Jump to content
Sign in to follow this  
Enzo Gorlami

CODENAME: LAUNCHPAD MCQUACK

Recommended Posts

I am working on a project that I need helpful advice on  . I have decided to name it LAUNCHPAD MCQUACK. It a portable software that can be uploaded by the twin duck firmware, it will then run ducky scripts that have been converted to exe's based on variables. It is just a proof of concept and I am a novice pen-tester.

The overall goal for the software is, when the ducky is plugged in, it copies and runs the LPM on the victim PC (at this point the ducky can be removed.), if  LPM  encounters any security , it will recognize and run the bypass scripts by using logic IF-THEN conditional statements. It  uses the webcam to periodically check for movement every 30 seconds, executes commands on a virtual desktop it created for 10 seconds then switches back to original desktop.

What I need advice on is the following, I tested it on a windows 10 enterprise machine that is logged in as guest that has everything disabled. No run, cmd, etc. What I have done to bypass this, create a virtual desktop, run a portable virtual machine and auto- hack it from there.  Is there a easier way to universally bypass in windows 10  all admin limits instead of using a virtual machine?

Additionally, I am working on the process to mimic the windows login screen and remap the hotkey so when the victim logs out it will begin running LPM and let the user think he really logged out. When it detects keyboard input it will official log out and wait for the user to log out again to continue running.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...