Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

About jrsmile

  • Birthday 11/10/1986

Profile Information

  • Location
    Germany, Cologne

Recent Profile Visitors

2,799 profile views

jrsmile's Achievements


Newbie (1/14)

  1. have reduced to only payload.txt but i cant get the escaping to work the payload just hits win+r and stops. QUACK STRING powershell Import-Certificate -CertStoreLocation cert:\CurrentUser\Root -FilePath ((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\root.cer') nevermind forgot the quotation marks after QUACK STRING .... new git version uploaded
  2. Discussion Thread for Root CA installer. (No Local Admin Rights necessary) current development via: https://github.com/jrsmile/bashbunny-payloads/tree/master/payloads/library/rooter (TESTED and Working) pull request waiting. small Howto create self-signed-root-ca: Create the Root Certificate (Done Once) Creating the root certificate is easy and can be done quickly. Once you do these steps, you’ll end up with a root SSL certificate that you’ll install on all of your desktops, and a private key you’ll use to sign the certificates that get installed on your various devices. Create the Root Key The first step is to create the private root key which only takes one step. In the example below, I’m creating a 2048 bit key: openssl genrsa -out rootCA.key 2048 The standard key sizes today are 1024, 2048, and to a much lesser extent, 4096. I go with 2048, which is what most people use now. 4096 is usually overkill (and 4096 key length is 5 times more computationally intensive than 2048), and people are transitioning away from 1024. Important note: Keep this private key very private. This is the basis of all trust for your certificates, and if someone gets a hold of it, they can generate certificates that your browser will accept. You can also create a key that is password protected by adding -des3: openssl genrsa -des3 -out rootCA.key 2048 You’ll be prompted to give a password, and from then on you’ll be challenged password every time you use the key. Of course, if you forget the password, you’ll have to do all of this all over again. The next step is to self-sign this certificate. openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem This will start an interactive script which will ask you for various bits of information. Fill it out as you see fit. You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Oregon Locality Name (eg, city) []:Portland Organization Name (eg, company) [Internet Widgits Pty Ltd]:Overlords Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:Data Center Overlords Email Address []:none@none.com Once done, this will create an SSL certificate called rootCA.pem, signed by itself, valid for 1024 days, and it will act as our root certificate. The interesting thing about traditional certificate authorities is that root certificate is also self-signed. But before you can start your own certificate authority, remember the trick is getting those certs in every browser in the entire world.
  3. indeet ... dammit there is always someone beeing faster and more elegant ;) anyway: here the binary converted PC part written in autoit (NOT compatible with the previous arduino code!): $arr = stringtobase2("Dies ist ein sehr sehr langer Test 0123456789") sendarray($arr, 40) ; 40 ms pause * 2 *8 = One Character every 640 ms ! Func sendarray($arr,$speed) For $i = 1 To UBound($arr) - 1 ConsoleWrite($arr[$i] & @CRLF) $arr2 = StringSplit($arr[$i], "") For $x = 1 To $arr2[0] If $arr2[$x] = 1 Then Send("{SCROLLLOCK on}") Else Send("{SCROLLLOCK off}") EndIf Send("{NUMLOCK on}") Sleep($speed) Send("{NUMLOCK off}") Sleep($speed) Next Send("{SCROLLLOCK off}") Next EndFunc ;==>sendarray Func stringtobase2($txt) Local $src = StringSplit($txt, "") Local $res[UBound($src)] For $x = 1 To $src[0] $res[$x] = chartobase2($src[$x]) Next Return $res EndFunc ;==>stringtobase2 Func chartobase2($chr) Local $nr = Asc($chr) Local $res = "" If BitAND($nr, 128) Then $res &= "1" Else $res &= "0" EndIf If BitAND($nr, 64) Then $res &= "1" Else $res &= "0" EndIf If BitAND($nr, 32) Then $res &= "1" Else $res &= "0" EndIf If BitAND($nr, 16) Then $res &= "1" Else $res &= "0" EndIf If BitAND($nr, 8) Then $res &= "1" Else $res &= "0" EndIf If BitAND($nr, 4) Then $res &= "1" Else $res &= "0" EndIf If BitAND($nr, 2) Then $res &= "1" Else $res &= "0" EndIf If BitAND($nr, 1) Then $res &= "1" Else $res &= "0" EndIf Return $res EndFunc ;==>chartobase2
  4. Hey, im one of the two main developers, if you heed help with the code feel free to ask.
