Jump to content

Darren Kitchen

Root Admin
  • Posts

    4,887
  • Joined

  • Days Won

    248

Everything posted by Darren Kitchen

  1. I don't condone cheating but I also get that it's very much a part of the experience. This is why we would send mates to check out the rigs of our opponents at LAN parties back in the original CS / Q3 / UT99 days. Anyway - interesting concept. I've never heard of Cheat Engine. Care to elaborate? I don't have time to game anymore, just curious.
  2. Hi all. I'm just now becoming aware of multiple related situations identified in this thread. I sympathize as no one should be waiting this long on their orders, and I offer my sincerest apologies. Looking deeper into the various issues it seems that most are related to a hazmat shipping situation that has prevented us from selling batteries outside of very limited circumstances (domestic ground shipments only). Unfortunately our logistics provider has been extremely slow to respond in rectifying the situation. For example, some international shipments sent by DHL had been shipped back then repackaged via FedEx. It's extremely frustrating to have high value orders containing multiple units get to the border and be delayed by days if not weeks and incur immense shipping expenses due to one unit. We have since removed all batteries from kits until a better logistics solution can be found. We are also investigating alternative logistics providers to alleviate these response delays. I'm terribly saddened that our plan to use a professional logistics outfit for fulfillment of orders at higher speeds than possible by the small team that is Hak5 has resulted in the exact opposite in these edge cases. It's absolutely unacceptable and I share in your frustration. Furthermore, our support systems have not been adequate to deal with these logistics challenges in a timely manner, and for that I offer my sincere apologies. We are back from defcon, we hear you, and while half of us are hard at work on the next big thing - the rest of the team is dedicated to digging into to each and every support ticket to ensure that you receive exactly what you are due. You will have resolution by the end of the week.
  3. Deano123 - I'm really sorry we completely dropped the ball on this. I really appreciate your patience and understanding - but you shouldn't have to wait a month for your order or a week for a response. You have my word we'll make this right - and in doing so we'll prevent this from happening again. I must admit we're pretty damn good for the 99% of orders, but the edge cases like yours where packages go lost, stolen, stuck in customs, bounced back to us or any number of other odd exceptions - we can do better. For what it's worth, we're in the midst of a transition here internally where we're revamping a lot of processes that were put in place ad hoc as we grew from the garage. For the most part there has already been a lot of refinement on the backend, but customer service - especially with these edge cases - is the number one area where we need improvement. Based on this experience, we're developing a bot which will monitor the packages tracking while they're in transit and alert us if an order is taking longer than usual to get to its destination. That way we can be proactive about notifying the customer and helping in situations where customs or the shipping carriers cause issues. I know this doesn't immediately solve your particular issue, but know that we're taking the issue seriously and we're working to solve your AWOL package in the process. You'll be hearing from us via ZenDesk/Email shortly. xinjie00 - Your order held briefly since there was a short delay between the order being accepted and one of the items - I believe the WiFi Pineapple - being available at the warehouse. I'm 99% certain it left the warehouse yesterday (Monday). Regarding the 30 day policy for international orders - I'd say that it's more like 2-5 days for DHL and 4-11 days for USPS - but unfortunately customs can add up to another 3-4 weeks if the package gets held and while it only impacts less than 1% of orders, sadly it's something that's completely out of our hands. The hope is that our new order tracking/alerting bot will allow us to be proactive in these situations.
  4. It's a great companion to the USB attack tools, with the right payload. You'll see. Basically drop the Squirrel as a listener for an accompanying payload on the Duck/Bunny. Working on something special for that. Also, noted hardware request.
  5. You forgot NETMODE TRANSPARENT wget https://packetsquirrel.com BUTTON 1m && { echo "Discount unlocked!" LED FINISH } || { echo "Timeout dude!" LED FAIL }
