Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About LowValueTarget

  • Rank
    Hak5 Fan ++

Recent Profile Visitors

1,004 profile views
  1. I've noticed the forums kinda died and the Github pull requests haven't been accepted/reviewed in months. What's the deal?
  2. Interesting -- good to know.
  3. It's connecting to the phone? Of course ADB will run -- but will it connect?
  4. In order to work with ADB, the BashBunny needs to be a Host -- currently , there is no way to make the BB run as a host afaik.
  5. There are numerous payloads with checks built in. My PSH Exec payload for instance, waits for a file to be created on the share for instance. https://gist.github.com/hink/cc0a0422728d1ee77c89b528d3b62c3a
  6. I remember talk a while ago about potentially adding a HOST attack mode where the bash bunny would essentially become a USB host. This would facilitate attacks on phones and other devices that normally act as USB clients. Has there been any progress made on this front?
  7. I've updated my psh_DownloadExecSMB payload to allow for exfiltration. psh_DownloadExecSMB will take any powershell payload, execute it and alert via green LED when it's completed. All file transfers happens over SMB to the Bash Bunny. In order to exfil data, have your powershell payload upload to \\\s\l\ -- this will be copied to the BB as loot. Bonus: Because this payload uses SMB, any captured SMB credentials will be stored as loot. My Repo: https://github.com/hink/bashbunny-payloads/tree/payload/pshExecFixes/payloads/library/execution/psh_DownloadExecSMB
  8. I've updated one of my payloads recently that might be able to help out. Check out https://github.com/hak5/bashbunny-payloads/pull/268 (it hasn't been merged yet) for an updated psh_DownloadExecSMB. psh_DownloadExecSMB essentially runs a powershell payload from the BB using SMB. Because it's using SMB, it makes it trivial to exfil data. Also, since the powershell payload is abstracted from the BB payload, your possibilites are endless. The payload waits for the powershell to complete, and then changes the LED green. If you want to exfil data, put that corresponding powershe
  9. This is great! Two quick questions. 1. Does ATTACKMODE OFF essentially turn the BB into a USB host? 2. When using RNDIS_SPEED_XX, is RNDIS_ETHERNET a prerequisite, or are they mutally exclusive? Thanks,
  10. https://security.stackexchange.com/questions/72005/are-there-any-ways-to-leverage-ntlm-v2-hashes-during-a-penetration-test
  11. Check this out too -- may be double work https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/android/open_url
  12. Cool payload, here's a couple of suggestions. Put the key commands in a text file under a folder called phones. This will allow someone else to modify the payload for numerous other phones. e.g. phones/nexus9_v7.0.txt, phones/galaxys7_v7.0.txt Use the bash bunny as an ethernet device and pull the payload from a webserver there, so you don't rely on any external infrastructure. Good stuff! One more note, you could start and try the adb method in case the phone has USB debugging enabled. If not you can fall back to the key commands. I am working on a similar payload for a
  13. How does this work when faced with Anti-Virus? What about encoding/obfuscating the powershell with unicorn? https://github.com/trustedsec/unicorn
  • Create New...