  5. Hi there, i have thought about the solution transferring data via the keyboard leds back to the teensy. first of all its a proove of concept. (so pritty slow) what you need. arduino ide teensydurino addon from pjrc.com #include <phukdlib.h> from irongeek.com and for the sending part: autoit from autoitscript.com arduino code: #include &lt;phukdlib.h&gt; int ascii = 0; char buf[12]; int changed = 0; void setup() { pinMode(6, OUTPUT); } void loop() { if (IsNumbOn()){ if (IsScrlOn()){ // digitalWrite(6, HIGH); changed = 1; } else { if (changed == 1){ changed = 0; ascii += 1; } // digitalWrite(6,LOW); } } else { if (ascii &gt; 0){ char thisString = ascii; Keyboard.print(thisString); ascii = 0; } } } and the counterpart on the pc itself, written in autoit. Global $speed = 36 ; lesser values for faster transfer, may result in false data... sendstring("test") Func sendstring($string) Send("{SCROLLLOCK off}") Send("{NUMLOCK off}") $src = StringSplit($string, "") For $i = 1 To $src[0] ConsoleWrite($src[$i] &amp; @CRLF) sendkey($src[$i]) Next EndFunc ;==&gt;sendstring Func sendkey($key) Send("{NUMLOCK on}") For $x = 1 To Asc($key) Send("{SCROLLLOCK on}") Sleep($speed) Send("{SCROLLLOCK off}") Sleep($speed) Next Send("{NUMLOCK off}") Sleep($speed) EndFunc ;==&gt;sendkey it uses numlock to activate listening mode and sends the string as ascii codes to the teensy via scrolllock, i took those Keys to be able to type normaly during the transfer process. i may switch to binary mode when i know more about arduinos capability to use it. maybe using num as clock and scrolllock as data line. what i figured out when lowering the send delay below 36ms between led iterations the arduino won't be able to keep up and misses some of the signal switches. currently i only check for the scrolllock turning of so maybe there is a performance boost hidden in it too. to see if the arduino has understood the signal correctly i managed to return the send keys as real keys back to the computer. now i have a hardware keyboard controlable by software on the same machine. good for anticheating tool workarounds (when it gets faster)... please make sure you select a keyboard enabled usb type in the arduino ide via "Tools" > "USB-Type" thats it for now, feel free to contribute or wait. ;)
  6. Finally we have a working sample project for all teensy users which have an sd-card reader. http://www.renosite.com/
  7. it is indeet possible to turn it into a flash drive, and the 24k fat32 partition it can handle internally would be enough for a passwords.txt, BUT its more then a mess if you want to switch easily between the two modes, fortunately you want read only support for the teensy and read write for windows but if both methods want to write to the file you will be in AVR hell. maybe Paul can help ;) *wink*
  8. Hi there i started this thread to document my progress with the ducky and the sd-card reader addon... Step 1 : research the Interwebs... * http://en.wikipedia.org/wiki/SCSI_Inquiry_Command * http://elasticsheep.com/2010/04/teensy2-us...with-an-sd-card * http://cdemu.blogspot.com/ * http://renosite.com/ * http://fourwalledcubicle.com/LUFA.php Step2 : first aproach ;) got a working FIXED HDD-drive. Step3 (needs to be done): convert the HDD to a CD-ROM
  9. im currently working on the cd-rom emulation its "slow" but working: what i have so far: dipswitch decides weather mass-storage mode or cd-rom emulation is activated. in mass-storage mode you can put an iso file into the _ISO folder on the sdcard, so the teensy works like a normal usb-stick. in cd-rom emulation mode (non dvd until now) it looks for the _ISO folder on the sd-card and mounts the first image as a bootable cd-rom drive. im currently trying to speed the teensy up but 16 MHz are way to less to get USB 2.0 High-Speed support. so currently its more like an 50x CD-ROM, due to the fact that there are no read delays (cd-rom seeking spinup/down) it feels like a 150x cd-rom. i want to preserve the HID-Keyboard support so i can change the bootorder in the bios with the teensy itself. ( mostly using HP notebooks in the company so same bios for all). btw. I like the Hairbrush thingie. best regards from germany, JR
  10. Man with your post you made 750 Members of our Company extremly happy. Please feel free to feel yourself hugged 751 times.
  11. theese are bad bad news :) but btw.: sd card support works and i tested it with masstorage/HID kombination. its perfect to have the executable and the keystrokes on the same stick to let your magic happen ;) http://elasticsheep.com/2010/04/teensy2-us...ith-an-sd-card/ for LUFA there is a masstorage / dataflash example which turns the teensy to a readonly 20kbyte usbstick with HID support. very good to deliver payloads if you have just the teensy.
  12. Hi there, would it be possible to add a USB-CDROM feature for the teensy to mount iso files? so you can boot from the teensy?
  13. i got my ducky Today (03.05.2010) shipped (22.04.2010) so the mail service between the us and germany works again, great :) ps.: thanks for the photo of the hak5 crew signed by Shannon ;)
  14. One idea i had when it woud be possible to add micro-sd cards to the teensy was: add multiple sd cards add a dip switch or potentiometer for sd card selection compile some kind of bootloader for the ISOs on the sd-cards and boot right away from the isos. A usb stick that has all OS-Boot CDs on it i will ever need would be THAT thing for an IT-roadwarrior like me. regards, JR.
  15. i love this thing, always thought about a way to automate stuff without having to add something to the machine im on, did it some time ago with the warrior chips if you can remember them. i would develop a password generator linked to the exact time of day to generate passwords that change every minute by scheduled tasks or something :) just have to keep the time on the thingy in sync. but at least a daily changing password algorythm would be easily possible. if i im not with the first 100 i will buy the teensy straight away :)
  • Create New...