Jump to content

Draxiom

Active Members
  • Posts

    63
  • Joined

  • Last visited

  • Days Won

    7

2 Followers

Recent Profile Visitors

1,304 profile views

Draxiom's Achievements

Newbie

Newbie (1/14)

  1. Draxiom

    How to hak?

    Also, if it doesn't start right away, you can blow (on) it:
  2. Have you tried this payload? The main function is swapping out payloads and no zips are necessary. Also, I did incorporate GitBunnyGit, because I wrote that payload too... thanks for the plug ;). Using php and ajax calls, BrowserBunny copies each payload from the library folder, to the available switch directory. So the first step clones the repository on the bunny so all payloads are stored locally. The second step uses a command like: exec("cp -r /root/udisk/payloads/library/BunnyTap/* /root/udisk/payloads/switch2/."); Isn't that what you are describing?
  3. Are you messing with me? Cause that is the other only functionality of this payload. The console will git clone directly to the device, and the payloads page helps you swap out the payloads from the git repository.
  4. Yes the web server is hosted on the bb and is on port 80. Not sure if a 3 way usb port would route the traffic though. LMK if you get that working.
  5. No worries. I thought I was missing something from your explanation. The web server is hosted on the bb, and requires you to share the internet connection with the host computer. You won't be able to access the site from any other devices, because they are not also sharing their internet (no route to that ip address). As for the commands section, the web server is already running as root, so it has full privs to do anything. I am actually a php dev by day, and that was the quickest way (for me) to get this project done. In php there is an exec() function an I am essentially just passing raw strings (from the user) to that function, to execute commands. However, a future enhancement that I want to make, would be to incorporate a full terminal emulator like GateOne, to have the full set of commands and features in the browser. For now, it is just simple commands sent to exec() and the response parroted back to the browser.
  6. I am confused. That is exactly what my payload does. The web GUI runs on the bb and you can swap out payloads or run commands. How is different from what you want to make?
  7. Interesting. The web server I set up, should be able to run on arming mode, but you only get an ip if you share the internet with a host computer. Perhaps one could pipe the webpages through serial to lynx on the host.
  8. Yea. Hacking runs in the family.
  9. Thanks @Dave-ee Jones. I agree that it would be best if you could run this payload from any computer, and not have to have internet sharing set up. However, I don't see a way of making it work in arming mode :/ Any suggestions? If you are in arming mode, you could probably just swap out payloads with the standard file browser, the normal way. It does indeed work by copying payloads out of the library folder. I use git to clone the payloads directly to the mass storage, and then simple cp commands to move them to the available switch directory.
  10. I am working on a new payload that will act as a web gui for standard BashBunny functions. The idea is that you keep this payload in one switch folder, and run it from a non-target. The BB will spin up a php server, and serve a local website at http://172.16.64.1 With the gui up, you can execute daisy chained shell commands in the 'console', or quickly swap out payloads found in the git repo, to the other switch folder. The repository url can easily be swapped out for your own fork, so you can quickly pull down changes, and make debugging payloads easier. Check out the repository and tell me what you think. To do (I might submit the pull request before these tasks are done, and make them a future enhancement): Write help page (or leave it as is) integrate existing terminal emulator in place of custom 'console' https://github.com/mathew-fleisch/bashbunny-payloads/tree/master/payloads/library/BrowserBunny
  11. @b0N3z, what should the default dns be on the mac? I'm running pi-hole at home and I think it is conflicting with whatever the dns is supposed to be.
  12. Considering you couldn't figure out how to attach a screenshot to this thread, I have little faith in your ability to use the device for anything other than a toy.
×
×
  • Create New...