Hi,
I worked on both the duckhunter.py and kayseed.py files to be able to:
- Validate UAC prompt without be locale-dependant (because for my tests, I have an English Windows 7, keyboard layout French): this is achieved by hitting 'left' and pressing 'enter' when the UAC prompt is displayed.
- Use the keyseed.py file in duckhunter.py. This allows:
- to be locale dependant when launching a CMD (only the keyword WIN7CMD and WINCMD has been corrected, because I could not validate by testing the WIN8CMD)
- to leverage the keyseed file (and it dictionnaries) to retrieve the adeqaute command instead of crafting a new one (better readbility imho)
- Reduced a little the timing between each keystroke (to increase stealthiness)
- Create a new WIN7UAC command that allows to elevate a command typed directly after the 'windows' key is hit.
The latter allows such Ducky attack (stealthier than opening a cmd):
WINDOWS
DELAY 100
TEXT powershell "[admin-required powershell stuff]"
WIN7UAC
@binkybear : considering the latest developments on your nethunter 2.1 (awesome, but could not find where the 'module' folder is located), I am unsure how to send the file (PR in Github?)
duckhunter.zipkeyseed.zip