pineapple BashBunny connected to Pineapple

[b0N3z]

On 5/11/2017 at 4:46 PM, Just_a_User said:

 

git clone https://github.com/evilsocket/bettercap
cd bettercap
gem build bettercap.gemspec
sudo gem install bettercap*.gem

 

ERROR:  SSL verification error at depth 0: certificate is not yet valid (9)
ERROR:  Certificate /C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=f2.shared.global.fastly.net not valid until 2017-05-09T10:41:07Z
ERROR:  SSL verification error at depth 0: certificate is not yet valid (9)
ERROR:  Certificate /C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=f2.shared.global.fastly.net not valid until 2017-05-09T10:41:07Z
ERROR:  SSL verification error at depth 0: certificate is not yet valid (9)
ERROR:  Certificate /C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=f2.shared.global.fastly.net not valid until 2017-05-09T10:41:07Z
ERROR:  Could not find a valid gem 'em-proxy' (>= 0.1.8, ~> 0.1), here is why:
          Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=error: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)
ERROR:  SSL verification error at depth 0: certificate is not yet valid (9)
ERROR:  Certificate /C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=f2.shared.global.fastly.net not valid until 2017-05-09T10:41:07Z

I keep getting this error for bettercap. Any Ideas?

[Just_a_User]

1 hour ago, b0N3z said:

I keep getting this error for bettercap. Any Ideas?

Yeah the clue is in the error "not valid until 2017-05-09" i bet if you check the time and date of your bash bunny its not correct.

you can adjust it with the below, just replace the date and time for your current time zone.

example
date --set 1998-11-02 
date --set 21:08:00

 

 

[Dave-ee Jones]

Because the Bunny isn't on all the time and it doesn't sync with the internet it can never really know the exact time unless you tell it the time. This means that connecting to some internet sites and things via the BashBunny cannot work very well if they have extra security settings (like checking for time stamps) - including SSL certificates...

[Sebkinne]

16 minutes ago, Dave-ee Jones said:

Because the Bunny isn't on all the time and it doesn't sync with the internet it can never really know the exact time unless you tell it the time. This means that connecting to some internet sites and things via the BashBunny cannot work very well if they have extra security settings (like checking for time stamps) - including SSL certificates...

I'll look into why NTP doesn't update the time the moment we get an internet connection. Technically, the moment we get a connection we should be trying to configure the time.

[Just_a_User]

Probably not the best way but I used datetimectl to do this in a more permanent manner although not always immediate and may not be desirable to have NTP traffic coming from the bunny sometimes. I figured that was on purpose.

#List timezones
timedatectl list-timezones
#To set timezone
timedatectl set-timezone Asia/Kathmandu
#To enable NTP sync
timedatectl set-ntp true
#start ntp
systemctl start ntp


#To disable NTP sync
timedatectl set-ntp false
#stop ntp
systemctl stop ntp

 

 

[Dave-ee Jones]

Just prod the PC for the time :P

"Hey."
*pokes PC*
"Hey."
*pokes PC again*
*PC turns around*
"What?!"
"What's the time?"
*pokes PC again*

[Just_a_User]

On 5/11/2017 at 10:52 PM, Just_a_User said:

I have been trying to get MSF to run on the bashbunny, SEToolkit goes on without an issue but MSF requires PostgreSQL. PSQL is installed on the bashbunny as default but im struggling to get the postmaster or PostgreSQL's server daemon process to run. so I end up with errors like this: -

psql: could not connect to server: No such file or directory
	Is the server running locally and accepting
	connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?

