Leaderboard
Popular Content
Showing content with the highest reputation since 02/19/2024 in all areas
-
Hello I am in dire need of help. For the pastyear I have been tormented by an ex roommate/ partners x partner. I just want my digital life back. Trying to cram a years worth of events into one post will probably be challenging so forgive me if I don’t go to far into depth on some things. I really need help but seems in the past I was shuned away from people that have the knowledge to help with comments like “ that could happen but its highly unlikely someone you know has the knowledge to do those things. So I’ve just been kinda taking the punches and didn’t even try to get help. January 5th made it a year and I just want it to stop. I can’t own a digital device that uses any protocols without it getting ruined. I have been through 23 android phones 5 computers 2 tvs 2 hotspots and 2 Tmobile internet services that I had to disconnect. I’ve lost all digital data I had . The most important are pictures of my kids that I’ll never see again. I really I can get a few suggestions for a solution to this problem I’m facing so I’m gonna attempt to explain to the best of my ability what’s been going on although even a year later I feel like I’m 50 steps behind him and I’m up against an internet god. I met my partner 2 years ago and shortly later moved in to his house. He had an ex that was still staying at the house ( need this included for motive) in a different room. Me and the ex got along good I thought. I’ve always had an interest for learning computers and android but hadn’t even made it to learning the command line yet. He seemed to know quite a bit about computers and said he was a gamer back in the day so he had to learn networking so he could setup his console to compete online. At the time I was thinking “that’s badass!!” Maybe he can teach me a thing or two. So conversations usually revolved around the topic of computers but would always be short with him usually changing the subject. He never let off that he knew anymore then basic networking. I knew nothing about networking at the time and am most likely more confused today so I took him at his word and didn’t think much of it for the next year. About 4 months had passed and I decided I needed internet so I called the cable company and they came out and installed internet. From day one I started having issues and knowing what I know today there’s no doubt he was behind it. Being right next door was a perfect place to do what ever he wanted. Seems I was on the phone more than online for the next month. I was so furious at the internet company and was blaming the installer for hacking my router. I don’t wanna go in depth about that situation because at the time I was oblivious to living next door to a hacker for a year without knowing so I’ll fast forward to when I found out. Actually shortly before when I purchased my first computer since I’d been here. The computer was just a cheap hp elite mini desktop. I had recently gotten Tmobile internet and felt I needed a computer so I got a cheap one. So I was surfing the web and I noticed a hidden network in the Wi-Fi that just seemed to appear one day at this point about 10 months in to living here my suspicions are growing that he might be doing something with my network but had no idea of his capabilities till one day I get off work and my router has been reset. I know the only way to do that is press the button so I knew dude reset it cause he was the only one here. At this point my I’m growing more suspicious by the moment. I go to sign into my Tmobile account and once I sign in I’m instantly booted out. Not realizing that he sent a phishing page to my phone I just shrugged it off that night. I turned my router off and went to sleep. Next morningi woke up bright and early and called Tmobile the roommate was still sleeping. I informed the agent of my issue and she reset my router from her end. Well as soon as she did and my router came on. I noticed on my Wi-Fi app that where the hidden network was before the reset stood his 3 devices one even said his name and his phone so there was no doubt he hacked onto my router and made a different network and He’s caught. I figured that was the end of him messing with my internet but it was actually just the beginning. That day was January 5th 2023. His devices sat in my router for a short period and I suddenly heard scurrying in his room and they disappeared. I confronted him with my findings by way of a screenshot. He tried to deny it saying he plugged a usb in and was suddenly on my internet but it was bullcrap and at this point I think I’m dealing with someone that took advantage of me being at work. It wasn’t till later that night when my computer starts going hay wire I didn’t realize it at the time but now I know he installed a back door and gained root permissions through audits then gained remote access and I was oblivious. He got my Microsoft account password by making me stumble over my typing. I thought for sure I’d be locked out of my account but he never changed the password. It was like he was saying you know it’s me but you don’t know what I’m capable of. I never really got to use that computer again after that day. Every time I got on it was something else wrong. Then something was said in the kitchen to piss him off and that night he showed me beyond a doubt that he was a real hacker. But at the same time he would never admit it. That night he started messing with my cellphone. Just making it not load and just stopping me from anything I wanted to do so I thought I need a firewall. Once installed I realized my problems were far from over. I had heard of A DDOS attack but only in companies he started flooding me with hundreds of different up addresses at once. It was that time that I knew I was out of my league. I got so furious I threw my cellphone cracking my Motorola Moto powers screen. It was the first device of many to reach that fate. I still had my Motorola one but it seems