usbrubberducky-payloads/payloads/library/credentials/SamDumpDucky/README.md

966 B

Title: SamDumpDucky

Author: 0i41E
OS: Windows
Version: 2.0

What is SamDumpDucky?

SamDumpDucky dumps the users sam and system hive and exfiltrate them onto the Ducky.
Afterwards you can use a tool like pypykatz to extract the users hashes.

Instruction:

  1. Change the language within the extension "Windows_Elevated_Execution" to your model, default was set to german.

  2. Compile the payload using PayloadStudio and place it onto your Ducky.

  3. Plug in your RubberDucky and wait for the process to end, this may take a while due to the Duckys slow transfer speed.

  4. Use a tool like samdump2 or pypykatz on your machine to extract the users hashes.

    samdump2 DuckySys DuckySam or pypykatz registry DuckySys --sam DuckySam

    !Disclaimer! samdump2 has proven to be unreliable in the recent past.

alt text