Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by combatwombat27

  1. 5 hours ago, korang said:

    OK, I also put together a very similar script.  I have found  on my lab systems for my "work" environment, that the timing for mapping the network share had to be increased.  I also ran into issues were the DUKCY ALT F4 did no close the explorer window as I had hoped.  I had to use powershell to kill exploerer.  This "work" system is a windows 7 x64 Laptop on a Active Directory Domain.  One other weird note, due to certain GPO's we have I had to disconnect the hard wired lan cable to get it to properly map to the Bash bunny.  Now , with the faster timing and ALT F4 , I found worked on my non-domain, stand alone windows 10 laptop.  

    SO as i side note to anyone using in a professional capacity and environment.  And with all PROPER PERMISSIONS, of course.  May need to adjust timing and do some adjustments for it to work right, depending on any protections the workstation may have.

    But I will admit your script is way cleaner than mine.


    Awesome to see this getting some testing in the wild! I'm not entirely sure why Alt + F4 would fail in Windows 7 other than it just firing too fast, that is interesting to hear. 

    With regards to the GPO and Lan cable, sounds to me like they have some GPOs setting what to use as the primary network connection. I would doubt many attacks written using the networking ATTACKMODE would work well on that machine given they often base their ability to intercept on the fact that being the fastest network connection makes them primary. 

    Clean code?! 0.o I didn't expect to hear that of all comments. hahaha Thanks! 

    Realistically I feel this isn't the most useful attack given you could use other duckyscript code to export hashes without needing to exploit network connectivity, but it certainly was a fun exercise to create, and if it helps at all then it has done some good. 

    Thanks for checking out the tool, and bringing back some useful feedback!

  2. Hey all! Inspired by Darren's recent blog post, I wanted to put together a version of the duckyscript SMB hash grab that didn't require an external networked SMB server setup. I know there are other ways of grabbing the hash given you have both HID and STORAGE access if you want, but it was a lot of fun to put together at the very least.

    Pull Request to Bash Bunny Github Repo


    Github SMBHashGrab

    Please reach out to me with any bugs or suggestions.

    * Author: Combat_Wombat @zac_borders
    * Version: Version 1.0

    Bash Bunny script to exfiltrate hash via SMB attack standalone against Windows Domain computers.
    Inspired by Darren's post.
    @hak5darren || Hak5 Blog


    Run on a domain computer that is logged in.


    1.   **You must install impacket**
        2.   Download impacket
        3.   Place in /tools
        4.   This will install when you reconnect the drive
        5.   From the BashBunny run:

    cd /tools/impacket && python setup.py install

    Here you can find the:  Impacket Github

    Payload LED STATUS

    FAIL.................Missing Requirement Impacket
    STAGE1...........Setting up SMB server
    STAGE2...........HID Injection
    CLEANUP........Grepping for hash, storing in loot
    FINISH.............Light is green trap is clean.

  3. I am close enough to drive to derbycon as well as can afford to get into the con itself. That being said, times have been a bit rough for my family and I recently and cannot come up with the funds I would need for a room. My plan is to show up on Thursday the 26th and leave out either Sunday after everything shuts down or Monday if there is a place to stay overnight.

    My point to this all is that I don't have a place to stay while I'm there and am looking to see if anyone has some floor space or something in their hotel room/abode.

    In case you are curious, I'm a 23 y/o male who just wants a place to lay his head when his eyes wont stay open anymore.

    If you have questions, suggestions, or a place to crash please don't hesitate to hit me up!

  4. I have the Samsung Galaxy S3 as well as a car system that support the aux jack hookup. When I am not charging the phone off of the car thus not having the dual ground issue then the sound quality is great. (Obviously it isn't the best being a phone but good for phone quality) I have had trouble with the mic added cables before as well. Stop by your local hobby shop and just pick up a basic cable to do the job, should only be a few bucks. If there is still an issue it is either the head unit or the phone.

  5. I have been running Kali inside a vm on my macbook pro with no issues at all. Instead of virtualbox I opted for Parallels just because of the simplicity. I'm not sure that there would be any major differences in using parallels over virtualbox but I can say just devote more hardware to the Kali, set it to use more cores and more ram and you should be just fine. It shouldn't run at such a "poor" level that you wont be able to hack. Having OSX already setup to fit your very specific needs is a real advantage.

  6. The came back and specifically said he was punished for the device. Honestly I think it is just. I don't believe you were trying to be malicious but that really isn't something that I would want in any school I was an IT admin to allow something of that nature as most kids just are not trustworthy. Most kids find it more interesting to use thing maliciously than to use it for white hat learning.

    Again, maybe a little harsh but really any lawyering up at this point is unrealistic. I also think that any attempt to sue over something is petty at best and looking for a quick buck. Come on guys that is ridiculous.

  7. I'm going to say the same thing we discussed on the IRC channel. Yes they may be handling it wrong. Yes it is unfair, but you have a year and a half or so since your parents aren't punishing you just take the suspension as a free vacation that no one else gets and don't worry about it. As long as you still will be able to take your tests etc when you get back it really isn't hurting you. My fear is if you make to big a "stink" out of it then you will only end up hurting yourself. If you were in college or something I would say fight it as being out of class can really hurt your grades, but high school you should be fine.

  8. So you never did directly say, Have you at any point Hacked, logged in, sidejacked, into a teacher's or student's Facebook without prior permission from the owner of the account? The reason I ask is because you seem to always explain that you didn't during certain time frames. Perhaps you did it before or after? If you want to plead the 5th I will totally understand. :P

    One thing you might do is request to talk to your school's IT guy. If there is anyone within the school that would understand you, your knowledge, and your plight it would be him. Let him know yeah your a curious kid but that doesn't mean you did any of the stuff and that you would happily own up to something you did.

    Worst come to worse you spend some time out of school. It isn't the worst thing that could happen. *Hell take that time to work on some more scripting*

    Are your parents punishing you too or is it just the school?

    Personally I wouldn't get the eff or anyone involved simply because I believe it would over-inflate the situation. However, that is just my opinion so do as you please.

    Just be careful! ;)

  9. In for 2 PICnDuino. :D

    Congrats on the kid being interested! Mine is only 2 1/2 at the moment so still too early to tell :P

    However he does game. http://imgur.com/4d5Vy Quite good! ;)

    I have found something that would be fun for the younger and older alike on kickstarter.

    Kind of like interactive legos.


  10. One thing to keep in mind when pulling traffic logs is that even if a user is idle on sites it can be reflected as time used on that site. I often have youtube or something open in a minimized window while I'm at work with whatever I am watching at lunch but if you were to pull a log it would show me being on youtube all day. I have seen a few people at different companies fired due to the manager who received these kinds of reports not realizing that websites even not being actively used just open will show up. That aside I have always found it easiest to pull these logs via the firewall.

  11. I have two alfa adapters. One is the 1000mw realtek version the other is the 2000mw? ralink version. Let me know what you think.

    What wireless card can go up to 2000mw? I have the older Alfa AWUS036H G model and the Atheros A9271 b/g/n model.

    As for adjusting the power I think Darren has done at least 2 episodes with how to change the power in it. One of which was part of the recent show where he went to the local Hackerspace. http://hak5.org/episodes/hak-1123 goto 9:03 for the list of instructions.

    The only time I get Operation not permitted is when I'm either not root or forget to sudo.

  12. That makes me curious to know if you even connect directly to the other users' xboxes or if everyone connects to xbox servers that handle the connection. A quick check online seems to point to they MAY be showing the other users' IP addresses. However I sold my Xbox since I didn't play enough so I can't test it for myself. Now this is just a rough guess but you COULD setup a script to watch the network traffic going to your xbox, ping those ip addy's and drop connection to those that don't ping back quick enough. If you ran this as a script on say router running w/ iptables you could have it firewall block chosen connections. Problem is some of these might not ping so you would have to either choose to drop all connections that don't ping (probably a lot more than you want to) or ignore those connections.

    This does sound like an interesting concept, especially when you think of how malicious users could be using this in the wild currently.( As a fledgling security researcher I can see how this would be bad) A user could potentially start dropping other players connections of the opposing team or players doing better than they were. It also leaves users open to attack due to a disgruntled looser. The person could try to exploit their network or use other information they find linking to their IP to cause them issues in their normal day to day.

    If you move forward on this subject please let me know seems pretty interesting.

    ALSO IF YOU DO TEST THIS I would only do it on a server with consenting friends that don't mind you disconnecting them so that at least the users effected are ok with it. I wouldn't worry about Microsoft in that case. <---- Not legal advice!!!

  • Create New...