Jump to content

dark_pyrro

Dedicated Members
 View Profile  See their activity

  • Posts

    2,618

  • Joined

  • Last visited

  • Days Won

    198

 Content Type 

Everything posted by dark_pyrro

  1. dark_pyrro
    https://docs.hak5.org/bash-bunny/getting-started/mass-storage-structure Of which the most important in this particular case is "payloads", which needs to be positioned in the root of the Bunny udisk storage along with the sub-dirs for the switch positions "switch1" and "switch2". In your example above, it should be E:\payloads\switch1 and/or E:\payloads\switch2
  2. dark_pyrro
    Well, you haven't got the correct directory structure. The "payloads" directory isn't even there. The Bunny expects the intended structure to be available in order to execute properly. You can't make up your own directory structure and expect it to work.
  3. dark_pyrro
    Why are you using the bashbunny-payloads-master as a sub-dir?
  4. dark_pyrro
    Have you tried to copy the actual file from the library location to the switch directory instead of opening source file > copy payload text > opening target file > paste payload text?
  5. dark_pyrro
    lol, this is the most frequently asked question here and on Discord. What are you going to do with it? There's no such module available since it's obsolete (unless you are trying to red team Fred Flintstone).
  6. dark_pyrro
    What do you mean when saying "complete MITM attack"?
  7. dark_pyrro
    Are you using a Micro SD card? Where are your payloads stored? One the Bunny internal storage or on the Micro SD card?
  8. dark_pyrro
    What language is your Windows box using? Have you set the correct language when encoding the payload?
  9. dark_pyrro
    I guess the users in this thread won't answer you since it's over 9 years old and users in it haven't been active for years either. What zombie are you using? What parts of the nmap documentation have you read? -Pn says "Host discovery disabled" because that is what that option does; disables host discovery. It doesn't "ping" but considers all hosts/IP addresses as "up"/alive.
  10. dark_pyrro
    Is there any ep file in /www ?
  11. dark_pyrro
    This is a really old thread so I guess response will be rather limited. To your question, I would probably say: "nothing". You most likely have to tweak the Evil Portal module code. The target gets connected and gets network access, that message just shows up. If you continue to browse, your target will browse the web as intended. I can't remember off the top of my head where it is located, but just search for that string and you will find where it is located in the module code structure. Then change/tweak/correct it as you desire to get another response.
  12. dark_pyrro
    What product? And don't just post randomly in the forums. Keep it in the sections related to what you want answers to.
  13. dark_pyrro
    I've come to the conclusion that it's easier (and more related to success) to run a staged payload/binary on the Turtle to get a Meterpreter shell. Note though that this probably requires the later variant of the Turtle with an SD card slot. The older version of the Turtle doesn't have enough storage space to host the payload (at least a linux/mipsbe based binary).
  14. dark_pyrro
    I guess that "error" is pretty clear about if things are going to be shipped to the address you have specified. If the Hak5 shop returns such a message, it will not ship to that destination. Pretty obvious.
  15. dark_pyrro
    no, and I don't want to get any older than I am
  16. dark_pyrro
    I'm so happy I was finally classified as a fanboi. It has always been my goal in life and now I won the Oscar! I'm all open to hear about bad things, I'm a user too, but when things are ventilated in ways that is too vague, I need to ask. Being specific is a good thing and when it becomes too blurry, it's just some kind of general opinion based on "something". And... "we"?! Is there some kind of club that collectively is passing judgement on Hak5 forum users?
  17. dark_pyrro
    What features? What components? It's been 4 updates since the product release, so I don't get the "shit practice".
  18. dark_pyrro
    What do you want in an update? Updates are generally not time based, but based on need.
  19. dark_pyrro
    I'd suggest that you contact Hak5 directly instead of using the forums. There's no guarantee that it will be monitored by Hak5 staff.
  20. dark_pyrro
    I guess that the end of that quote is actually your question. I'd suggest that you ask the question in some forum (or whatever) that is relevant to your hardware since you obviously isn't using a Hak5 USB Rubber Ducky.
  21. dark_pyrro
    Repeating the same question as for the other user; tried to install it? opkg update opkg list | grep python3 Find some install candidate and install it, perhaps opkg install python3
  22. dark_pyrro
    "With this", what? What do you want to do, and... there's a dedicated forum section for the Ducky, use that for Ducky questions/posts.
  23. dark_pyrro
    Tried to install it? You don't have to wait for it if it's in the repos. Not sure any Python3 package available for the Turtle is new enough to run the most recent version of Responder though.
  24. dark_pyrro
    Could be a client side (Turtle) issue, or host side. A bit difficult to say without digging deeper into it. When running the Python based shell component manually on the Turtle, it reports "Unable to connect" even though the Meterpreter host reacts. The dynamically generated URL on the client side doesn't seem to be accepted by the Meterpreter host.
  25. dark_pyrro
    If you downloaded the deb package from this forum thread and installed it as per the instructions from Hak5, the Metasploit should be considered as installed on the Bunny. Note though that the contents of that deb package is about two and a half years old. Don't expect everything to work since the security domain has moved quite a bit over such a period of time. Things needs to be up to date to be useful in most cases. When it comes to Metasploit specifically, I guess the best advise is to dig elsewhere to get more knowledge about how to use it all. There are for sure people here that knows stuff, but my bet is that the response is better on dedicated forums, etc. that is focused around Metasploit. If you want to get hold of credentials, then you could try the QuickCreds payload instead. It doesn't deliver 100% clear text stuff though, but it's a step on the way of showing what is possible to get hold of in customer engagements/pen tests/red team activities.
×
×
  • Create New...