Tip from hak5peaks
parent
7aed09beb7
commit
821255659e
|
@ -35,7 +35,7 @@ To obtain all active process PIDs the tasklist command is used, which provides t
|
|||
1. Download ProcDump\[5].
|
||||
2. Move the extracted ProcDump folder or directly the executable, as you prefer, inside Rubber Ducky's memory.
|
||||
3. Then you have to change the variable `$WHAT_EXE_DO_YOU_WANT_TO_USE` if you want to use an executable other than `procdump64a.exe`, i.e. `procdump.exe` and, in this case, you have to change the variable to `procdump`.
|
||||
4. When you put the executable(s) inside the Rubber Ducky memory you must indicate the path where is stored, i.e. if the executable is inside the path `F:\ProcDump\Procdump\procdump.exe` you must change the variable `$PATH_TO_EXE` into `\ProcDump\Procdump\` mean while if it is insie the path `F:\somethingelse\procdump.exe` you must change this varaible into `\somethingelse\`.
|
||||
4. When you put the executable(s) inside the Rubber Ducky memory you must indicate the path where is stored, i.e. if the executable is inside the path `F:\ProcDump\Procdump\procdump.exe` you must change the variable `$PATH_TO_EXE` into `\ProcDump\Procdump\` mean while if it is inside the path `F:\somethingelse\procdump.exe` you must change this variable into `\somethingelse\`.
|
||||
|
||||
## Read More
|
||||
|
||||
|
|
|
@ -19,6 +19,9 @@ DEFINE $WHAT_EXE_DO_YOU_WANT_TO_USE procdump64a
|
|||
REM Path to the EXE file stored in the usb, i.e. if 'F:\ProcDump\Procdump\procdump.exe' you must use '\ProcDump\Procdump\'
|
||||
DEFINE $PATH_TO_EXE \ProcDump\Procdump\
|
||||
|
||||
REM Driver Label of your RubberDucky - Default: DUCKY
|
||||
DEFINE #DUCKY_DRIVE_LABEL DUCKY
|
||||
|
||||
|
||||
EXTENSION DETECT_READY
|
||||
REM VERSION 1.1
|
||||
|
@ -56,7 +59,7 @@ ENTER
|
|||
DELAY 2000
|
||||
|
||||
STRINGLN_POWERSHELL
|
||||
$m=(Get-Volume -FileSystemLabel 'DUCKY').DriveLetter;
|
||||
$m=(Get-Volume -FileSystemLabel '#DUCKY_DRIVE_LABEL').DriveLetter;
|
||||
$m+=":";
|
||||
cd "$m\\";
|
||||
$a=tasklist /FI "Status eq Running" /FO LIST;
|
||||
|
|
Loading…
Reference in New Issue