hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
usbrubberducky-payloads/payloads/library/credentials/WindowsLicenseKeyExfiltration
History
0i41E 40f7f072ea
Changed Username 		2024-05-28 19:25:26 +02:00
..
WindowsLicenseKeyExfiltration.txt Changed Username 2024-05-28 19:25:26 +02:00
readme.md Changed Username 2024-05-28 19:25:26 +02:00

readme.md

Title: WindowsLicenseKeyExfiltration

Author: 0i41E
OS: Windows
Version: 1.0

What is WindowsLicenseKeyExfiltration?

This payload exfiltrates the Windows Product keys from the target system. These can be saved in the registry and/or on the BIOS itself. Sometimes they can differ.

This may be an important process for Admins or for your private use.

Instructions:

  1. By default, the keys will get exfiltrated via Keystroke Reflection, which may take a while but does not require any form of internet connection or mass stoarge to be allowed. If you set REMOTE_EXFIL in line 132 to TRUE, then you'll need to define the address of the receiving remote host, this either can be an URL of a webhook or an IP_Address of a system of your choice. Define it in line 134.

  2. Plug in your RubberDucky into a Windows target and wait for the process to end.

*If plugged into a non Windows system, ATTACKMODE STORAGE will be triggered. This way you can collect the loot savely.

  1. Open the exfiltrated loot.bin file to access the recovered key, or check your remote host for received messages.