he was controlling the cellphone too. He had full control over my phone. And it made me feel very vulnerable. At this point I knew he didn’t tell me about his all his computer knowledge. Then I thought of how when someone brags about being a hacker they are usually just running other hackers scripts but you will never know true hacker. That makes me worried that I have a hacker targeting me not a beginner. He proved his knowledge online and launched me into a part of android I never knew existed. After much research and virtual a#% kickings I piece together he has taken control of my phone by replacing the recovery image with an image of one he has configured making use of ASOP And project treble. Once his image is installed he installs his version of google play services with his ridiculous permissions and I have lost total control of my phone reguargless of what I’d do. He could turn my mic on he could turn the camera on or what ever he wanted and I couldn’t do anything to stop him. I took me months just to figure out what I just explained. Frustrations is an understatement !! I’d throw the phone smashing the screen to pieces with a sigh of relief I broke it so I could get a new one and start over but he was always right there no mater what I done to avoid it. Then I started realizing he was hijacking’s the SIM card and putting himself as the service provider. It got where I’d pay for a month of service and 2 weeks later he would turn my service off I can’t call support because he disconnects us in mid conversation. Can’t go online for help because he has my network configurations to go through his DNS. He gained higher authority over my devices then I can somehow and can make options greyed out. This post is getting a bit long so imma speed it up. Today he has control of my network traffic on my iPhone . He is able to control the iPhone but not to the extent he could the android or maybe he just hadn’t yet. He made my real SIM card unreadable. It’s like he wants to control my network traffic more than anything. As well as have a reliable access to a mic. He destroys windows fast. It usually takes 3 days and he has full access of Microsoft so I have been using a lot of Linux live bootable usb to try to learn a way to stop him but it seems I’m always 20 steps behind him. In Linux he does things I never knew was possible. I disconnected all internet interfaces and Bluetooth or so I thought. It seems his newest shenanigans are doing something I don’t even understand with my cpu. I think with flags but could be wrong. I can upload a log on the cpu. Chances are a person will never be targeted by a real hacker. But it’s my luck I am. The odds are slim but it has happened. He has been ruining every os I manage to download mainly because he can’t see all my traffic. Please help. Is this guy unstoppable and I’ll have to endure this till he decides to stop? I’m sorry this post is so long. The hacker is asleep so hopefully this gets out to someone who can help . Not proofreading due to time restraints with his sleep. No way will this get out if he’s awake.1 point
-
I guess you have to investigate what capabilities your phone has. Obviously the Bunny is capable of doing this (since my tests are successful), and if it's not working, it's logic to assume that any limitations are on the "phone side". I've successfully recreated this on 3 different Android devices now.1 point
-
I temporarily switched over to the Key Croc since it makes it easier to develop/test payloads instead of blindly run things using the Bunny with the help of LEDs, log files, etc. Got it to work in the Croc and then went back to the Bunny (used a Mk1 Bunny, but that won't make any difference compared to using a Mk2 one). This is the payload I used. The payload can for sure be a bit more "pretty" (while loop to wait for target IP address, etc.) but it works for a PoC scenario. Getting the target IP can instead be made in the more "usual" way (i.e. using GET TARGET_IP) ATTACKMODE ECM_ETHERNET sleep 5 TARGET_IP=$(cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq) /usr/bin/adb tcpip 5555 sleep 1 /usr/bin/adb connect ${TARGET_IP} LED FINISH1 point
-
Using ATTACKMODE this way will kill the network on the Bunny straight away and it will just work as a HID device for the rest of the payload. If you want HID (keyboard) and network at the same time, you need to specify it on the same line, such as: ATTACKMODE HID ECM_ETHERNET From the docs: "ATTACKMODE is a DuckyScript command which specifies which devices to emulate. The ATTACKMODE command may be issued multiple times within a given payload. For example, a payload may begin by emulating Ethernet, then switch to emulating a keyboard and serial later based on a number of conditions." https://docs.hak5.org/bash-bunny/writing-payloads/attackmode I would really advise you to read the documentation instead of blindly executing commands. It will save you time. Not sure what you want ENTER to do here. It's not a DuckyScript command and it's not Bash.1 point
-
I'm asking because I need to get an understanding of what you want to happen when running the payload. I can't see that the while loop would work in any way, partly because the payload code is executed on the Bunny. In this case the Bunny would wait for the Bunny (unless there's some storage device on the Android device that is labelled "BASHBUNNY" that is automatically mounted to the Bunny in some way). Another thing stopping such a scenario to even happen is that the Bunny is just running as a HID device based on the ATTACKMODE used. There is no storage functionality involved. But, I can't see that happen despite using the storage mode for the Bunny. To get that idea to work, the device to which the Bunny is connected has to identify itself to the Bunny in some way for the Bunny to know that it's ready for input. Payloads should be named payload.txt specifically, nothing else (as per the documentation). https://docs.hak5.org/bash-bunny/writing-payloads/payload-development-basics1 point