How To Read/Steal Windows Password With USB Rubber Ducky Part 2/2 A
As already mentioned, there are a large number of finished DuckyScript-Scripts, which we configure by ourself.
To demonstrate the first creation of a Rubber ducky script, I have thought of a scenario where you can read passwords from a Windows 7 PC in plain text. In addition to the DuckyScript script to be created, two other files are required, which the attacker places on a web server.
Fistly, the attacker places the required files on his webserver. When the USB rubber ducky is plugged into the target system, it downloads a script and runs it on the Windows 7 PC. Now the passwords are read out and transferred to the web server. The attacker only needs to access the passwords in clear text from the web server.
The original script and information can found on following websites:
https://raw.githuberusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
https://github.com/gentilkiwi/mimikatz/tree/master/mimikatz
In addition to this, you must place a PHP script (rx.php) on a web server, which allows the data to be received correctly from the target system and stores them in the file <IP address_Date_Time>.creds:'
file_put_contents($file, file_get_contents("php://input"));
?>
Next page
As already mentioned, there are a large number of finished DuckyScript-Scripts, which we configure by ourself.
To demonstrate the first creation of a Rubber ducky script, I have thought of a scenario where you can read passwords from a Windows 7 PC in plain text. In addition to the DuckyScript script to be created, two other files are required, which the attacker places on a web server.
Fistly, the attacker places the required files on his webserver. When the USB rubber ducky is plugged into the target system, it downloads a script and runs it on the Windows 7 PC. Now the passwords are read out and transferred to the web server. The attacker only needs to access the passwords in clear text from the web server.
The original script and information can found on following websites:
https://raw.githuberusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
https://github.com/gentilkiwi/mimikatz/tree/master/mimikatz
In addition to this, you must place a PHP script (rx.php) on a web server, which allows the data to be received correctly from the target system and stores them in the file <IP address_Date_Time>.creds:'
file_put_contents($file, file_get_contents("php://input"));
?>
Next page
Tags:
Password Hacking