Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


About NightStalker

  • Birthday 03/04/1978

Profile Information

  • Gender
  • Location

Recent Profile Visitors

2,178 profile views

NightStalker's Achievements


Newbie (1/14)

  1. Wow @Darren Kitchen, what an honor to be featured on your show (https://www.youtube.com/watch?v=4B74ig3R9BE&) for such a simple contribution to the community. I am extatic that this script helped people. Thank you so much for being a great host, show and community for enthusiasts like us.
  2. Thank you for the kind words. I am adjusting the timings on the script as I go to find the sweet spots. One of the laptops I tested this on had a big time gap and caused the beginning of the script to be cut off on two of my trial passes so I kept a big delay in the beginning to ensure the machine was fully ready and the bunny was up and running.
  3. Hello all, being a proxy engineer when I got the Bash Bunny the first thing I thought of was how can I force people who are (excuse my assumptions here ) lazy to lock their machines when they walk away and leave them vulnerable. As a pentester an unlocked and unattended machine is a gold mine but you sometimes only have those few precious seconds to gather the data you need. If you could set a proxy and more important a SSL proxy by inserting your certificate as well you could gather all the intel you need even after the initial attack. Enter Proxy Interceptor (Geeky name I know), this payload will enable the proxy settings and import the proxy certificate to the certificate store allowing you to man-in-the-middle the users web traffic including gathering credentials for later escalation use in the pentest. The payload is simple using PowerShell and Ducky Script and the end of the payload will even eject the bash bunny so you can just unplug and walk away. The script is 1.0 so there is more I want to do with it later including adding support for Firefox, running confirmation tests, dropping a script for persistence, and more. As of know this only affects IE and Chrome. Also there is no failure detection as of yet in the PowerShell scripts you just will not get the purple LED to confirm it is completed. I would love to hear your thoughts. https://github.com/ajmatson/bashbunny-payloads/tree/master/payloads/library/Proxy_Interceptor
  4. Thank you so much, I was able to finally get it after A LOT of trial and error :), I also found I had to enclose the $SWITCH_POSITION in single quotes to make it work correctly. Q STRING \$driveLetter = \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\'\).Name Q ENTER Q STRING \$absPath = \$driveLetter\+\'payloads\\\'\+\'$SWITCH_POSITION\'\+\'\\\' Q ENTER Q STRING cd \$absPath Q STRING \$driveLetter = \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\'\).Name Q ENTER Q STRING \$absPath = \$driveLetter\+\'payloads\\\'\+\'$SWITCH_POSITION\'\+\'\\\' Q ENTER Q STRING cd \$absPath Thank you again, NightStalker
  5. Hello all, As part of a script I am writing I am trying to change directories using the find feature of the drive letter and the $SWITCH_POSITION variable. I tried using Set-Location in Powershell but could not get it to work with the variables needed to find the drive letter and the switch position. I came up with the below and it works in Powershell but not in Ducky Script on the Bash Bunny. I am sure it is because I am missing escapes for special characters (possible) but after hours of trying I could not get it to work. I am at the experts mercy here in the Hak5 Forums :) The payload.txt has: Q STRING $driveLetter = (gwmi win32_volume -f 'label=''BashBunny''').Name Q ENTER Q STRING $absPath = $driveLetter+'payloads\'+$SWITCH_POSITION+'\' Q ENTER Q STRING cd $absPath Q ENTER If I run in PowerShell it works: PS C:\Users\NightStalker> $driveLetter = (gwmi win32_volume -f 'label=''BashBunny''').Name PS C:\Users\NightStalker> $absPath = $driveLetter+'payloads\'+$SWITCH_POSITION+'\' PS C:\Users\NightStalker> cd $absPath PS G:\payloads\switch1> I am open to other suggestions with the same effect. I appreciate the help in advance. On a side note can you pass variables from the payload.txt to other Powershell scripts the payload calls? If so that would solve my issue as well. :) Thanks, NightStalker