  6. minimum cmd "mode" is 18,1 -- at least on my systems. Also you can pre-load the obfuscation commands on line 39 with this cmd /K "mode 18,1 & color FE & cd C:\ & title " Cheers!
  7. Awesome payload. Neat concept of a powershell reverse shell stager to kick off commands by netcat. It's a shame the powershell netcat interpreter is 342 characters long - necessitating opening and obfuscating a cmd window. I wonder if it could be whittled down to fit in the run dialog with its 260 max length. Something like cmd /c "start /MIN powershell <command goes here>"
  8. Hey yall - I'll chime in with some clarity regarding the warranty stuff. The Hak5 limited warranty covers defects in material or workmanship of new Hak5 products. What that means is we cover hardware faults, and guarantee our official software releases. While we can't possibly guarantee 3rd party modules/payloads/modifications - we do make a best effort to ensure that software contributions accepted into our repositories are of acceptable quality. I must say we have a great sense of pride building these easy to use penetration testing platforms -- and as platforms we encourage the community to contribute. We don't limit your access, and in fact go as far as to make access as convenient as possible. For example, the dedicated serial console from the Bash Bunny arming mode, the unlocked DFU bootloader of the Rubber Ducky, the onboard UART of the WiFi Pineapple TETRA. But as hacker hardware, there are certain risks associated with being root that we cannot guarantee. Knowing this we make a best effort to ensure that recovering is as easy as possible, should something go terribly wrong. Though even our best efforts can be thwarted by the wrong DD command. When you say "Its a simple fix drop the firmware file on the bunny and flash it again makes it like new again." that tells us we're doing our jobs right - making it easy to recover. But we don't want to give the impression that it's infallible. The Bash Bunny relies on a recovery partition, bootloader and other elements so that dropping a firmware file on it "makes it like new again". We're rightfully wary of things that could disrupt the recovery, because we don't want you to get locked out of your device. It's never fun. I'm not saying don't tinker - and I think it's great that you have 15+ years of experience with Linux. I'm sure that if you really get locked out you won't be the type opposed to soldering on UART jumpers to the pads on the PCB -- but that's not "normal use case" and something we can't guarantee. We just don't want to give the wrong impression to a newcomer that's a complete Linux beginner, because unlike a full fledged PC - the Bash Bunny isn't as easy for everyone to fix should it get completely bricked. Hell, I'm no Linux noob and even I can hose a system with DD. (note to self, IF= input file, OF= output file) ;-) In short, with root comes responsibility, and, in this case - if you brick it, you bought it. PS: The Bash Bunny has not been certified by the ADA as an adequate dental hygiene instrument.
  9. This is an extension waiting to happen. I'd imagine DETECTOS would spit back version based on a scan. We're looking at building an AUTO_ETHERNET ATTACKMODE which will try ECM_ETHERNET then fail over to RNDIS_ETHERNET if the target does not obtain an IP in X seconds (or possibly the other way around). nmap can do an OS scan, as can p0f (included in the firmware). I agree that this sort of extension would be really useful in having more complex and intelligent payloads that make decisions based on various conditions including OS version. I'm keen on seeing its development. PoSHMagiC0de is correct that it could be done via powershell commands - though I think the less hacky way would be to scan the target via the pocket network in the first stage, then launch the appropriate second stage depending on the results.
  10. Introducing Bash Bunny firmware v1.1 A feature packed firmware awaits Bash Bunny users just one month after release. We've excited to announce version 1.1, including many new features, conveniences, bug fixes and refined experiences. The newly improved LED command adds patterns in addition to variable blinks, as well as standardized payload states for common stages such as setup, attack, cleanup and finish. The Bash Bunny framework now includes support for extensions which augment the bunny scripting language with new commands and functions. Tools can now be installed with ease by copying .deb packages or entire directories to the dedicated /tools folder on the flash drive in arming mode. Updating ducky languages is now just a matter of copying json files to the dedicated /languages folder on the flash drive in arming mode. Many more features, fixes and experiences in the full changelog - so hop on over to BashBunny.com/downloads and nab version 1.1 today! (\_/)
