Jump to content
Hak5 Forums


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


About LowValueTarget

  • Rank
    Hak5 Fan ++

Recent Profile Visitors

703 profile views
  1. LowValueTarget

    Payload for android

    Interesting -- good to know.
  2. LowValueTarget

    Payload for android

    It's connecting to the phone? Of course ADB will run -- but will it connect?
  3. LowValueTarget

    Payload for android

    In order to work with ADB, the BashBunny needs to be a Host -- currently , there is no way to make the BB run as a host afaik.
  4. LowValueTarget

    Detect when Powershell payload has finished

    There are numerous payloads with checks built in. My PSH Exec payload for instance, waits for a file to be created on the share for instance. https://gist.github.com/hink/cc0a0422728d1ee77c89b528d3b62c3a
  5. LowValueTarget

    Attack Mode: HOST?

    I remember talk a while ago about potentially adding a HOST attack mode where the bash bunny would essentially become a USB host. This would facilitate attacks on phones and other devices that normally act as USB clients. Has there been any progress made on this front?
  6. LowValueTarget

    [PAYLOAD-UPDATE] psh_DownloadExecSMB

    I've updated my psh_DownloadExecSMB payload to allow for exfiltration. psh_DownloadExecSMB will take any powershell payload, execute it and alert via green LED when it's completed. All file transfers happens over SMB to the Bash Bunny. In order to exfil data, have your powershell payload upload to \\\s\l\ -- this will be copied to the BB as loot. Bonus: Because this payload uses SMB, any captured SMB credentials will be stored as loot. My Repo: https://github.com/hink/bashbunny-payloads/tree/payload/pshExecFixes/payloads/library/execution/psh_DownloadExecSMB Pull Request: https://github.com/hak5/bashbunny-payloads/pull/268
  7. LowValueTarget

    Checking loot from BashBunny for new files

    I've updated one of my payloads recently that might be able to help out. Check out https://github.com/hak5/bashbunny-payloads/pull/268 (it hasn't been merged yet) for an updated psh_DownloadExecSMB. psh_DownloadExecSMB essentially runs a powershell payload from the BB using SMB. Because it's using SMB, it makes it trivial to exfil data. Also, since the powershell payload is abstracted from the BB payload, your possibilites are endless. The payload waits for the powershell to complete, and then changes the LED green. If you want to exfil data, put that corresponding powershell in p.txt and upload to \\\s\l\ -- this will be copied to the BB as loot.
  8. Take a step back and think about what you are asking. Ask it this way -- "Am I able to accomplish this with a keyboard, a mouse, a network accessible linux computer, a serial device, a usb ethernet adapater and a thumb drive?"
  9. LowValueTarget

    [Question]Copy file to locked PC

    Short Answer: No (not that i am aware of) Long Answer: The BashBunny is not some magic hacking device. Think of it this way. If you have a linux computer, a USB flash drive, a USB keyboard, a USB ethernet adapter, and a USB serial device, would you be able to accomplish what you are trying to accomplish? That's basically what the bashbunny is, with automation capabilities. Theoretical: You might be able to use responder to get a password hash from the target, then crack it or pass it to the victim assuming they aren't using SMBV2 and have SMB file sharing enabled. Even then, you'd be limited to file location if the user is not an Administrator.
  10. LowValueTarget

    Storage file filter rules

    Like Unixnerd777 said, use SMB, FTP, HTTP, or some other delivery device and forego the storage method.
  11. LowValueTarget

    Making an executable file run

    Take a look at the following payload. It sets up a FireTV (android device) to download and install an APK. https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/android/fireytv
  12. LowValueTarget

    Concealed-Exfiltration attacks with Bash Bunny for Android?

    There's a payload floating around that uses adb remote to connect to an android device. Based on my ideas, there's really not much you can do until BashBunny gets USB host support. I have an idea that will try ADB (assuming the victim phone has USB Debugging enabled) first, then fallback to MTP if ADB is not enabled. This would allow relatively plug-n-play exfil of user data.
  13. LowValueTarget

    Dual Attack Modes

    Yes as of 1.3 i believe.
  14. LowValueTarget

    Anyone who can help make my script more effective or faster?

    In your payload.txt, you can remove about 10 lines and replace it with one. https://gist.github.com/hink/a8b57d16234042e5adc0182e5e1779c7 GET SWITCH_POSITION takes care of the logic of finding the switch position for you. It's a default extension.
  15. LowValueTarget

    [Firmware >= v1.1] Install Impacket and Responder

    That's perfectly fine. Glad to hear it.