Have been round in circles looking at this but thought id put this out there in case anyone has already got this working. Please share :)

This one still giving me issues, any postgreSQL peeps have an idea what’s up with this? I don’t think the firewall is blocking the port I think the server daemon isn’t running but not sure why. Any ideas or pointers welcome!

root@bunny:~# systemctl list-units -t service
  UNIT                             LOAD   ACTIVE SUB     DESCRIPTION
  dbus.service                     loaded active running D-Bus System Message Bus
  ifup@usb0.service                loaded active exited  ifup for usb0
  inetd.service                    loaded active running Internet superserver
  isc-dhcp-server.service          loaded active running LSB: DHCP server
  networking.service               loaded active exited  LSB: Raise network interfaces.
  ntp.service                      loaded active running LSB: Start NTP daemon
  postgresql.service               loaded active exited  PostgreSQL RDBMS
<E2><97><8F> postgresql@9.4-main.service      loaded failed failed  PostgreSQL Cluster 9.4-main
<E2><97><8F> rc-local.service                 loaded failed failed  /etc/rc.local Compatibility
  resolvconf.service               loaded active exited  Nameserver information manager
  rsyslog.service                  loaded active running System Logging Service
  serial-getty@ttyS0.service       loaded active running Serial Getty on ttyS0
  ssh.service                      loaded active running OpenBSD Secure Shell server
  systemd-journald.service         loaded active running Journal Service
  systemd-logind.service           loaded active running Login Service
  systemd-random-seed.service      loaded active exited  Load/Save Random Seed
  systemd-setup-dgram-qlen.service loaded active exited  Increase datagram queue length
  systemd-timesyncd.service        loaded active running Network Time Synchronization
  systemd-tmpfiles-setup.service   loaded active exited  Create Volatile Files and Directories
  systemd-udev-trigger.service     loaded active exited  udev Coldplug all Devices
  systemd-udevd.service            loaded active running udev Kernel Device Manager
  systemd-user-sessions.service    loaded active exited  Permit User Sessions
  udev-finish.service              loaded active exited  Copy rules generated while the root was ro

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

23 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

Dont think its directory rights either

root@bunny:/etc/postgresql/9.4/main# ls -ld /var/run/postgresql/
drwxrwsr-x 3 postgres postgres 60 Jan  1  1970 /var/run/postgresql/

root@bunny:/var/run# systemctl status postgresql@9.4-main -l
● postgresql@9.4-main.service
   Loaded: not-found (Reason: No such file or directory)
   Active: failed (Result: exit-code) since Wed 2017-05-17 16:00:38 BST; 3h 9min ago

May 17 16:00:37 bunny systemd[1]: Starting PostgreSQL Cluster 9.4-main...
May 17 16:00:38 bunny postgresql@9.4-main[3365]: Error: could not exec   start -D /var/lib/postgresql/9.4/main -l /var/log/postgresql/postgresql-9.4-main.log -s -o  -c config_file="/etc/postgresql/9.4/main/postgresql.conf" :
May 17 16:00:38 bunny systemd[1]: postgresql@9.4-main.service: control process exited, code=exited status=1
May 17 16:00:38 bunny systemd[1]: Failed to start PostgreSQL Cluster 9.4-main.
May 17 16:00:38 bunny systemd[1]: Unit postgresql@9.4-main.service entered failed state.
May 17 18:57:06 bunny systemd[1]: Cannot add dependency job for unit postgresql@9.4-main.service, ignoring: Unit postgresql@9.4-main.service failed to load: No such file or directory.
May 17 18:57:28 bunny systemd[1]: Cannot add dependency job for unit postgresql@9.4-main.service, ignoring: Unit postgresql@9.4-main.service failed to load: No such file or directory.

 

EDIT - to enable use of postgresql do the following: -

usermod -a -G netdev,systemd-network,net_raw postgres && reboot

Thanks to @Mohamed A. Baset for solving this issue.

[Just_a_User]

Metasploit Framework on the bashbunny

#Update and dependencies
apt-get update
apt-get upgrade
apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev

#to enable postgresql database access
usermod -a -G netdev,systemd-network,net_raw postgres
reboot

#install java as per this post
#install ruby as per this post

#Check nmap is installed or remove old and install latest from gitub.

git clone https://github.com/nmap/nmap.git
cd nmap
./configure
make
make install 
make clean


root@bunny:~# nmap
Nmap 7.40SVN ( https://nmap.org )

#Configure the postgre sql server

#Change user
su postgres
#Create db user
createuser msf -P -S -R -D
#create db stating user and name of db
createdb -O msf msf
#If promted for a password I left mine blank and hit enter twice iirc
exit
exit

#I opted to install MSF into /opt/ but could be installed elsewhere e.g. /tools/. both should allow using the msfupdate command to keep up to date from the git. -
#alternatively you can look here for the latest armhf deb package (if its currently available).

