hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
usbrubberducky-payloads/payloads/library/credentials/SamDumpDucky
History
0i41E 40f7f072ea
Changed Username 		2024-05-28 19:25:26 +02:00
..
README.md Changed Username 2024-05-28 19:25:26 +02:00
payload.txt Changed Username 2024-05-28 19:25:26 +02:00

README.md

Title: SamDumpDucky

Author: 0i41E
OS: Windows
Version: 2.0

What is SamDumpDucky?

SamDumpDucky dumps the users sam and system hive and exfiltrate them onto the Ducky.
Afterwards you can use a tool like pypykatz to extract the users hashes.

Instruction:

  1. Change the language within the extension "Windows_Elevated_Execution" to your model, default was set to german.

  2. Compile the payload using PayloadStudio and place it onto your Ducky.

  3. Plug in your RubberDucky and wait for the process to end, this may take a while due to the Duckys slow transfer speed.

  4. Use a tool like samdump2 or pypykatz on your machine to extract the users hashes.

    samdump2 DuckySys DuckySam or pypykatz registry DuckySys --sam DuckySam

    !Disclaimer! samdump2 has proven to be unreliable in the recent past.

alt text