NightStalker
-
Posts
46 -
Joined
-
Last visited
-
Days Won
3
Posts posted by NightStalker
-
-
Hello all, As part of a script I am writing I am trying to change directories using the find feature of the drive letter and the $SWITCH_POSITION variable. I tried using Set-Location in Powershell but could not get it to work with the variables needed to find the drive letter and the switch position. I came up with the below and it works in Powershell but not in Ducky Script on the Bash Bunny. I am sure it is because I am missing escapes for special characters (possible) but after hours of trying I could not get it to work. I am at the experts mercy here in the Hak5 Forums :)
The payload.txt has:
Q STRING $driveLetter = (gwmi win32_volume -f 'label=''BashBunny''').Name Q ENTER Q STRING $absPath = $driveLetter+'payloads\'+$SWITCH_POSITION+'\' Q ENTER Q STRING cd $absPath Q ENTER
If I run in PowerShell it works:
PS C:\Users\NightStalker> $driveLetter = (gwmi win32_volume -f 'label=''BashBunny''').Name PS C:\Users\NightStalker> $absPath = $driveLetter+'payloads\'+$SWITCH_POSITION+'\' PS C:\Users\NightStalker> cd $absPath PS G:\payloads\switch1>I am open to other suggestions with the same effect. I appreciate the help in advance. On a side note can you pass variables from the payload.txt to other Powershell scripts the payload calls? If so that would solve my issue as well. :)
Thanks, NightStalker
-
So I was having the same issue and I found that the placement of the "source bunny_helpers.sh" matters. It must be placed after the ATTACKMODE command:
LED R 50 ATTACKMODE HID STORAGE source bunny_helpers.sh Q DELAY 6000This fixed the issue with not being able to read the "$SWITCH_POSITION" variable.
Hope this helps,
NightStalker
-
Sure can,
root@bunny:~# cat /proc/cpuinfo
Processor : ARMv7 Processor rev 5 (v7l)
processor : 0
BogoMIPS : 4800.00processor : 1
BogoMIPS : 4800.00processor : 2
BogoMIPS : 4800.00processor : 3
BogoMIPS : 4800.00Features : swp half thumb fastmult vfp edsp thumbee neon vfpv3 tls vfpv4 idiva idivt
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x0
CPU part : 0xc07
CPU revision : 5Hardware : sun8i
Revision : 0000
Serial : 24005035c50c543c0a4e##############################################
root@bunny:~# cat /proc/version
Linux version 3.4.39 (xbing@xbing-All-Series) (gcc version 4.6.3 20120201 (prerelease) (crosstool-NG linaro-1.13.1-2012.02-20120222 - Linaro GCC 2012.02) ) #130 SMP PREEMPT Fri Feb 10 14:24:25 CST 2017Cheers, NightStalker
-
Hello all, while I am no Photoshop expert I wanted an Icon for my MAC when the Bash Bunny is plugged in as storage so that I can quickly find it so I made the below and wanted to attach here for anyone who would like to use it. This is an original image of mine not one I downloaded. I may clean it up later if needed and will update if I do. It is saved as a .PNG and the first image is how it looks on my MAC desktop. To save just right click the bare drive image and save to your desktop and follow your OS requirements to assign to the Bunny.
Cheers, NightStalker
-
3
-
-
Does it show up in Device Manager? What version of windows? Have you tried another port/computer.
-
It runs and ARM version of Debian so essentially anything you can do in Linux you can do here (for the most part) as far as their parsing and scripting engine I am sure they keep that quiet for specific reasons. I can say (I have a bunny in my hand now) they are very fun to play with and open a world of possibilities.
-
What software image are you needing? If this is for the payloads they are hosted on the Bash Bunny GIT HERE
If you are looking for the recovery image it is built into the bunny to trigger after three failed boot attempts:
Firmware Recovery
If the Bash Bunny fails to boot more than 3 times, it will automatically enter recovery mode. The LED will blink red while the file system is replaced by the backup partition. DO NOT UNPLUG THE BASH BUNNY DURING RECOVERYThis process takes about 3 minutes. When complete, the Bash Bunny will reboot as indicated by the blinking green LED.If you are just looking for the firmware files themselves I am sure there is a reason they are not available without buying the bunny.Cheers, NightStalker -
We did what was possible at the time - sorry it didn't work out like we wanted it to.
Darren and myself are going to have a live hangout on air on Wednesday or Thursday which will cover all the new features in detail. Before then, I will have a proper, in depth changelog up.
I'm currently traveling back home, so I won't be able to do any of this for the next 24h.
Best regards,
Sebkinne
I need to revise pineapple university now with 2.0 out. Likewise Seb and I will be doing a proper release hangout to go over the new features. Sorry the defcon stream was so bad. The network was, well, defconned.
We appreciate what you guys did with the resources you had. Thanks for all the hard work and safe travels back home.
