hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create README.md

pull/495/head
Luu 2024-10-31 12:56:53 +01:00 committed by GitHub
parent 554b3066b7
commit 81ae8f0e8c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
payloads/library/exfiltration/NTLM_ducky/README.md Normal file
View File

@ -0,0 +1,30 @@
# Exfiltrate NTLM Hash - Windows ✅
A Rubber Ducky payload to exfiltrate NTLM hash files from a Windows machine onto the SD card.
## Description
This payload script captures and <strong>exfiltrates NTLM hash files</strong> from a Windows machine. It uses PowerShell commands to locate and save the SAM and SYSTEM files, which contain hashed user passwords, <strong><u>onto the Rubber Ducky's SD card</u></strong> for later extraction and analysis. Upon successful file extraction, <strong> the payload triggers a visual confirmation by <u>blinking the Caps Lock LED</u> </strong>
### Settings
- **Drive Label:** Set the target drive label for Rubber Ducky storage (default: `DUCKY`).
- **Number o:** Ensure the payload has the necessary permissions for registry access.
- **Extension Requirements:** This payload includes a passive Windows detection extension for compatibility.
## Credits
<h2 align="center"> Luu176 </h2>
<div align="center">
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/luu176">
<img src="https://avatars.githubusercontent.com/u/112649910?v=4" width="48" height="48" />
</a>
<br>GitHub
</td>
</tr>
</table>
</div>