Jump to content

Rubber duck


greyhatter
 Share

Recommended Posts

I have a computer that I have forgot the admin password. The HDD is bit locked. So OPH did not work and booting to a win 10 install and renaming CMD did not work. Konboot loaded but stoped right before it was going to boot windows. My user account that I have access to has no admin right. I tried making a Trojan with metasploit. I have Cylance AV installed. It  quarantine my Trojan. Even one I made with Veil-Evasion. 

Will Rubber Ducky work in this case?  I don't think so. I think I read somewhere that it needs admin rights. 

Link to comment
Share on other sites

I'm assuming by renaming CMD you mean the Sticky Keys backdoor? Couldn't you get a CMD prompt in the logon screen?

Well, at least you know your AV is good.

Rubber Ducky will not help you - it's not a tool used to hack into a locked machine, it's a tool to run scripts on an unlocked machine where you can access CMD prompt, Powershell etc. so don't get one if you're just going to use it to fix this problem - it won't help.

Hiren's Boot CD has some tools that can reset Admin passwords and users (Windows XP/7 Mini can boot from HBCD and you can change passwords and things), or you can keep trying with the Sticky Keys backdoor which SHOULD work fine, unless the AV is good enough to block that too (doubt it..).

Sticky Keys runthru:

1. Boot to Windows install disk
2. Launch CMD with Shift + F10 during installer
3. Find the Windows partition (usually has the letter 'd:')
4. Backup d:\windows\system32\sethc.exe to d:\ (so you can replace CMD later, reverting back to normal)
5. Copy d:\windows\system32\cmd.exe to d:\windows\system32\sethc.exe with the /y argument ('copy /y ..')
6. Cancel the Windows install and reboot to Windows
7. On the logon screen press Shift 5 times (enables Sticky Keys) to open an Administrator CMD prompt
8. Change the password to the Administrator and stuffs

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...