[FIX] Office Opens [FIX] #337
Comments
|
So here is a FIX for everyone i looked trough the internet and found this :(https://superuser.com/questions/1455857/how-to-disable-office-key-keyboard-shortcut-opening-office-app) when you paste the command "REG ADD HKCU\Software\Classes\ms-officeapp\Shell\Open\Command /t REG_SZ /d rundll32" in the admin command prompt the Hotkey for office isnt working any more 😄 |
|
@DonaldDucker34 How do you go about automating this using ducky script? |
|
that is the 'problem' i cant connect to a pc without entering the firestage1 command that means i cant send ducky scripts to a pc |
|
but i dont know if you could edit the firestage1 command that it first enters the cmd string and then connects the idea is not that bad |
|
Is it an issue with p4wnP1 and the image? Anyone using the ALOA image
getting the issue?
…On Tue, 21 Apr 2020, 23:54 Lasse.B, ***@***.***> wrote:
but i dont know if you could edit the firestage1 command that it first
enters the cmd string and then connects the idea is not that bad
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#337 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APJDV452GACBIT4MASLJQZ3RNYP3BANCNFSM4MLPZ54Q>
.
|
|
Trying to think of a way to stick it on my duckberry without any interaction with the pc itself |
|
so i didnt knew what a Duckyberry is but now i do. The duckberry is an bad usb and a rubber ducky then the Duckberry should use the .duck format i think you should look at the .duck scripts from P4wnP1 and make your own for the Duckberry |
|
I made my own but no luck. I'm not getting office open now. Just using
default I'm getting the notepad launch and then file explorer opens up
around 6 times
…On Fri, 24 Apr 2020, 12:36 Lasse.B, ***@***.***> wrote:
so i didnt knew what a Duckyberry is but now i do. The duckberry is an bad
usb and a rubber ducky then the Duckberry should use the .duck format i
think you should look at the .duck scripts from P4wnP1 and make your own
for the Duckberry
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#337 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APJDV43EBWLJMKGRCB4C7FTROF2VRANCNFSM4MLPZ54Q>
.
|
|
could you show me that script i think its very interesting to look at something like that |
|
It's just the default one in p4wnp1 located here :
https://github.com/RoganDawes/P4wnP1/blob/master/payloads/hid_keyboard.txt
…On Sat, 25 Apr 2020 at 23:11, Lasse.B ***@***.***> wrote:
could you show me that script i think its very interesting to look at
something like that
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#337 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APJDV47LF2M3W6Z7TWGW55TRONN2BANCNFSM4MLPZ54Q>
.
|
|
if you look in the bottom area of the script it tells the pc to type notepad.exe but why explorer opens is unknown |
|
is the keyboard language equal to your keyboard language? Its a really common issue |
|
Yeah,
That is why I am confused
…On Sun, 26 Apr 2020 at 11:33, Lasse.B ***@***.***> wrote:
is the keyboard language equal to your keyboard language? Its a really
common issue
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#337 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APJDV424XF5QELQPBSGACT3ROQEWNANCNFSM4MLPZ54Q>
.
|
|
this is getting really interesting i will look trough Pwnpi and search for a fix :) |
is it really the exact same? i had a look at the script an nothing seemed wrong it just types win+r to open the execute window and then it types notepad.exe to open the editor last it types "Keyboard is running" but where does it open the explorer? i did a bit research and found that the explorer is opened by the key combination Win+E (GUI e) so i think we should search a bit more 😄 |
|
and what did you actually type to start the script? |
|
Nothing, the moment I plug the USB in, it would run
…On Sun, 26 Apr 2020 at 17:21, Lasse.B ***@***.***> wrote:
and what did you actually type to start the script?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#337 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APJDV43RUPANWFN3WGMD4CDRORNP7ANCNFSM4MLPZ54Q>
.
|
|
did you selected the right payload in the setup.cfg? (cd P4wnP1 then nano setup.cfg and on the bottom there are the payloads) |
|
Yeah, unhashed the hid_keyboard.txt
…On Sun, 26 Apr 2020 at 19:20, Lasse.B ***@***.***> wrote:
did you selected the right payload in the setup.cfg? (cd P4wnP1 then nano
setup.cfg and on the bottom there are the payloads)
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#337 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APJDV45QCI7OYMUFO556XJTROR3QHANCNFSM4MLPZ54Q>
.
|
to this older comment: i think it would be cool if i wrote a script and then i could execute it but i cant execute ducky scripts without connection to a PC but i also cant connect to a PC without the cmd string then i thought about an autorun.inf on a smaller usb stick (2-4gb) but since win10 you cant or windows wont execute autorun.inf because its an security leak. Would it be possible that the rpi runs the ducky script on rpi startup then pwnpi uses its HID capability and sends the cmd string without the remote shell even activated that means i cant enter things in the remote shell but theoretically it should disable the office hotkey and then i could enter FireStage1 to connect to the rpi and get an reverse shell |
when i enter firestage 1 on my pc office opens. So i thought why dont edit the firestage1 command but i dont know how or is there an fix?
The text was updated successfully, but these errors were encountered: