Jump to content
Hak5 Forums

LowValueTarget

Active Members
  • Content count

    72
  • Joined

  • Last visited

  • Days Won

    2

About LowValueTarget

  • Rank
    Hak5 Fan ++

Recent Profile Visitors

611 profile views
  1. Take a step back and think about what you are asking. Ask it this way -- "Am I able to accomplish this with a keyboard, a mouse, a network accessible linux computer, a serial device, a usb ethernet adapater and a thumb drive?"
  2. [Question]Copy file to locked PC

    Short Answer: No (not that i am aware of) Long Answer: The BashBunny is not some magic hacking device. Think of it this way. If you have a linux computer, a USB flash drive, a USB keyboard, a USB ethernet adapter, and a USB serial device, would you be able to accomplish what you are trying to accomplish? That's basically what the bashbunny is, with automation capabilities. Theoretical: You might be able to use responder to get a password hash from the target, then crack it or pass it to the victim assuming they aren't using SMBV2 and have SMB file sharing enabled. Even then, you'd be limited to file location if the user is not an Administrator.
  3. Storage file filter rules

    Like Unixnerd777 said, use SMB, FTP, HTTP, or some other delivery device and forego the storage method.
  4. Making an executable file run

    Take a look at the following payload. It sets up a FireTV (android device) to download and install an APK. https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/android/fireytv
  5. Concealed-Exfiltration attacks with Bash Bunny for Android?

    There's a payload floating around that uses adb remote to connect to an android device. Based on my ideas, there's really not much you can do until BashBunny gets USB host support. I have an idea that will try ADB (assuming the victim phone has USB Debugging enabled) first, then fallback to MTP if ADB is not enabled. This would allow relatively plug-n-play exfil of user data.
  6. Dual Attack Modes

    Yes as of 1.3 i believe.
  7. Anyone who can help make my script more effective or faster?

    In your payload.txt, you can remove about 10 lines and replace it with one. https://gist.github.com/hink/a8b57d16234042e5adc0182e5e1779c7 GET SWITCH_POSITION takes care of the logic of finding the switch position for you. It's a default extension.
  8. [Firmware >= v1.1] Install Impacket and Responder

    That's perfectly fine. Glad to hear it.
  9. [Firmware >= v1.1] Install Impacket and Responder

    You could always clone the git repos on your local device, copy them to the /tools folder on the BB USB storage, and plug the device into power in arming mode. This will copy all the files from /tools on usb storage to /tools on the BB system partition. If you wanted to complete the install, you could ssh/screen into the bunny and run the ./setup.py from the CLI.
  10. [Firmware >= v1.1] Install Impacket and Responder

    My mistake -- the extension is .txt -- edited the original post.
  11. [Firmware >= v1.1] Install Impacket and Responder

    Bumping this to the top for visibility -- it seems that people are still needing assistance.
  12. Feature Request/Upgrade for next firmware.

    You could always download the source and compile locally on the bunny.
  13. [RELEASE] Bash Bunny Firmware v1.3

    This is great! Two quick questions. 1. Does ATTACKMODE OFF essentially turn the BB into a USB host? 2. When using RNDIS_SPEED_XX, is RNDIS_ETHERNET a prerequisite, or are they mutally exclusive? Thanks,
  14. Problems with bb.sh and ICS

    bb.sh never worked for me. Here's as simple script I made to make it work for me #!/bin/bash ifconfig $2 172.16.64.64 netmask 255.255.255.0 iptables -X iptables -F iptables -A FORWARD -i $1 -o $2 -s 172.16.64.0/24 -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward Then I just feed it the wan iface and lan iface sh ./bbshare.sh eth0 eth1
  15. Loop until IP given to victim

    This could easily be an extension -- WAIT_FOR_IP
×