Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Spoiled_Kitten

Bat file move location

Recommended Posts

5 minutes ago, Spoiled_Kitten said:

ok so i they have it where you can use a physical device, then when u login it downloads your account to the device, once that is done u are in, it uploads what u do to the server as well, when u log out your files are still there (to try and make it quicker to access your account)

Okay, so I see the trick here. Say to your It manger "hey my googlz isnt working!!!1/1?1!1" and have him log in if possible, or try and figure out a machine that he logged on to. Complete said exploit, and copy his files. Pwned. Depending on what software they use once you have his creds from looking at his user folder (could be stored really anywhere user folder is a small subset of data stored on windows), you can simply determine how to log into the server and go crazy. Do whatever, make everyones account admin or something. You just have to be real careful covering your tracks, I trust you aren't an idiot in that department.


@BlueScope819 so I can see your post

#MuricaParrotGang

"My name is Legion 'Murica Parrot Gang, for we are many."

Link to post
Share on other sites
9 minutes ago, Spoiled_Kitten said:

ok so i they have it where you can use a physical device, then when u login it downloads your account to the device, once that is done u are in, it uploads what u do to the server as well, when u log out your files are still there (to try and make it quicker to access your account)

Oh also if they are using desktops you can get a USB keylogger to stick in between his keyboard and computer (hard to notice unless you are looking at the back of the machine) and you download the results via wifi. He probably logs into the server daily or whatever to check so you can get the creds that way as well and he won't know the entrypoint.


@BlueScope819 so I can see your post

#MuricaParrotGang

"My name is Legion 'Murica Parrot Gang, for we are many."

Link to post
Share on other sites
Posted · Original PosterOP
3 minutes ago, BlueScope819 said:

Okay, so I see the trick here. Say to your It manger "hey my googlz isnt working!!!1/1?1!1" and have him log in if possible, or try and figure out a machine that he logged on to. Complete said exploit, and copy his files. Pwned. Depending on what software they use once you have his creds from looking at his user folder (could be stored really anywhere user folder is a small subset of data stored on windows), you can simply determine how to log into the server and go crazy. Do whatever, make everyones account admin or something. You just have to be real careful covering your tracks, I trust you aren't an idiot in that department.

Yeah i can have a look into it, its kinda hard though, they usually don't but i may be able to get them to, will be hard, maybe make software that copies it all automatically, then have a USB, sneak in one time and plug it in?(really unlikely lol) anbd yeah i know about covering tracks, My old method was to nuke the systems,

1 minute ago, BlueScope819 said:

Oh also if they are using desktops you can get a USB keylogger to stick in between his keyboard and computer (hard to notice unless you are looking at the back of the machine) and you download the results via wifi. He probably logs into the server daily or whatever to check so you can get the creds that way as well and he won't know the entrypoint.

They have an IT department which they log into to manage, maybe if i could find a small logger (no clue where to get one) i could use it to log there inputs. would be hard as we have no devices out unless using for class rule (stupid).


Scarlett has arrived!!

Just your local tech geek!

Love to help!

Link to post
Share on other sites
8 minutes ago, Spoiled_Kitten said:

Yeah i can have a look into it, its kinda hard though, they usually don't but i may be able to get them to, will be hard, maybe make software that copies it all automatically, then have a USB, sneak in one time and plug it in?(really unlikely lol) anbd yeah i know about covering tracks, My old method was to nuke the systems,

They have an IT department which they log into to manage, maybe if i could find a small logger (no clue where to get one) i could use it to log there inputs. would be hard as we have no devices out unless using for class rule (stupid).

https://maltronics.com/collections/wifi-keyloggers

It looks like a mouse dongle, it plugs in in between the keyboard and computer. You need about 5 seconds to plug it in, just make sure to do the configuration before hand. If all of the things are saved to a server that may be difficult, really your only way to get the creds is something similar to that. It does not have to be that exact model. Another thing you can do is if there is a print station where a whole bunch of people log on just to print something you can stick it in there and get their account creds no problem.


@BlueScope819 so I can see your post

#MuricaParrotGang

"My name is Legion 'Murica Parrot Gang, for we are many."

Link to post
Share on other sites
Posted · Original PosterOP
1 minute ago, BlueScope819 said:

https://maltronics.com/collections/wifi-keyloggers

It looks like a mouse dongle, it plugs in in between the keyboard and computer. You need about 5 seconds to plug it in, just make sure to do the configuration before hand. If all of the things are saved to a server that may be difficult, really your only way to get the creds is something similar to that. It does not have to be that exact model. Another thing you can do is if there is a print station where a whole bunch of people log on just to print something you can stick it in there and get their account creds no problem.

Touch pad keyboard for print stations... and what do u mean by configurated before hand? like have it so that it is it automatically uploads to the web? also they usually close the door so may be hard, will have to look into it. I could try and get a teachers account(they have some perms) but i want to it persons


Scarlett has arrived!!

Just your local tech geek!

Love to help!

Link to post
Share on other sites
6 minutes ago, Spoiled_Kitten said:

Touch pad keyboard for print stations... and what do u mean by configurated before hand? like have it so that it is it automatically uploads to the web? also they usually close the door so may be hard, will have to look into it. I could try and get a teachers account(they have some perms) but i want to it persons

By preconfigured what I mean is it puts out a wifi network that you connect to and then connect to the device from there. (Like you connect to your router with 192.168.1.1). That's how you extract the logged keys from it. You need to set it up so that the wifi network isn't called "usb keylogger" for example. What do you mean by touch pad keyboards? As long as it interfaces via USB you can stick a keylogger in between it and the tower to get creds, that's just a fun thing to do. The primary thing would be to stick it between the keyboard and tower in IT, but that requires some slight of hand and may not be possible. If you just want to have fun you can plug them in at the most popular print station and log into others accounts normally like you usually would on the computers, and steal their files.


@BlueScope819 so I can see your post

#MuricaParrotGang

"My name is Legion 'Murica Parrot Gang, for we are many."

Link to post
Share on other sites
Posted · Original PosterOP
5 minutes ago, BlueScope819 said:

By preconfigured what I mean is it puts out a wifi network that you connect to and then connect to the device from there. (Like you connect to your router with 192.168.1.1). That's how you extract the logged keys from it. You need to set it up so that the wifi network isn't called "usb keylogger" for example. What do you mean by touch pad keyboards? As long as it interfaces via USB you can stick a keylogger in between it and the tower to get creds, that's just a fun thing to do. The primary thing would be to stick it between the keyboard and tower in IT, but that requires some slight of hand and may not be possible. If you just want to have fun you can plug them in at the most popular print station and log into others accounts normally like you usually would on the computers, and steal their files.

That would be fun, But i mean that its one of those ones that has a touch screen display, where to print u have to use the touch screen (built in) but another way is to use my library, they are used quite often so would be good.


Scarlett has arrived!!

Just your local tech geek!

Love to help!

Link to post
Share on other sites
4 minutes ago, Spoiled_Kitten said:

That would be fun, But i mean that its one of those ones that has a touch screen display, where to print u have to use the touch screen (built in) but another way is to use my library, they are used quite often so would be good.

Ah, I see what you mean. Yeah, your only option is to really just get localadmin on a machine to grab files off of it, unless you have a lot of time on site (which as you said you don't) you won't really be able to explore options to compromise the central server. Best bet is to get a keylogger into the sysadmins computer, if you can manage it.


@BlueScope819 so I can see your post

#MuricaParrotGang

"My name is Legion 'Murica Parrot Gang, for we are many."

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Newegg

×