  6. So I was having the same issue and I found that the placement of the "source bunny_helpers.sh" matters. It must be placed after the ATTACKMODE command: LED R 50 ATTACKMODE HID STORAGE source bunny_helpers.sh Q DELAY 6000 This fixed the issue with not being able to read the "$SWITCH_POSITION" variable. Hope this helps, NightStalker
  7. Sure can, root@bunny:~# cat /proc/cpuinfo Processor : ARMv7 Processor rev 5 (v7l) processor : 0 BogoMIPS : 4800.00 processor : 1 BogoMIPS : 4800.00 processor : 2 BogoMIPS : 4800.00 processor : 3 BogoMIPS : 4800.00 Features : swp half thumb fastmult vfp edsp thumbee neon vfpv3 tls vfpv4 idiva idivt CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x0 CPU part : 0xc07 CPU revision : 5 Hardware : sun8i Revision : 0000 Serial : 24005035c50c543c0a4e ############################################## root@bunny:~# cat /proc/version Linux version 3.4.39 (xbing@xbing-All-Series) (gcc version 4.6.3 20120201 (prerelease) (crosstool-NG linaro-1.13.1-2012.02-20120222 - Linaro GCC 2012.02) ) #130 SMP PREEMPT Fri Feb 10 14:24:25 CST 2017 Cheers, NightStalker
  8. My pleasure, just trying to make it a bit easier :)
  9. Hello all, With MAC's (and Linux) you have to know the device of course to serial into it. To make it quicker for me I wrote the below script to search the MAC for the bash bunny (If you have multiple modems this may not work for you) and prompt you to connect to it. Feel free to use and modify as desired. #!/bin/bash # # Title: Mac Serial Connect # Author: NightStalker # Version: 1.0 # # Finds the Bash Bunny in the /dev/cu.* location and # prompt you to connect to it. clear bunnyloc=`ls /dev/cu.* | grep usbmodem` echo "Bash bunny is located at: $bunnyloc" read -r -p "Would you like to connect to it? (Y/N): " connanswer echo $connanswer if [ "$connanswer" == "N" -o "$connanswer" == "n" ] then exit 0 elif [ "$connanswer" == "Y" -o "$connanswer" == "y" ] then screen $bunnyloc 115200 fi
  10. Hello all, while I am no Photoshop expert I wanted an Icon for my MAC when the Bash Bunny is plugged in as storage so that I can quickly find it so I made the below and wanted to attach here for anyone who would like to use it. This is an original image of mine not one I downloaded. I may clean it up later if needed and will update if I do. It is saved as a .PNG and the first image is how it looks on my MAC desktop. To save just right click the bare drive image and save to your desktop and follow your OS requirements to assign to the Bunny. Cheers, NightStalker
  11. Does it show up in Device Manager? What version of windows? Have you tried another port/computer.
  12. It runs and ARM version of Debian so essentially anything you can do in Linux you can do here (for the most part) as far as their parsing and scripting engine I am sure they keep that quiet for specific reasons. I can say (I have a bunny in my hand now) they are very fun to play with and open a world of possibilities.
  13. What software image are you needing? If this is for the payloads they are hosted on the Bash Bunny GIT HERE If you are looking for the recovery image it is built into the bunny to trigger after three failed boot attempts: Firmware Recovery If the Bash Bunny fails to boot more than 3 times, it will automatically enter recovery mode. The LED will blink red while the file system is replaced by the backup partition. DO NOT UNPLUG THE BASH BUNNY DURING RECOVERY This process takes about 3 minutes. When complete, the Bash Bunny will reboot as indicated by the blinking green LED. http://wiki.bashbunny.com/#!index.md If you are just looking for the firmware files themselves I am sure there is a reason they are not available without buying the bunny. Cheers, NightStalker
  14. Hello Darren, On mine I am running Windows 10 Pro 64-Bit. I did clear all of my payloads and start fresh as well, I get the same failure when it tried to read the files in /root/udisk/payloads/. I would be glad to provide any logs/debugs if you like, just let me know what you need. Regards, NightStalker
  • Create New...