SRG

CMD-SHIFT-F toggles the toolbar in a maximized Chrome window? CTRL-CMD-F toggles full screen. I think you've just got the wrong key combo.

Just to confirm, could you ensure you're loading an HTTP page and not HTTPS? When I tested and was most frustrated, I realized I was clicking on favorites links, all of which were HTTPS. In the payload, only port 80 is being redirected to the captive portal. For the final question, that's all about how you plan to do your pentesting. Most of the payloads are meant to be quick ways of performing "unexpected backups" or injecting keystrokes to configure a computer, then make a quick exit with the BashBunny. This one would likely be more useful for while you're nearby. Maybe get the captive portal running while you're in a meeting with someone to capture creds, then once captured, grab the BashBunny and exit.

When you say "position 1" are you meaning the position closest to the computer? If so, that's arming mode. It's not supposed to execute any code.

There's three positions. The one closest to the computer is "arming" mode. It doesn't do anything but it does allow you to copy your payload to the other two switch positions. Position 1 is the farthest away from the computer and Position 2 is in the middle. They actually do the stuff in the payload.txt file in their respective directories.

Try pulling the payloads again from Github. There's be a bunch of updates. Make sure your bunny_helpers.sh file on the BashBunny is updated.

Items such cleaning the MRU list in Windows is such a common act, would it be good to add to a common library so it's not duplicated across payloads? There could be several common functions that are frequently used that could be called easily. win_ClearMRU() would be a simple call. payloads\library\common\*.sh Just source all sh files in that folder since Bash functions don't really add much overhead. Maybe have them included manually if you're concerned about expanding the namespace too much. Just a suggestion.

I can see AV apps or anti-malware apps monitoring for a USB device named BashBunny. Would it make sense to have a configuration option to change the device label and have that device name as part of bunny_helpers.sh?

autorun.inf is less successful than it was when it first came out. The best way is to use the BashBunny to inject keystrokes to run an executable.

Note that this is configured to only http. If your home page is https, it won't be automagically redirected as is. Try a direct http link to see if it is perhaps being redirected now. It wasn't working for me yesterday but today's pull seems to be working. I can't say for certain that I tried http yesterday unsuccessfully but can say that the current version is working fine for me.

Hi. I'm experiencing the same thing. It's just the PineAP module that's doing it. In looking at the file system, the settings are actually being saved. It's the reading back that isn't working. I tick the checkboxes and the files show the values changed but on reload, they're not read back properly. It's on my to-do list to investigate further but thought I'd share that in case anyone has suggestions.

SublimeText has ShellScriptImproved as a package that is easily installed to give Bash shell script syntax highlighting. Love SublimeText. :)

I agree with OS first. I'd be disappointed to look through type to find something I really wanted only to discover it wasn't applicable to my target OS.

Easiest way both for maintenance as well as for actual use is to put your script as is into a file. Say ducky.txt. Then do: QUACK ducky.txt Otherwise, if you want it inline, just put QUACK in front of each line.

I use a small "MiFi" device from FreedomPop. Device is cheap, then you can either go with the free service for 500MB/month or you can upgrade to something higher. One benefit is that you can connect several devices including the Pineapple and your laptop. http://www.freedompop.com The batteries on these things last a long, long time. I actually have two, one for just this and one for my own personal use. If you wanted to use my referral to give me bonus megs: http://fpop.co/eDcM or use the link above to not give me a referral.

That gave me a blank file. I think it's time for a reflash. I'll report back.

Interestingly, no. root@Pineapple:~# wifi detect root@Pineapple:~# root@Pineapple:~# ifconfig br-lan Link encap:Ethernet HWaddr 00:13:37:xx:xx:xx inet addr:172.16.42.1 Bcast:172.16.42.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:17029 errors:0 dropped:13 overruns:0 frame:0 TX packets:10151 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2008384 (1.9 MiB) TX bytes:7053578 (6.7 MiB) eth0 Link encap:Ethernet HWaddr 00:13:37:xx:xx:xx UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:4 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:205019 errors:0 dropped:0 overruns:0 frame:0 TX packets:205019 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:222236833 (211.9 MiB) TX bytes:222236833 (211.9 MiB) wlan0 Link encap:Ethernet HWaddr 00:13:37:xx:xx:xx UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13498 errors:0 dropped:0 overruns:0 frame:0 TX packets:10875 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1780303 (1.6 MiB) TX bytes:7088644 (6.7 MiB) wlan1 Link encap:Ethernet HWaddr 00:13:37:xx:xx:xx inet addr:192.168.1.118 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:121617 errors:0 dropped:243 overruns:0 frame:0 TX packets:186741 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:15919523 (15.1 MiB) TX bytes:212544794 (202.6 MiB)

Hmm. Timely posting. I'm trying to add the AWUS036NHR model. When I run wifi detect, it comes up empty. Sending the output of wifi detect to a text file leaves me with a blank file. Any suggestions? ifconfig does not show it listed. Thanks in advance.

My setup. Bottom left is a NFC tag so I can quickly set up my Note III. Also down there is my Rubber Ducky. On the right is my Mark IV, battery pack, Mark V and Reaver. In the middle in the rings are my 8 AAA battery pack, cables, and parts. Spread throughout velcro'ed around are spare parts such as a micro-SD reader, usb disks, antenna, etc. All zipped up in a nice black leather portfolio which looks right in place in any environment including coffee shops and office environments. Note that the battery power switch is accessible right where the zipper meets so I can hit the power switch without even opening it. Complete stealth.

Hi. I'd like to switch between different wifi hotspots depending where I am. I think the DIP switches are the easiest method. How do I get started there? I believe I just need to get a copy of a specific config file for each hotspot. Then depending on which DIP switch combo I have, put the appropriate config file in place. I have the concept but don't have the details yet. Any guidance is greatly appreciated. Thanks in advance. SRG

(facepalm) First post and I showed that my Google-Fu is weak today. Thank you for the very quick and accurate reply.

I want to add a higher gain antenna to the side clients connect to. Which antenna is which? Should I connect it to the side with the dip switches or the side away from them? Thanks in advance!