LowValueTarget
-
Posts
80 -
Joined
-
Last visited
-
Days Won
3
Posts posted by LowValueTarget
-
-
Updated to include a proper status check and borrowed some improvements from Hak5Darren (faster_smb_exfiltrator)
-
Here's a simple payload to download and execute a powershell payload locally from the BashBunny. This payload is especially useful when running larger Powershell scripts. It's much faster than waiting on HID keystrokes.
-
6 hours ago, illwill said:
i saw some people testing that but took about 10 seconds for python to spinup a server
It took less than a second for me. If you wanted to spin up a full featured web server, it may take that long.
-
Adams, that's not how it works. When the computer is locked, keyboard strokes are either applied to the password field to unlock the computer or otherwise ignored.
The reason quick creds and poisontap work on locked computers is because their primary attack vector is the bb masquerading as a usb to ethernet adapter (unchecked, 'installed' and useable). Even then, the remainder of the attack exploits known behavior on network devices and the traffic therein.
Quick creds, and poisontap do not utilize the HID attack mode.
-
Good stuff!
Suggestion, throw in RNDIS_ETHERNET as well, spin up a simple python web server `python -m SimpleHTTPServer 80` on the BB and serve the powershell via the bunny instead of the internet. Self-contained, more easily updated.
Then you can use the payload for many other purposes with ease.
-
After some research, I think I've identified the hardware, and usb host mode appears to require alone kernel recompiling.
- 1
-
This would be required for mobile attacks
- 1
-
Check out the `QUACK` command
-
Looks to be:
-------
Vendor ID: 0x05ac - Apple Inc.
Product ID: 0x021e Aluminum Keyboard IT USB -
Honestly, bash is easily programmed in notepad or vim. I would look into making a syntax package for something like notepad++, sublime, and/or visual studio code. You can start out with the bash package and add the syntax specific to the bash bunny.
-
I would imagine that bash is expanding that path on the BB before it's sent as keystrokes.
Try putting your quack strings in a text file and using `QUACK keystrokes.txt`
- 1
-
This might shed some light on the attwifi hotspot questions.
[PAYLOAD] DrumpCreds 2.0 ( SMB, w/o Internet, w/o USB Storage )
in Payloads
Posted
How does this work when faced with Anti-Virus?
What about encoding/obfuscating the powershell with unicorn?
https://github.com/trustedsec/unicorn