[[PAYLOAD] DrumpCreds 2.0 ( SMB, w/o Internet, w/o USB Storage )]

How does this work when faced with Anti-Virus?

What about encoding/obfuscating the powershell with unicorn?
https://github.com/trustedsec/unicorn

[[PAYLOAD] psh_DownloadExec]

Updated to include a proper status check and borrowed some improvements from Hak5Darren (faster_smb_exfiltrator)

[[PAYLOAD] psh_DownloadExec]

Here's a simple payload to download and execute a powershell payload locally from the BashBunny. This payload is especially useful when running larger Powershell scripts. It's much faster than waiting on HID keystrokes.

[Violation of CoC]

6 hours ago, illwill said:

i saw some people testing that but took about 10 seconds for python to spinup a server

It took less than a second for me. If you wanted to spin up a full featured web server, it may take that long.

 

[Locked Screen]

Adams, that's not how it works. When the computer is locked, keyboard strokes are either applied to the password field to unlock the computer or otherwise ignored.

The reason quick creds and poisontap work on locked computers is because their primary attack vector is the bb masquerading as a usb to ethernet adapter (unchecked, 'installed' and useable). Even then, the remainder of the attack exploits known behavior on network devices and the traffic therein.

Quick creds, and poisontap do not utilize the HID attack mode.

[Violation of CoC]

Good stuff!

Suggestion, throw in RNDIS_ETHERNET as well, spin up a simple python web server `python -m SimpleHTTPServer 80` on the BB and serve the powershell via the bunny instead of the internet. Self-contained, more easily updated.

Then you can use the payload for many other purposes with ease.

[Bunny as Host for USB Devices?]

After some research, I think I've identified the hardware, and usb host mode appears to require alone kernel recompiling. 

[Bunny as Host for USB Devices?]

This would be required for mobile attacks

[Help idiots guide to use Rubberducky code to Basbunny]

Check out the `QUACK` command

http://wiki.bashbunny.com/#!index.md

[Bypass Keyboard Setup Assistant -MAC]

http://pcidatabase.com/

Looks to be:
-------
Vendor ID: 0x05ac - Apple Inc.
Product ID: 0x021e Aluminum Keyboard IT USB

[Looking to Start a Programming Project for BashBunny]

Honestly, bash is easily programmed in notepad or vim. I would look into making a syntax package for something like notepad++, sublime, and/or visual studio code. You can start out with the bash package and add the syntax specific to the bash bunny. 

[Mac&Linux ~/ = root]

I would imagine that bash is expanding that path on the BB before it's sent as keystrokes. 

Try putting your quack strings in a text file and using `QUACK keystrokes.txt`

[New Pineapple - Initial Findings - Mk4]

This might shed some light on the attwifi hotspot questions.

http://seclists.org/pauldotcom/2012/q1/46