  11. One solution would be to use HID only in stage 1, then switch from HID to just STORAGE in stage 2. Not knowing what payload you're referring to I'm not sure exactly what the stager would look like - so if you can provide any insight on that it would be helpful.
  12. Wow - bringing it back to the USB Switchblade days. Sure, one could. CD-ROM emulation is on the list - though unless you're encountering unmatched XP systems in your audits, it's likely not going to be too helpful. ...then again... /me counts the XP boxes he's seen in the last two weeks...
  13. Exactly the purpose of bunny_helpers.sh and something I'll be covering here soon.
  14. Will add this to the framework wish list
  15. Yes, we should absolutely hire that guy to do our marketing. Anyway, thanks for the wish list. :)
  16. Very cool! I don't have one of my own to test with, just wanted to say this sounds really neat :)
  17. Wow. That's some innovative thinking. I take it your idea is about "priming" the Bash Bunny with juice to boot so that when it's finally inserted into the target - it's already alive and kicking - ready to take names... Yeah - that seems pretty wicked. I could imagine a USB Y cable and a payload which monitors "dmesg" before launching.
  18. The Bash Bunny differs from the USB Rubber Ducky in a number of ways. While it's compatible with Ducky Script and supports a HID attack mode, that's only one of the 5 current attack vectors it supports. The USB Rubber Ducky is capable of executing payloads faster than the Bash Bunny (0.1 seconds vs 7 seconds). It's also more economically (less than half the cost thanks to economies of scale). And very importantly, the USB Rubber Ducky is far more covert (with its generic flash drive case). For social engineering ops, USB drops and attacks which require the target to plug in the drive, I'd say the USB Rubber Ducky will continue to be the gold standard. But don't take my word for it - just ask the CIA ;) #HarpyEagle https://wikileaks.org/ciav7p1/cms/page_20873532.html
  19. So there are two parts to your query - and I love them both. This the sort of creative thinking that I'm all about. :) So, as for profiling a target, the ways I've considered outside the long and tedious way (nmap -O --fuzzy $TARGET_IP) is to use p0f (pre-installed). Another similar thought exercise is to determine whether or not a specific Ethernet attack mode was successful, and failing that switch to another. For example, first register as RNDIS - and if after N seconds the BB doesn't receive a DHCP client - switch to ECM. Now, that doesn't provide an OS fingerprint - but certain assumptions can be made. I have noticed RNDIS to be successful on most Windows and Linux machines while ECM is more prevalent on Mac, Linux and "other" (Android, Chrome) Regarding off-site transmission in switch 2 after successfully exhilarating files from your target, I believe there are many possibilities - especially if the "drop box" is preconfigured to recognize the Bash Bunny. For instance, another embedded Linux machine with either a tunneled Internet connection or a large encrypted disk drive would be an ideal platform to immediately recognize and offload data from the Bash Bunny via SCP. Similarly there's no reason why the "loot" folder on the BB can't be encrypted. Anyway - just tossing fuel on the fire. Eager to hear everyone's remarks. Cheers!
  20. As the project progresses we're going to find dependencies that might be best to bake into the firmware. This is one of them. The install script expects an Internet connection. I skipped this in the episode for time. I expect to be doing more in depth style screencasts on stuff like this soon.
  21. We're very conservative when it comes to our estimates and cutoff times. We were actually fulfilling BB orders well after the notice was put up. I don't have the exact date/time - but they're on track to be received on Friday so I very much expect them all to be going out the following Monday. Jayson and Sara at HakShop.com/contact could tell you more. Thanks for your patience and support!
  22. Tough to say. I had hoped to over the weekend. My next few days are going to involve 23 hours of flying and a lot of jetlag - so probably not until next week. That said it's very simple and pretty well documented on the wiki. Oh, and we just did another Hak5 segment in it - so check out the show.
  23. The loot folder isn't created until you actually acquire some loot. We may change this in a future version. Currently we're all on 1.0 ;-)
×
×
  • Create New...