LowValueTarget
-
Posts
80 -
Joined
-
Last visited
-
Days Won
3
Posts posted by LowValueTarget
-
-
9 minutes ago, Paulgommard said:
but I did not need to modify the payload?
should I not replace source bunny_helpers.sh by get.sh ?And how ?
If you use the payload from the master branch on github.com/hak5/bashbunny-payloads, then you do not need to modify the payload. It was updated a couple of days ago for use with v1.1
Regarding the bunny_helpers.sh, v1.1 uses extensions in lieu of bunny_helpers.sh since the update. The new payload should not reference bunny_helpers.sh
From the v1.1 changelog - https://storage.googleapis.com/bashbunny_updates/ch_fw_1.1-changelog.txt
- Extensions - Extensions from the /payloads/library/extensions folder are sourced automatically for each payload.txt. and provide new Bunny Script capabilities. - Extensions replaces bunny_helpers.sh. - RUN - accepts OS and Command to execute for HID injection on various operating systems - RUN WIN "powershell -WindowStyle Hidden \"tree c:\\ > tree.txt\"" - RUN OSX https://www.example.com - RUN UNITY ping -c2 172.16.64.1 - RUN WIN notepad.exe replaces QUACK GUI r; QUACK DELAY 500; QUACK notepad.exe; QUACK ENTER - GET - exports system variables - Accepts TARGET_IP - exports $TARGET_IP for targets IP address - Accepts TARGET_HOSTNAME - exports $TARGET_HOSTNAME for targets hostname - Accepts HOST_IP - exports $HOST_IP for IP address of Bash Bunny - Accepts SWITCH_POSITION - exports $SWITCH_POSITION for current switch position - REQUIRETOOL - Exits payload with LED FAIL state if the specified tool is not found in /tools - DUCKY_LANG - Accepts two letter country code to set the HID injection language for subsequent ducky script / QUACK commands -
4 minutes ago, Paulgommard said:
same problem with me, can someone help us ?..
- Ensure you are actually on version 1.1 -- Look in your USB mass storage root for a version.txt file. If the files doesn't exist, you are not on v1.1.
- Serial into your BB and ensure /tools/responder exists and the appropriate files exist in that folder
- Ensure you are using the latest QuickCreds payload. There is mention of v1.1 compatability in the header.
- Copy your payload to the desired switch, and everything should function just fine.
-
The payload works fine for me on Win8, Win10.
You could potentially pipe the output of this line to a file in the loot or payload folder
python Responder.py -I usb0 $RESPONDER_OPTIONS & -
Glad to hear it!
-
2 minutes ago, Bryfi said:
Looks really good and stealthy! Only problem is it just creates a folder and does not execute the script.
Are you running v1.1 and did you run the impacket setup script?
cd /tools/impacket && python ./setup.py install
-
7 hours ago, Pancakes said:
The tools_instller hasnt worked since 1.1 upgrade. Ples help me fix this
2 hours ago, trumoo said:Same. How do we install impacket manually?
To install responder and impacket manually.
- Copy the impacket and responder folders to the /tools folder on the root of the mass storage partition.
- Unplug the BashBunny and plug it back in with the switch in Arming Mode.
- The folders will be automatically moved to the /tools folder on the OS partition of your BashBunny
- Serial into the BashBunny, change directory, cd /tools/impacket and run `python ./setup.py install`
- Responder and impacket are succesfully installed.
-
Localized SMB Powershell delivery. For when USB and Web methods are disabled or too noisy.
-
I noticed that behavior sometimes
Sebkinne may have a solution or at least some insight.
-
1 hour ago, BLUTOES said:
even after i did a recovery i can't get through the upgrade process, just goes straight from green to blinking blue again
Be sure you are throwing the tar.gz file on the BB and not the extracted contents.
-
Updated QuickCreds for v1.1
https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/credentials/QuickCreds
-
1 minute ago, jafahulo said:
Hey guys, My BB won't recognise the update files. I've read through everything everyone has said here, and have done a firmware reset on my BB and still no cigar... Anybody have any thoughts / ideas? Thanks!
http://wiki.bashbunny.com/#!downloads.md
re-read that carefully. If it's still not working, provide more details of where it fails, what you've done, etc. and I'm sure someone will be able to help out.
-
2 minutes ago, zoro25 said:
Nope that's missing. :-(
That means you're probably not on the latest version. Make sure your firmware tarball hash matches the provided one on the download page.
If your BB is acting like it's upgrading but ends up on a solid blue LED instead of a slowly blinking blue LED, your upgrade failed.
Also, if there's no 'docs', 'tools' or 'languages' folder in your USB storage, you're not on the latest version.
-
1
-
-
1 minute ago, zoro25 said:
is there a way to tell the version from within putty as I don't think my device is updating correctly?
I'm thinking something like a version command which would show current firmware installed.
My banner is currently
Linux bunny 3.4.39 #130 SMP PREEMPT Fri Feb 10 14:24:25 CST 2017 armv7l
_____ _____ _____ _____ _____ _____ _____ _____ __ __
(\___/) | __ || _ || __|| | | | __ || | || | || | || | |
(='.'=) | __ -|| ||__ || | | __ -|| | || | | || | | ||_ _|
(")_(") |_____||__|__||_____||__|__| |_____||_____||_|___||_|___| |_|
Bash Bunny by Hak5 USB Attack/Automation Platform
There should be a version.txt file in the root of the USB storage.
