Dave-ee Jones

Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


About Dave-ee Jones

  • Rank
    (the one without a locker)

Profile Information

  • Gender

Recent Profile Visitors

438 profile views
  1. Ah, my bad :) I've always used "..\..\" to go back multiple directories :P Makes more sense, but the way you use could definitely be easier if you have to go back like 4-5 times..
  2. You say the most inappropriate things... I have a Pi at home running a weather station - however it is mainly used to check the Earth's magnetic field (looking for auroras). Using it as a Kodi box is also an obvious choice :P Cheaper than buying an AppleTV or Boxee (although Boxee is the next choice).
  3. Can't say I agree with the first bit, but the second bit is basically spot on. Same with third bit really...
  4. It's true it gets in the way, having to safely eject. However, you can get away with not safely ejecting it once/twice before you have to scan the Bunny (it'll pop up saying "Hey, scan the Bunny, it looks corrupted") and safely eject it after that. Not exactly recommended but I haven't had problems doing that. In terms of payloads, if it is a Powershell payload you can make a self-ejecting Powershell script/code to be run at the end of your Powershell script. I have it in my Powershell scripts in my 'Slydoor' payload (in my signature). You're welcome to have a look (they are commented scripts). Hopefully that helps you out a bit. :)
  5. So characters '\' and '[' are turning into 'i' and '{' respectively? *chuckles* Reverse exclamation mark = i Hmm...Sounds like a language issue. What's the language set to on your PC and whats the language set to on your Bunny?
  6. For a modular pentesting environment you can buy a Pi/Pi Zero which are really cheap, tiny computers on a circuitboard and they allow you to modulate your environment (you can hook up a screen to them and install Kali, Raspbian etc. - they do have desktop environments) and you can also connect LED boards, cameras, microphones etc. onto them. Bit of fun, but can get boring if you don't have a project to focus on. The cheapest way (and most efficient) is to install Kali on a VM. This allows you to delete the VM if you mess it up (can't just delete a PC..) or install a different OS and you can mess around as much as you want without hurting your actual PC. VMware Player will get you by just fine (I use it myself).
  7. When you upgrade to the latest version (1.3) and you download the latest Github repo of the Bunny payloads you will see that there is a 'languages' folder in your Bunny's USB storage. That folder SHOULD have a bunch of '.json' files in there with lots of 2-letter combinations. Using the 'config.txt' file next to this folder (in the same directory I mean) you can specify which of those files you want to use as the Bunny's language. E.g. DUCKY_LANG us Refers to the 'us.json' file in the languages folder.
  8. So I was recently looking into NFC and how cool it is to read/write to a tag to be able to use it to control your phone, clone a card (don't do dis - illegal) and other cool stuff and I thought about making a payload that installs an app on an Android (can use HID if you wanted to..) phone then runs the app in the background. What this app does is it waits to read an NFC tag which then executes a command. The command is stored on the NFC tag itself (so you install the app on the phone and come back later with your NFC tags to do all your fancy work). Works, basically, (dare I say it..) like a 'Powershell agent'. You could make like 10 different tags that can do different things on the phone. You only have to brush the tags near the phone for the phone to execute the commands. Commands could be: - Send an SMS to yourself (phone number is stored on NFC tag so it won't be stored on the phone itself) with phone data - Call someone (prank call but..you pranked the actual call itself) - Open a webpage and download a file - Download an app from the app store - Add a contact (dunno why..) - Execute a Linux command (requires rooted Android) - Enable hotspot with specified password (you could use their data..more of an annoyance than anything else - would need rooted device to change the password) - Enable Bluetooth/WiFi - Change the volume of the device (shoot it up, make it silent..) - Make it vibrate for the next 10 minutes (That would be hilarious) - Make it start randomly ringing - Add a huge number of alarms that go off every minute/hour - Enable hotspot and start a server so that you could join it and remotely manage files/apps/settings (includes starting an ADB server...oooooooo..) Possibilities are endless... Just an idea. Installing the app from the Bash Bunny onto the device is the tricky part.
  9. Was just about to say that. This is a question asked by EVERYONE who gets a Bash Bunny. Obviously the first place to check is the Bash Bunny forums :)
  10. You could use the Scheduled Jobs method with Powershell, however sometimes Admin is required. You can make JobTriggers to set off a Job. I used this method for when I created my own server-side Powershell scripts (things like backing up files, emailing backup reports etc.). The kind of job triggers you can do are: - On startup - On user logon (can also specify the user that is being waited on) - Specific time (including daily, weekly, hourly etc.) You can read more here: https://blogs.technet.microsoft.com/heyscriptingguy/2014/05/12/introduction-to-powershell-scheduled-jobs/
  11. #WayToBringADeadPostAliveAgain
  12. My Slydoor payload also has a similar .ps1 script however it does most of what you have there in far less lines. If I took away all the commenting, echos etc. it would be about 7 lines of grabbing info and writing it to the Bunny. It uses the Get-WmiObject method in Powershell. You can grab computer system data, disk drives and logical disk drives from it. E.g. Get-WmiObject -Class Win32_ComputerSystem | Out-File $BunnyLootFolder -Encoding ASCII Get-WmiObject -Class Win32_DiskDrive | Out-File $BunnyLootFolder -Append -Encoding ASCII Get-WmiObject -Class Win32_LogicalDisk | Out-File $BunnyLootFolder -Append -Encoding ASCII
  13. My guess is he flicked the switch while it was still in Arming mode (while still plugged in) and expected it to run the SMB_Exfiltrator payload. You need to safely eject the Bunny, pull it out of it's USB and then flick the switch to whatever you put the payload on and then plug it back in.
  14. My payload, Slydoor, was made to do this. You should check it out :) (It's in my signature).