Jump to content

Mega Thread: Bash Bunny Future Ideas


Mohamed A. Baset

Recommended Posts

HI Guys, 

This topic is not about a problem in bash bunny or something more than discussing future ideas to make the bash bunny more malicious.

1. What about installing Metasploit framework on the bunny and automatically launch it with aux/browser_autopwn with a proper payload and combining this scenario with captive_portal bunny payload, plug the bunny to a locked machine, the machine automatically launch the captive_portal which in fact is the browser_autopwn aux module link and take over the machine and the best part is "MACHINE IS LOCKED"!

2. If time is not relevant because this requires time, then we can NMAP the $Target_IP, Get all the opened ports, Pass it to metasploit for auto pwning per service/opened port. 

Just an ideas, Let me hear yours and Happy Bash Bunning....

Edited by Mohamed A. Baset
refreshing the thread
Link to comment
Share on other sites

Another idea would be evilgrade - although Im not sure if this would be too obvious to the user if you plugged this in and update messages started to appear. But would perhaps be more effective once the bashbunny is combined to the wifi pineapple.

https://github.com/infobyte/evilgrade

Link to comment
Share on other sites

4 minutes ago, Just_a_User said:

Another idea would be evilgrade - although Im not sure if this would be too obvious to the user if you plugged this in and update messages started to appear. But would perhaps be more effective once the bashbunny is combined to the wifi pineapple.

https://github.com/infobyte/evilgrade

Interesting!
If captive portals fires automatically in the background on a locked machine then there will be unlimited forms of exploitation, I just want to be sure

Link to comment
Share on other sites

Okay, as per @Sebkinne's clarification that the captive portals won't be able to open the web browser automatically while the machine is locked, What about combining both Samy Kamkar's PoisonTab and metasploit aux/browser_autopwn script (if the Bash Bunny will be able to hold metasploit run and steady) or running pre-plugging it in (the idea of the battery + bash bunny) to exploit the opened browser in the background which of course doing some ajaxed requests or any background activity (the idea of PoisonTab)?!!  :D

Link to comment
Share on other sites

1 hour ago, Mohamed A. Baset said:

Okay, as per @Sebkinne's clarification that the captive portals won't be able to open the web browser automatically while the machine is locked, What about combining both Samy Kamkar's PoisonTab and metasploit aux/browser_autopwn script (if the Bash Bunny will be able to hold metasploit run and steady) or running pre-plugging it in (the idea of the battery + bash bunny) to exploit the opened browser in the background which of course doing some ajaxed requests or any background activity (the idea of PoisonTab)?!!  :D

I should clarify again, sorry. The portal most likely pops up, but you cannot interact with it. You could execute Javascript, download a file, etc, but no other interaction. 

I thought the question was if it popped up visibly when locked. This also depends on OS. 

Link to comment
Share on other sites

11 hours ago, Sebkinne said:

I should clarify again, sorry. The portal most likely pops up, but you cannot interact with it. You could execute Javascript, download a file, etc, but no other interaction. 

I thought the question was if it popped up visibly when locked. This also depends on OS. 

Of course i know that captive portals won't show or popup on top of the lock screen :D but since it pops up in the background and the executed page is controlled by the Bash Bunny attacker then the first scenario mentioned in the original post is possible on one condition (if the bash bunny will be able to run Metasploit) then our captive portal url will be the final url of aux/browser_autopwn metasploit module which will exploit the machine's browser (default if found old) silently.

What do you think?

Link to comment
Share on other sites

UPDATE: Future Bash Bunny 2.0 and Remote bluetooth controller, Plug it into a locked victim machine, once come back, in a glimpse send a command to act as a duck to implant reverse shell or add admin user, send another command to act as unknown device. Boom done.

Many ideas here for sure!

Wish you guys be more creative than me :D

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...