-
3 minutes ago, Bryfi said:
Before I upgrade my BB, do previous 1.0 payloads become deprecated and unusable or you can still use Quack and Delay and GUI r
Don't worry about the payloads. All previous payloads should work. As far as I could tell, all LED statuses may not work; those that combine colors. (e.g. LED R B). Everything else seemed to worked fine.
I updated my payload and pull request to make it more 'compatible' with the new firmware.
-
6 minutes ago, quack said:
it seems that the procedure to install the tools has changed. The script looks for /root/udisk/tools/*.deb
Great except that impacket and responder are not in .deb format .
You can simply take the contents of the tools_to_install folder in the tools_install payload.
You'll have this directory structure on your bash bunny (USB Storage):
tools -->
./responder/
./impacket/Safely eject, make sure the device is in arming mode and insert. The BB will automatically copy the contents of the folder to /tools/. If you throw a deb in there, it will run `dpkg -i <your deb files>`
-
Updated for Firmware 1.1
-
What does a solid blue light after the red blinking light mean?
EDIT: Assuming that means it failed. I believe the file wasn't 100% copied.
-
Demmsec looks to have submitted a pull request that may help
-
The benefit of this approach, depending on the Powershell command, is that nothing ever touches disk and it's a little lower profile than attaching a USB mass storage drive to the computer. Hell, there may even be GP that disables that.
Grabbing the script from the web server is essentially the same as grabbing it from the mass storage right?
There are multiple ways of accomplishing this, however "web" deilvery is tried and true and not reliant on mass storage.
Speed Scenario: You have a unicorn-encoded payload you want to execute. Instead of waiting for the entire payload to be typed out on the victim (~7K of text), you just have the HID type out the ~238 bytes of text and go.
-
Thank you!
-
Also, don't forget to check the pull requests - https://github.com/hak5/bashbunny-payloads/pulls
-
7 minutes ago, qdba said:
@LowValueTarget At the moment MS Defender and Avira Antivir don't detect it. But I'm sure in 1 or 2 days they will :-
Feel free to obfuscate the code if you want.
I won't publish some encoded or obfuscated code here in this forum.
If I do so, I'm sure some Anti-Virus Tools will detect it in 1 or 2 days.
Fair enough. Good payload.
-
Going through the forums looking for payloads is not always the easiest. I made a quick list for myself of the payload discussions I could find on the first 5 pages for the Bash Bunny forums. Here's a list.
If you're up for trying some, I'm sure the authors could use feedback, additional testing on hardware/software they may not have access to; efficiency improvements or bug reports.
Feel free to reply and add more if I've missed any.
- [PAYLOAD] DrumpCreds 2.0 ( SMB, w/o Internet, w/o USB Storage )
- [PAYLOAD] Rick Roll Prank
- [PAYLOAD] BrowserBunny
- [PAYLOAD] SMB Exfiltrator
- [PAYLOAD] USB_Exfiltrator
- [PAYLOAD] MrRobot
- [PAYLOAD] Android Open URL (Unlocked)
- [PAYLOAD] psh_DownloadExec
- [PAYLOAD] Rooter
- [PAYLOAD] Ghost Cleanup
- [PAYLOAD] FTP Exfiltrator
- [PAYLOAD] dns_spoofer
- [PAYLOAD] BrowserCreds
- [PAYLOAD] ProxyInterceptor
- [PAYLOAD] WiFiCreds
- [PAYLOAD] QuickCreds
- [PAYLOAD] DuckToolKit + Languages
- [PAYLOAD] PasswordGrabber
- [PAYLOAD] Chrome Creds
-
1
-
What are your thoughts on a subforum for new/updated payloads only?
People seem to be creating quite a few payloads, and pull requests seem to be quite slow to get reviewed/merged. I suggest a subforum, e.g. `Home > Active Projects > Bash Bunny > Payload Discussion` for people to post new payload threads which will allow forum visitors to easily find and try new payloads and provide input before Github merges.
Support, features suggestions, etc can stay in the parent forum.
-
3
-
[Firmware >= v1.1] Install Impacket and Responder
in Bash Bunny
Posted · Edited by LowValueTarget
Please see the official Hak5 tools sticky
It seems like quite a few folks are having some trouble getting impacket and responder installed since the firmware v1.1 update. Here is a dead simple script that you can run on your BashBunny to install the two most commonly used tools in the currently published payloads.StepsSetup your BashBunny to share internet with your host machine, then SSH into the bunny.Ensure it has an internet connection. I prefer a simple ping to 4.2.2.2Run the following commandThe content of the script can be viewed below and at the following URL: https://scripts.10ninetysix.com/bb/git_impacket_responder.txtNote: I believe Sebkinne is creating, or has created .deb files for impacket and responder that will be easily installed by placing them in the USB storage /tools/ folder, however those have yet to be released. I am guessing they will be released with the 1.2 firmware.