Path: blob/master/payloads/library/credentials/WindowsLicenseKeyExfiltration/readme.md
2968 views
Title: WindowsLicenseKeyExfiltration
Author: 0i41E
OS: Windows
Version: 1.0
What is WindowsLicenseKeyExfiltration?
This payload exfiltrates the Windows Product keys from the target system. These can be saved in the registry and/or on the BIOS itself. Sometimes they can differ.
This may be an important process for Admins or for your private use.
Instructions:
By default, the keys will get exfiltrated via Keystroke Reflection, which may take a while but does not require any form of internet connection or mass stoarge to be allowed. If you set
REMOTE_EXFILin line 132 toTRUE, then you'll need to define the address of the receiving remote host, this either can be an URL of a webhook or an IP_Address of a system of your choice. Define it in line 134.Plug in your RubberDucky into a Windows target and wait for the process to end.
*If plugged into a non Windows system, ATTACKMODE STORAGE will be triggered. This way you can collect the loot savely.
Open the exfiltrated loot.bin file to access the recovered key, or check your remote host for received messages.