 

cd /opt
git clone https://github.com/rapid7/metasploit-framework.git
chown -R `whoami` /opt/metasploit-framework
cd metasploit-framework
gem install bundler
bundle install
bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'

I occasionally have had an issue with bundler installing. Its happened a couple of times, sometimes it ended up with me installing that separately via gem then ran the bundler again to complete the MSF install. You might see the same.

root@bunny:~# msfconsole
Call trans opt: received. 2-19-98 13:24:18 REC:Loc

     Trace program: running

           wake up, Neo...
        the matrix has you
      follow the white rabbit.

          knock, knock, Neo.

                        (`.         ,-,
                        ` `.    ,;' /
                         `.  ,'/ .'
                          `. X /.'
                .-;--''--.._` ` (
              .'            /   `
             ,           ` '   Q '
             ,         ,   `._    \
          ,.|         '     `-.;_'
          :  . `  ;    `  ` --,.._;
           ' `    ,   )   .'
              `._ ,  '   /_
                 ; ,''-,;' ``-
                  ``-..__``--`

                       http://metasploit.com
       =[ metasploit v4.14.19-dev-7e2dab4                 ]
+ -- --=[ 1654 exploits - 947 auxiliary - 293 post        ]
+ -- --=[ 486 payloads - 40 encoders - 9 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf > 

 

[b0N3z]

https://astr0baby.wordpress.com/2017/05/23/bashbunny-with-metasploit-ms17_010_eternalblue-vs-windows-7-sp1-x64/

 

going to try and setup msf this way and see if that will change anything.

[Just_a_User]

On 6/4/2017 at 2:01 AM, b0N3z said:

https://astr0baby.wordpress.com/2017/05/23/bashbunny-with-metasploit-ms17_010_eternalblue-vs-windows-7-sp1-x64/

 

going to try and setup msf this way and see if that will change anything.

This didn't wok for me but thanks for sharing @b0N3z  not sure if it was me or method.

[Just_a_User]

Full MSF works reasonably  well on bashbunny when combined with tetra allowing MSF to access tetra clients. @Mohamed A. Baset gave me final piece of the postgresql puzzle from his post.

 I updated my previous post where I listed the extra steps.

[Mohamed A. Baset]

On 9/3/2017 at 4:12 PM, Just_a_User said:

Full MSF works reasonably  well on bashbunny when combined with tetra allowing MSF to access tetra clients. @Mohamed A. Baset gave me final piece of the postgresql puzzle from his post.

 I updated my previous post where I listed the extra steps.

YW Man, I'm so excited to dig on your scenario this weekend, the idea of deauthing, probing and beaconing to get all the clients connected to the tetra then attack them with the bunny seems very interesting!

[b0N3z]

Ok so I still had problems getting a database to connect with msf when it starts.  So I found a new way to create a database and user to connect too.  I pulled the msfdb script from a live version of  kali and changed one line and it set everything up for me and autoconnects when metasploit starts.  @Just_a_User

https://github.com/eapolsniper/msfdb/blob/master/msfdb

put that in your metasploit-framework folder. some people will have it in /opt and others have it in /tools.  youll need to edit the file. change this at the very top of the script.

METASPLOIT_BASEDIR=/pentest/exploitation/metasploit

to this

METASPLOIT_BASEDIR=/tools/metasploit-framework

or

METASPLOIT_BASEDIR=/opt/metasploit-framework

 

[Komakurt]

@Just_a_User @Sebkinne hi...i want to git clone rbenv to install ruby after that but i wasnt able to git clone..i get the output that it cant resolve hostname for github.com
but i was able to apt update && apt upgrade and also to install packages with apt ..any thoughts?

thanks so much!

[Just_a_User]

8 hours ago, Komakurt said:

.any thoughts?

not sure, can you git clone anything? i.e. is it just that repo or all repo's?