TV-show demo payload

[Blix]

Hi,

I am new to this forum. Hello! Nice to meet you all!

I am planning a hacking demonstration on national TV in my country and I want to show the bashbunny and what it can do on a live show.

For this I need a demonstration payload which can be used to show what a hacker can do.

Starting points:

- assume windows laptop with recent and updated operating system

- assume the "'hack" should be carried out on a computer that is on but possibly locked (with user logged in)

- I have maybe 30 minutes in total, but this part should only take maximum three-fives minutes including showing the results of the hack and explaining what it means

- the audience is the general public without any detailed technical understanding

Ideas:

- can we make a demonstration payload that can showcase some hacks that will work most of the time?

- can this be a combination of payloads that results in e.g. Copies files, passwords, backdoor?

- for the hack only one or very few files need to be exfiltrated to demonstrate - not all files.

- ideally the demonstration should result in audience says "wow, that was incredible, can that really be done"?

Solution and ideas

- this is where I need you guys and gals. Any ideas?

/Blix

 

[RazerBlade]

Ehm... Why are you planning to do a hacking demonstration if you don't have know to make the payloads by yourself.

But I guess you should check out the github and try to combine multiple payloads. What country are you from BTW?

[Blix]

Dear RazorBlade, dear all,

Thank you for your warm welcome!

It is great that we have these forums so that we can exchange ideas and solve problems!

It is not a matter of "know how to make payloads" or not. I am sure all on this forum can create, modify and combine payloads. Nevertheless, surely some here may have more experience with the Hak5 products and may be able to suggest interesting and demonstrable payload combinations that actually will work most of the time.

I would be surprised if it was the only one in the world in need for a good demonstration payload - this can also be used for demonstrating to potential clients.

So let us work on this together. RazorBlade, show us what you have got! What is your idea and take on this?

[Dave-ee Jones]

Blix,

It may not be a good idea to make a public demonstration on TV of how the BashBunny works. 80% of the general public wouldn't even understand what the name of the USB means, let alone how to use it or how to program it. Also remember it is easily considered a 'hacking tool', so don't expect everyone to take it well.

Also, based on your first post, you are asking the forums to design your whole show for you, basically giving you the credit for 'our' work.

6 hours ago, Blix said:

It is not a matter of "know how to make payloads" or not. I am sure all on this forum can create, modify and combine payloads...

All except you it seems.

The forums are right here. There are many payloads posted, and quite a few on the GitHub for BashBunny (www.bashbunny.com is the place to go).

My suggestion would be is to work out the BashBunny for yourself, see how it works, program your own scripts and, if you HAVE to do a TV show, run it how you would want to see it run.

It would look pretty silly for someone to run a show about something that he has no idea about himself. If you were pulled over for an interview on the BashBunny what would you say? If they asked you to show them how you can write a payload or how you can utilise the Ducky script, how would you go about it? You couldn't, because you have no idea yourself.

So I wouldn't go about it that way.

[Blix]

Thank you for the insights you shared here above. You enumerate many important aspects to consider with any type of demonstration of tools that can be used both for good and for not so good purposes. I am still waiting to get my hands om the BB since it is in shipping, and I look forward to that. Apologies for a long post below, but my question above needs clarification:

WILL THIS SCRIPT WORK IN SITUATION X?

All scripts for the BB require specific circumstances for them to produce useful results on a given platform (e.g. android, OS X, windows, etc.). It would be extremely useful if we could help each other to clarify under what circumstances a certain script will "work" and produce the expected result.

I have seen some other posts elsewhere asking for or implying that this kind of information is needed:

- does this work on windows X Y Z?,

- will the user need to be logged in?,

- will this work on a machine that is locked?,

- this does not work on machines with certain keyboard layouts, etc.

It would be a waste of time if all users of the BB for themselves would have to go through e.g. the library and find out for themselves as there are hundreds of combinations of scripts and circumstances. So let us help each other with this in some good way. Any suggestions how this can be approached in general? Can BB-users be asked to contribute this kind of information to the scripts readme-files?
 

WHICH SCRIPTS WORK MOST OF THE TIME?

Furthermore, since there are many specific requirements that will have to be met for some scripts to work, there are probably some scripts that work most of the time in most circumstances for a certain plattform. It would be good to single these scripts out, e.g. "This script will work all all windows machines". So my question to the community is: Which of these scripts can I depend on to work most of the time, e.g. on all later windows machines, and under what circumstances will they work?
 

