Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


About combatwombat27

  • Birthday 06/27/1990

Profile Information

  • Gender
  • Location

Recent Profile Visitors

3,995 profile views

combatwombat27's Achievements

  1. Awesome to see this getting some testing in the wild! I'm not entirely sure why Alt + F4 would fail in Windows 7 other than it just firing too fast, that is interesting to hear. With regards to the GPO and Lan cable, sounds to me like they have some GPOs setting what to use as the primary network connection. I would doubt many attacks written using the networking ATTACKMODE would work well on that machine given they often base their ability to intercept on the fact that being the fastest network connection makes them primary. Clean code?! 0.o I didn't expect to hear that of all comments. hahaha Thanks! Realistically I feel this isn't the most useful attack given you could use other duckyscript code to export hashes without needing to exploit network connectivity, but it certainly was a fun exercise to create, and if it helps at all then it has done some good. Thanks for checking out the tool, and bringing back some useful feedback!
  2. Hey all! Inspired by Darren's recent blog post, I wanted to put together a version of the duckyscript SMB hash grab that didn't require an external networked SMB server setup. I know there are other ways of grabbing the hash given you have both HID and STORAGE access if you want, but it was a lot of fun to put together at the very least. Pull Request to Bash Bunny Github Repo Download Github SMBHashGrab Please reach out to me with any bugs or suggestions. * Author: Combat_Wombat @zac_borders * Version: Version 1.0 Description Bash Bunny script to exfiltrate hash via SMB attack standalone against Windows Domain computers. Inspired by Darren's post. @hak5darren || Hak5 Blog Configuration Run on a domain computer that is logged in. Requirements 1. **You must install impacket** 2. Download impacket 3. Place in /tools 4. This will install when you reconnect the drive 5. From the BashBunny run: cd /tools/impacket && python setup.py install Here you can find the: Impacket Github Payload LED STATUS FAIL.................Missing Requirement Impacket SETUP.............Setup STAGE1...........Setting up SMB server STAGE2...........HID Injection CLEANUP........Grepping for hash, storing in loot FINISH.............Light is green trap is clean.
  3. I'm finding my issue has to do with it needing to be wrapped. ' '
  4. Attached you will find a script written for the BashBunny , and its return as well as a ducky script and it's return. I would have expected the output to be the same for both. Is this an incorrect assumption?
  5. I am close enough to drive to derbycon as well as can afford to get into the con itself. That being said, times have been a bit rough for my family and I recently and cannot come up with the funds I would need for a room. My plan is to show up on Thursday the 26th and leave out either Sunday after everything shuts down or Monday if there is a place to stay overnight. My point to this all is that I don't have a place to stay while I'm there and am looking to see if anyone has some floor space or something in their hotel room/abode. In case you are curious, I'm a 23 y/o male who just wants a place to lay his head when his eyes wont stay open anymore. If you have questions, suggestions, or a place to crash please don't hesitate to hit me up!
  6. I have the Samsung Galaxy S3 as well as a car system that support the aux jack hookup. When I am not charging the phone off of the car thus not having the dual ground issue then the sound quality is great. (Obviously it isn't the best being a phone but good for phone quality) I have had trouble with the mic added cables before as well. Stop by your local hobby shop and just pick up a basic cable to do the job, should only be a few bucks. If there is still an issue it is either the head unit or the phone.
  7. I have been running Kali inside a vm on my macbook pro with no issues at all. Instead of virtualbox I opted for Parallels just because of the simplicity. I'm not sure that there would be any major differences in using parallels over virtualbox but I can say just devote more hardware to the Kali, set it to use more cores and more ram and you should be just fine. It shouldn't run at such a "poor" level that you wont be able to hack. Having OSX already setup to fit your very specific needs is a real advantage.
  8. http://www.putdispenserhere.com/ appears to be completely down from here. I was able to access it's google cache, but the scripts are hosted from that domain as well. Anyone have any idea whats going on or when it might be back up? Cheers, Wombat
  9. Sorry everyone. I finally was able to get a new pineapple and now since I'm not pressed for cash this one is going up on the shelf of awesome older tech stuff.
  10. The came back and specifically said he was punished for the device. Honestly I think it is just. I don't believe you were trying to be malicious but that really isn't something that I would want in any school I was an IT admin to allow something of that nature as most kids just are not trustworthy. Most kids find it more interesting to use thing maliciously than to use it for white hat learning. Again, maybe a little harsh but really any lawyering up at this point is unrealistic. I also think that any attempt to sue over something is petty at best and looking for a quick buck. Come on guys that is ridiculous.
  11. I'm going to say the same thing we discussed on the IRC channel. Yes they may be handling it wrong. Yes it is unfair, but you have a year and a half or so since your parents aren't punishing you just take the suspension as a free vacation that no one else gets and don't worry about it. As long as you still will be able to take your tests etc when you get back it really isn't hurting you. My fear is if you make to big a "stink" out of it then you will only end up hurting yourself. If you were in college or something I would say fight it as being out of class can really hurt your grades, but high school you should be fine.
  12. I would love to get an update on this story as where you stand now and what the school has said/done.
  13. I had the same issue. I just re-downloaded it.
  14. So you never did directly say, Have you at any point Hacked, logged in, sidejacked, into a teacher's or student's Facebook without prior permission from the owner of the account? The reason I ask is because you seem to always explain that you didn't during certain time frames. Perhaps you did it before or after? If you want to plead the 5th I will totally understand. :P One thing you might do is request to talk to your school's IT guy. If there is anyone within the school that would understand you, your knowledge, and your plight it would be him. Let him know yeah your a curious kid but that doesn't mean you did any of the stuff and that you would happily own up to something you did. Worst come to worse you spend some time out of school. It isn't the worst thing that could happen. *Hell take that time to work on some more scripting* Are your parents punishing you too or is it just the school? Personally I wouldn't get the eff or anyone involved simply because I believe it would over-inflate the situation. However, that is just my opinion so do as you please. Just be careful! ;)
  • Create New...