-
Well I knew it was going to be stupid, probably my more lack of knowledge of IPTables. I noticed when I added something to the INPUT chain it showed and when I did the iptables-save command I saw the NAT there. So I searched more and found that PREROUTING was just hidden in the iptables -L command. When I changed it to include the NAT:
===========================================================================
root@kali:~# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000root@kali:~# iptables -t nat --listChain PREROUTING (policy ACCEPT)target prot opt source destinationREDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 10000Chain INPUT (policy ACCEPT)target prot opt source destinationChain OUTPUT (policy ACCEPT)target prot opt source destinationChain POSTROUTING (policy ACCEPT)target prot opt source destinationroot@kali:~#===========================================================================
Hopefully this will help someone else with the same lack of knowledge I had :)NightStalker -
It does show running and the funnier part is when I do an iptables-save I see the line in the config:
===========================================================================
root@kali:~# iptables-save# Generated by iptables-save v1.4.14 on Fri Jan 3 10:38:42 2014*nat:PREROUTING ACCEPT [1:52]:INPUT ACCEPT [1:52]:OUTPUT ACCEPT [8:1016]:POSTROUTING ACCEPT [8:1016]-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 10000COMMIT# Completed on Fri Jan 3 10:38:43 2014# Generated by iptables-save v1.4.14 on Fri Jan 3 10:38:43 2014*filter:INPUT ACCEPT [392:37336]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [252:46598]COMMIT# Completed on Fri Jan 3 10:38:43 2014===========================================================================
-
I am using Kali 1.05 and for some reason when I enter an IPTables rule such as below it does not save or show up when I list the rules:
===========================================================================
root@kali:~# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
root@kali:~# iptables -LChain INPUT (policy ACCEPT)target prot opt source destinationChain FORWARD (policy ACCEPT)target prot opt source destinationChain OUTPUT (policy ACCEPT)target prot opt source destination===========================================================================
Just for giggles I did try with the sudo command but still nothing. Am I missing something stupid?Thanks in advance. -
+1 for the Karma List, Nothing in the GUI to show what is in the list or not. Also would be nice for the small time to give some additional information such as total # of probes, # of clients connected to the pineapple, etc.
-
Makes sense thanks guess some electrical tape time ;)
-
Any chance for this one to control the green power LED as well?
-
Until the Hakshop gets them in, looks like USLEDSupply sells the same batteries but with the USB open:
3800mAh ($35.00US)
http://www.usledsupply.com/shop/12v-battery-pack-12v-3800mah-5v-5600mah.html
6800mAh ($42.00US)
http://www.usledsupply.com/shop/12v-battery-pack-12v-6800mah-5v-9800mah.html
9800mAh ($72.00US)
http://www.usledsupply.com/shop/12v-battery-pack-12v-9800mah-5v-13000mah.html
-
My MK4 used to work fine with the LAN, now not so much. I just flashed to 3.0 just for giggles and still cannot get the LAN to recognize. Tried on Several PCs with manual IP settings and I do not even get Layer 1 connectivity with either the POE/LAN or the WAN/LAN. Not sure whats up but its frustrating to say the least. :(
I even tried direct power to the Pineapple with nothing. I can connect to the wireless just fine but not the physical Ethernet. Any help is appreciated :)
-
That is an amazing setup. I have a T410 I may have to do some "Playing" with :)
-
I would be curious as well. I have both the MK IV and 512MB PI. Haven't had much time to mess with them but curious what they can do together :)
-
I may be as well, would love to put faces to the names I have learned to follow here :) And meet Darren and Shannon finally :)
-
Your right. I removed all those phishing pages. People will have to make there own. I don't want the pineapple to have a bad name. "Only for hacking peoples social networks" I made it too easy for the bad guys to use my plethora of phishing pages and besides when are you ever going to need them. I just want to play my part like every one else to make the pineapple a better tool and show people how to use it(responsibly). I never thought about it in this way. Thanks for everything.
Sorry for taking some time to respond, I have been busy with work :( My opinion is exactly what you stated above. The Pineapple is designed to be a professional tool like a wrench is to a mechanic Sure a criminal can also use that tool to break into someone you knows home but would you put that tool in his hand to make it easier. In the line of work I do, enterprise security, I see too much people who think they are hacking gods and try to "test" the network only to be tracked down 30 minutes later crying on how we found out the MAC address of their "Workstation" they used. I mean some of the noobness is scary. While I love the work you have done Tyler and the video tuts are awesome, make them work for what they do. If they do not know how to make a simple phishing page in the first place they probably should not have the Pineapple in their possession :)
Keep up the great job Hak5 crew, staff, and especially the forums members who give so much back to the community.
-
Saying that we don't have more than "soon" as an ETA yet.
Now I am all giddy like a school boy eagerly waiting for the new update :)
-
I have to agree, I have made some of my own in my testing and have hesitated to share them due to the legality/moral issues. What might be a better approach is to discuss the techniques used to make then based on needs that way it is us to the poster to use his own judgement.
As others have said Google Chrome seems to be the key one I see going around. I personally like to use WGET to fetch the sites right down to the USB drive and edit them with nano.
wget -r --no-check-certificate https://www.somesite.com
Cheers :)
-
Here are a few of mine I use that you have not mentioned, there are either for work or fun:
- Duo Mobile Security (Two Factor Auth)
- gReader
- FoxFi (Turns phone into Wi-Fi Hotspot)
- Subsonic (To stream my music server)
- Netflix (For the ride to work)
- AndFTP
- Lync 2010
-
That is too funny, now off to his site to find out how he did it :)
[Help] Changing directories using Powershell and Ducky Script
in Bash Bunny
Posted
Thank you so much, I was able to finally get it after A LOT of trial and error :), I also found I had to enclose the $SWITCH_POSITION in single quotes to make it work correctly.
Q STRING \$driveLetter = \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\'\).Name
Q ENTER
Q STRING \$absPath = \$driveLetter\+\'payloads\\\'\+\'$SWITCH_POSITION\'\+\'\\\'
Q ENTER
Q STRING cd \$absPath
Q STRING \$driveLetter = \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\'\).Name Q ENTER Q STRING \$absPath = \$driveLetter\+\'payloads\\\'\+\'$SWITCH_POSITION\'\+\'\\\' Q ENTER Q STRING cd \$absPathThank you again, NightStalker