SCIPTS THAT WORK IN A TYPICAL SITUATION LIKE WIN 10 LOGGED IN BUT LOCKED?

A typical situation, is a windows PC that is running Windows 10 and that is set to automatic security updates and otherwise default settings. Since windows 10 has been around for two-three years now and we are on the final year for mainstream support for windows 8.1, I recon that windows 10 is a good typical target. Also, only few scripts on the BB seems to target OS X.

I have understood from the forum that (naturally) many scripts work when the computer is unlocked, some when it is locked (but user logged in) and very few when the user is logged out. Hacking unlocked computers with physical access may not be very interesting for certain pen testing assignments or demonstration purposes, and very few scripts work when the user is completely logged out. Therefore, the middle alternative with a logged in user but locked computer with windows 10 seems to be an interesting target to aim for.

The question is therefore; which of these scripts that are available for the BB, will work and produce the expected result on a windows 10 box where the user is logged in but the computer is locked?

If we could sort these things out together, we could create optimized and time-efficient super-scripts that combined many of the "attacks" for specific platforms and circumstances. This would be very useful for pen testing assignments and demonstration purposes.

Any ideas, comments and answers to the questions above are most welcome.

Sincerely,

Blix

 

[RazerBlade]

You didn't answer my question, where are u from?

[peterkozmd]

This seems awfully sensationalistic No offense but you just want something to make people go omg fear mongering instead of the opposite hmm..that looks interesting let me learn how that works so i can better protect myself and learn. Hollywood and the media do enough in that regard. You just want everything handed over to you and trying to twist it around that he or us are trying to be rude and unhelpful when in fact you deflecting it because your lazy or don't really wanna know how it works. Gimmie the solution but I don't wanna go through the work and effort. Did I guess right? asking for help and then playing the poor sympathy martyr card when you don't like the answer is awfully immature and pathetic

 

You want to give a presentation on something when you don't know how the device works? You get offended when called upon it and you show no intention to even learn how it works beyond a rudimentary response you'd expect from a child "just give me what i need" attitude.

 

 

Edited March 24, 2017 by peterkozmd

[Blix]

Dear Peter,

Thank you for this answer. I can see that some of my questions are started to be solved in other threads here. I really appreciate your concern and that you took the time to answer. Let me know if I can help you with anything.

If you are anyone else here would be interested in helping us all sort out this question that would be great:

Which of these scripts that are available for the BB, will work and produce the expected result on a windows 10 box where the user is logged in but the computer is locked?

/Blix

 

[Kel]

omg

[Decoy]

On 3/24/2017 at 1:12 PM, Blix said:

If you are anyone else here would be interested in helping us all sort out this question that would be great:

Which of these scripts that are available for the BB, will work and produce the expected result on a windows 10 box where the user is logged in but the computer is locked?

/Blix

 

Hi Blix,

I'm not sure if you watch Hak5 or not - but they've got a great YouTube channel, and you can find demonstrations and answers to precisely the questions you're looking for answers to. If you're interested in credentials from locked machines, I'd look up Mubix's explanation as he can probably explain QuickCreds better than anyone. If you're looking for info in regards to PoisonTap, look up Samy Kamkar. You're going to learn the most by hacking the device yourself.

PoisonTap: https://samy.pl/poisontap/

QuickCreds: https://room362.com/post/2016/snagging-creds-from-locked-machines/

Edited March 26, 2017 by Decoy

[Dave-ee Jones]

On 3/25/2017 at 4:12 AM, Blix said:

Dear Peter,

Thank you for this answer. I can see that some of my questions are started to be solved in other threads here. I really appreciate your concern and that you took the time to answer. Let me know if I can help you with anything.

If you are anyone else here would be interested in helping us all sort out this question that would be great:

Which of these scripts that are available for the BB, will work and produce the expected result on a windows 10 box where the user is logged in but the computer is locked?

/Blix

 

Unbelievable. He just said himself that the answers to find these questions are all over the forums and he asks it AGAIN anyway after saying he already knew where to find the answer.

Severe laziness is what is NOT driving this guy, and glory-seeking in the TV scene is what IS driving this guy..

[CastleBrav0]

Nostalgia of reporter being busted at defcon...