Jump to content

Archived

This topic is now archived and is closed to further replies.

Rayvn

payloads

Recommended Posts

I got a ducky for X-Mas so im trying to learn how to code duckyscript which is going to take awhile since i have never coded anything before (could also use a link to the most obvious guide ever i am having a bit of a hard time picking it up ) but my question is while i learn  is there any where else i can get premade payloads i have the github payload links would like any links possible but preferably pent-testing ones thanks!

 

Share this post


Link to post
Share on other sites

i tried that generator one im trying to add a admin account by the funny thing is it needs a admin account to do so (why the hell would i be doing this if already had an admin account) any way to bypass this???

Share this post


Link to post
Share on other sites
11 minutes ago, Rayvn said:

why the hell would i be doing this if already had an admin account

I think your thoughts a little bit confused. Imagine the following scenario:

Mr.X (equipped with a Ducky and a small "Create Admin Account") walks into Company B and has a nice chat in the office of the Admin. He asks for a map-out of the LAN. Admin stands up turns around and searches on the shelves.

Mr. X quickly inserts the Ducky and cretes another Adminstrator account. Just in time before being discovered he removes it again. The Admin showss him a printout. After some smalltalk he leaves and hides inside the building.

After everyone left the building Mr.X returns to the Admins office, boots up the PC, logs into the newly created Admin account and looks through the company's files. He then copies internal and confidential material to another stick.

He leaves and the next day he sells the stolen data to Company A.

 

24 minutes ago, Rayvn said:

trying to add a admin account by the funny thing is it needs a admin account to do so

Makes sense. But I don't see a problem here, since you should have admin rights on your own system.

Share this post


Link to post
Share on other sites
On 1/8/2018 at 2:28 PM, Broti said:

I think your thoughts a little bit confused. Imagine the following scenario:

Mr.X (equipped with a Ducky and a small "Create Admin Account") walks into Company B and has a nice chat in the office of the Admin. He asks for a map-out of the LAN. Admin stands up turns around and searches on the shelves.

Mr. X quickly inserts the Ducky and cretes another Adminstrator account. Just in time before being discovered he removes it again. The Admin showss him a printout. After some smalltalk he leaves and hides inside the building.

After everyone left the building Mr.X returns to the Admins office, boots up the PC, logs into the newly created Admin account and looks through the company's files. He then copies internal and confidential material to another stick.

He leaves and the next day he sells the stolen data to Company A.

 

Makes sense. But I don't see a problem here, since you should have admin rights on your own system.

i can see the problem i bought a few laptops from some cheapo places and craigslist .ect to test my ducky on for a bit of fun sorry to worry you 

Share this post


Link to post
Share on other sites

@Broti you still gonna help me? Can you or is the problem to much work? Would like a response. Thanks!

Share this post


Link to post
Share on other sites

@Rayvn well there is payload I know of to directly help you in this matter. If anyone else know: Please enlighten me.

As for resetting admin passwords there are tons of tutorials online.

One thing you could check though is boot 'em in safe mode. Some machines then reveal an admin account (with no password/master password ion manial) but it really depends on the vendor/re-seller.

But that's nothing that can't solely be handled with a Ducky.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...