Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by LowValueTarget

  1. There should be a version.txt file in the root of the USB storage.
  2. Don't worry about the payloads. All previous payloads should work. As far as I could tell, all LED statuses may not work; those that combine colors. (e.g. LED R B). Everything else seemed to worked fine. I updated my payload and pull request to make it more 'compatible' with the new firmware.
  3. You can simply take the contents of the tools_to_install folder in the tools_install payload. You'll have this directory structure on your bash bunny (USB Storage): tools --> ./responder/ ./impacket/ Safely eject, make sure the device is in arming mode and insert. The BB will automatically copy the contents of the folder to /tools/. If you throw a deb in there, it will run `dpkg -i <your deb files>`
  4. What does a solid blue light after the red blinking light mean? EDIT: Assuming that means it failed. I believe the file wasn't 100% copied.
  5. Demmsec looks to have submitted a pull request that may help https://github.com/hak5/bashbunny-payloads/pull/135/files
  6. The benefit of this approach, depending on the Powershell command, is that nothing ever touches disk and it's a little lower profile than attaching a USB mass storage drive to the computer. Hell, there may even be GP that disables that. Grabbing the script from the web server is essentially the same as grabbing it from the mass storage right? There are multiple ways of accomplishing this, however "web" deilvery is tried and true and not reliant on mass storage. Speed Scenario: You have a unicorn-encoded payload you want to execute. Instead of waiting for the entire payload to be typed out on the victim (~7K of text), you just have the HID type out the ~238 bytes of text and go.
  7. Also, don't forget to check the pull requests - https://github.com/hak5/bashbunny-payloads/pulls
  8. Going through the forums looking for payloads is not always the easiest. I made a quick list for myself of the payload discussions I could find on the first 5 pages for the Bash Bunny forums. Here's a list. If you're up for trying some, I'm sure the authors could use feedback, additional testing on hardware/software they may not have access to; efficiency improvements or bug reports. Feel free to reply and add more if I've missed any. [PAYLOAD] DrumpCreds 2.0 ( SMB, w/o Internet, w/o USB Storage ) Discussion: https://forums.hak5.org/index.php?/topic/40582-payload-drumpcreds-20-smb-wo-internet-wo-usb-storage/ [PAYLOAD] Rick Roll Prank Discussion: https://forums.hak5.org/index.php?/topic/40579-payload-rickroll-prank/ [PAYLOAD] BrowserBunny Discussion: https://forums.hak5.org/index.php?/topic/40571-payload-browserbunny/ [PAYLOAD] SMB Exfiltrator Discussion: https://forums.hak5.org/index.php?/topic/40509-payload-smb-exfiltrator/ [PAYLOAD] USB_Exfiltrator Discussion: https://forums.hak5.org/index.php?/topic/40225-payload-usb_exfiltrator/ [PAYLOAD] MrRobot Discussion: https://forums.hak5.org/index.php?/topic/40524-payload-mrrobot/ [PAYLOAD] Android Open URL (Unlocked) Discussion: https://forums.hak5.org/index.php?/topic/40565-payload-android-open-url-unlocked/ [PAYLOAD] psh_DownloadExec Discussion: https://forums.hak5.org/index.php?/topic/40529-payload-psh_downloadexec/ [PAYLOAD] Rooter Discussion: https://forums.hak5.org/index.php?/topic/40561-payload-rooter/ [PAYLOAD] Ghost Cleanup Discussion: https://forums.hak5.org/index.php?/topic/40343-payload-ghost-cleanup/ [PAYLOAD] FTP Exfiltrator Discussion: https://forums.hak5.org/index.php?/topic/40492-payload-ftp-exfiltrator/ [PAYLOAD] dns_spoofer Discussion: https://forums.hak5.org/index.php?/topic/40487-payload-dns_spoofer/ [PAYLOAD] BrowserCreds Discussion: https://forums.hak5.org/index.php?/topic/40431-payload-browsercreds/ [PAYLOAD] ProxyInterceptor Discussion: https://forums.hak5.org/index.php?/topic/40476-payload-proxy-interceptor/ [PAYLOAD] WiFiCreds Discussion: https://forums.hak5.org/index.php?/topic/40413-payload-wificreds/ [PAYLOAD] QuickCreds Discussion: https://forums.hak5.org/index.php?/topic/40226-payload-quickcreds/ [PAYLOAD] DuckToolKit + Languages Discussion: https://forums.hak5.org/index.php?/topic/40444-payload-ducktoolkit-languages/ [PAYLOAD] PasswordGrabber Discussion: https://forums.hak5.org/index.php?/topic/40437-payload-passwordgrabber/ [PAYLOAD] Chrome Creds Discussion: https://forums.hak5.org/index.php?/topic/40387-dumping-chrome-creds-completely-in-memory-using-powershell/
  9. What are your thoughts on a subforum for new/updated payloads only? People seem to be creating quite a few payloads, and pull requests seem to be quite slow to get reviewed/merged. I suggest a subforum, e.g. `Home > Active Projects > Bash Bunny > Payload Discussion` for people to post new payload threads which will allow forum visitors to easily find and try new payloads and provide input before Github merges. Support, features suggestions, etc can stay in the parent forum.
  10. How does this work when faced with Anti-Virus? What about encoding/obfuscating the powershell with unicorn? https://github.com/trustedsec/unicorn
  11. Updated to include a proper status check and borrowed some improvements from Hak5Darren (faster_smb_exfiltrator)
  12. Here's a simple payload to download and execute a powershell payload locally from the BashBunny. This payload is especially useful when running larger Powershell scripts. It's much faster than waiting on HID keystrokes.
  13. Did you have an issue running `ATTACKMODE HID RDNIS_ETHERNET`? I am trying to write a simply payload that requires both, but it seems windows doesn't like that combo although it shows supported on the wiki. I may have to borrow your approach.
  14. It took less than a second for me. If you wanted to spin up a full featured web server, it may take that long.
  15. Adams, that's not how it works. When the computer is locked, keyboard strokes are either applied to the password field to unlock the computer or otherwise ignored. The reason quick creds and poisontap work on locked computers is because their primary attack vector is the bb masquerading as a usb to ethernet adapter (unchecked, 'installed' and useable). Even then, the remainder of the attack exploits known behavior on network devices and the traffic therein. Quick creds, and poisontap do not utilize the HID attack mode.
  16. Good stuff! Suggestion, throw in RNDIS_ETHERNET as well, spin up a simple python web server `python -m SimpleHTTPServer 80` on the BB and serve the powershell via the bunny instead of the internet. Self-contained, more easily updated. Then you can use the payload for many other purposes with ease.
  17. After some research, I think I've identified the hardware, and usb host mode appears to require alone kernel recompiling.
  18. This would be required for mobile attacks
  19. Just a heads up. I'm not sure the bunny supports communication to usb devices as a host. No luck as of yet.
  20. Check out the `QUACK` command http://wiki.bashbunny.com/#!index.md
  21. http://pcidatabase.com/ Looks to be: ------- Vendor ID: 0x05ac - Apple Inc. Product ID: 0x021e Aluminum Keyboard IT USB
  22. Honestly, bash is easily programmed in notepad or vim. I would look into making a syntax package for something like notepad++, sublime, and/or visual studio code. You can start out with the bash package and add the syntax specific to the bash bunny.
  • Create New...