diff --git a/payloads/library/exfiltration/NTLM_ducky/README.md b/payloads/library/exfiltration/NTLM_ducky/README.md new file mode 100644 index 0000000..b43d458 --- /dev/null +++ b/payloads/library/exfiltration/NTLM_ducky/README.md @@ -0,0 +1,30 @@ +# Exfiltrate NTLM Hash - Windows ✅ + +A Rubber Ducky payload to exfiltrate NTLM hash files from a Windows machine onto the SD card. + +## Description + +This payload script captures and exfiltrates NTLM hash files from a Windows machine. It uses PowerShell commands to locate and save the SAM and SYSTEM files, which contain hashed user passwords, onto the Rubber Ducky's SD card for later extraction and analysis. Upon successful file extraction, the payload triggers a visual confirmation by blinking the Caps Lock LED + + +### Settings + +- **Drive Label:** Set the target drive label for Rubber Ducky storage (default: `DUCKY`). +- **Number o:** Ensure the payload has the necessary permissions for registry access. +- **Extension Requirements:** This payload includes a passive Windows detection extension for compatibility. + +## Credits + +
+
+
+
+ GitHub + |
+