do on hotel hotspots with captive portals.

To get a share to map you will need to interact with the machine via the console or network access.  Unless you know the network credentials, you cannot interact without HID.  With the screen being locked and you not knowing the password, you cannot get onto the machine in a way to setup a mapped share.  So, you either make it map through HID typing or you autoexploit a vuln in the machine with a payload that maps the drive.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...