Enzo Gorlami Posted January 3, 2019 Share Posted January 3, 2019 I am working on a project that I need helpful advice on . I have decided to name it LAUNCHPAD MCQUACK. It a portable software that can be uploaded by the twin duck firmware, it will then run ducky scripts that have been converted to exe's based on variables. It is just a proof of concept and I am a novice pen-tester. The overall goal for the software is, when the ducky is plugged in, it copies and runs the LPM on the victim PC (at this point the ducky can be removed.), if LPM encounters any security , it will recognize and run the bypass scripts by using logic IF-THEN conditional statements. It uses the webcam to periodically check for movement every 30 seconds, executes commands on a virtual desktop it created for 10 seconds then switches back to original desktop. What I need advice on is the following, I tested it on a windows 10 enterprise machine that is logged in as guest that has everything disabled. No run, cmd, etc. What I have done to bypass this, create a virtual desktop, run a portable virtual machine and auto- hack it from there. Is there a easier way to universally bypass in windows 10 all admin limits instead of using a virtual machine? Additionally, I am working on the process to mimic the windows login screen and remap the hotkey so when the victim logs out it will begin running LPM and let the user think he really logged out. When it detects keyboard input it will official log out and wait for the user to log out again to continue running. 1 Quote Link to comment Share on other sites More sharing options...
Deppy Posted July 17 Share Posted July 17 How’d it turn out Quote Link to comment Share on other sites More sharing options...
Irukandji Posted July 17 Share Posted July 17 Posted January 4, 2019 I doubt that they will ever be back... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.