Uploaded HashDumpDucky

PoC of dumping hashes, filtering for the Administrator hash and exfiltration via keystroke reflection. Bring some time, this may take a while :) Disclaimer: On recent versions of Windows, this will result in an empty/default hash.
2022-09-01 21:20:30 +02:00 · 2022-09-01 21:20:30 +02:00 · 6c1acfb51d
parent e2527f733b
commit 6c1acfb51d
3 changed files with 58 additions and 0 deletions
--- a/payloads/library/exfiltration/HashDumpDucky/README.md
+++ b/payloads/library/exfiltration/HashDumpDucky/README.md
@ -0,0 +1,22 @@
+**Title: HashDumpDucky**
+
+<p>Author: 0iphor13<br>
+OS: Windows<br>
+Requirements: DuckyScript 3.0<br>
+Version: 1.0</p>
+
+:bangbang: | This is just meant to be a PoC, as this method of Hashdump will result in empty, default hashes on recent versions of Windows.
+
+**Instruction:**
+
+Bring some time... This payload will run an obfuscated script to dump user hashes and exfiltrate the Administrator hash via Keystroke Reflection Method.
+
+#
+**Instruction:**
+
+Compile this payload with payloadstudio, place it inside of your Ducky as inject.bin and you are good to go
+#
+Exfiltrate the out.txt file and try to crack the hashes.
+![alt text](https://github.com/0iphor13/usbrubberducky-payloads/tree/master/payloads/library/credentials/HashDumpDucky/hash.png)
+
+*props to Nikhil Mittal*
--- a/payloads/library/exfiltration/HashDumpDucky/hash.png
+++ b/payloads/library/exfiltration/HashDumpDucky/hash.png
--- a/payloads/library/exfiltration/HashDumpDucky/payload.txt
+++ b/payloads/library/exfiltration/HashDumpDucky/payload.txt