Jump to content

SRG

Active Members
  • Posts

    22
  • Joined

  • Last visited

Posts posted by SRG

  1. Just to confirm, could you ensure you're loading an HTTP page and not HTTPS?  When I tested and was most frustrated, I realized I was clicking on favorites links, all of which were HTTPS.  In the payload, only port 80 is being redirected to the captive portal.

    For the final question, that's all about how you plan to do your pentesting. Most of the payloads are meant to be quick ways of performing "unexpected backups" or injecting keystrokes to configure a computer, then make a quick exit with the BashBunny. This one would likely be more useful for while you're nearby. Maybe get the captive portal running while you're in a meeting with someone to capture creds, then once captured, grab the BashBunny and exit.

  2. There's three positions.  The one closest to the computer is "arming" mode.  It doesn't do anything but it does allow you to copy your payload to the other two switch positions.

    Position 1 is the farthest away from the computer and Position 2 is in the middle. They actually do the stuff in the payload.txt file in their respective directories.

     

  3. Items such cleaning the MRU list in Windows is such a common act, would it be good to add to a common library so it's not duplicated across payloads? There could be several common functions that are frequently used that could be called easily.  win_ClearMRU() would be a simple call.

    payloads\library\common\*.sh

    Just source all sh files in that folder since Bash functions don't really add much overhead.  Maybe have them included manually if you're concerned about expanding the namespace too much. 

    Just a suggestion.

  4. I can see AV apps or anti-malware apps monitoring for a USB device named BashBunny.  Would it make sense to have a configuration option to change the device label and have that device name as part of bunny_helpers.sh?

  5. Note that this is configured to only http.  If your home page is https, it won't be automagically redirected as is.  Try a direct http link to see if it is perhaps being redirected now.

    It wasn't working for me yesterday but today's pull seems to be working.  I can't say for certain that I tried http yesterday unsuccessfully but can say that the current version is working fine for me.

  6. Hi.  I'm experiencing the same thing.  It's just the PineAP module that's doing it.  In looking at the file system, the settings are actually being saved.  It's the reading back that isn't working.  I tick the checkboxes and the files show the values changed but on reload, they're not read back properly.  It's on my to-do list to investigate further but thought I'd share that in case anyone has suggestions.

  7. I use a small "MiFi" device from FreedomPop. Device is cheap, then you can either go with the free service for 500MB/month or you can upgrade to something higher. One benefit is that you can connect several devices including the Pineapple and your laptop. http://www.freedompop.com The batteries on these things last a long, long time. I actually have two, one for just this and one for my own personal use.

    If you wanted to use my referral to give me bonus megs: http://fpop.co/eDcM or use the link above to not give me a referral.

  8. Interestingly, no.

    root@Pineapple:~# wifi detect
    root@Pineapple:~#
    root@Pineapple:~# ifconfig
    br-lan    Link encap:Ethernet  HWaddr 00:13:37:xx:xx:xx  
              inet addr:172.16.42.1  Bcast:172.16.42.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:17029 errors:0 dropped:13 overruns:0 frame:0
              TX packets:10151 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:2008384 (1.9 MiB)  TX bytes:7053578 (6.7 MiB)
    
    
    eth0      Link encap:Ethernet  HWaddr 00:13:37:xx:xx:xx  
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
              Interrupt:4 
    
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:205019 errors:0 dropped:0 overruns:0 frame:0
              TX packets:205019 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:222236833 (211.9 MiB)  TX bytes:222236833 (211.9 MiB)
    
    
    wlan0     Link encap:Ethernet  HWaddr 00:13:37:xx:xx:xx 
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:13498 errors:0 dropped:0 overruns:0 frame:0
              TX packets:10875 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:1780303 (1.6 MiB)  TX bytes:7088644 (6.7 MiB)
    
    
    wlan1     Link encap:Ethernet  HWaddr 00:13:37:xx:xx:xx 
              inet addr:192.168.1.118  Bcast:192.168.1.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:121617 errors:0 dropped:243 overruns:0 frame:0
              TX packets:186741 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:15919523 (15.1 MiB)  TX bytes:212544794 (202.6 MiB)
  9. 2vif406.jpg

    My setup.

    Bottom left is a NFC tag so I can quickly set up my Note III. Also down there is my Rubber Ducky.

    On the right is my Mark IV, battery pack, Mark V and Reaver. In the middle in the rings are my 8 AAA battery pack, cables, and parts. Spread throughout velcro'ed around are spare parts such as a micro-SD reader, usb disks, antenna, etc. All zipped up in a nice black leather portfolio which looks right in place in any environment including coffee shops and office environments. Note that the battery power switch is accessible right where the zipper meets so I can hit the power switch without even opening it. Complete stealth.

  10. Hi.

    I'd like to switch between different wifi hotspots depending where I am. I think the DIP switches are the easiest method. How do I get started there?

    I believe I just need to get a copy of a specific config file for each hotspot. Then depending on which DIP switch combo I have, put the appropriate config file in place. I have the concept but don't have the details yet.

    Any guidance is greatly appreciated.

    Thanks in advance.

    SRG

×
×
  • Create New...