Jump to content
Hak5 Forums


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About MB60893

  • Rank
    Student; Software Specialist

Profile Information

  • Gender
  • Location
  • Interests
    Software; Hardware; Old Computers; Artificial Intelligence; Operating System Internals; System Architecture; Digital Equipment Corporation;

Recent Profile Visitors

2,296 profile views
  1. Flash the Bash Bunny with the v1.5 firmware. See if you still have the same problem after doing so.
  2. Try a different payload that doesn't require any dependencies/packages/tools on the bunny. As for the apt-get upgrade, this is most likely because you haven't followed the network sharing guide for Windows/Linux. There are instructions on the Bash Bunny Wiki.
  3. MB60893

    Issue With BB

    Run the chkdsk utility on the drive. Refer to any USB with this problem on Windows.
  4. MB60893

    usb0 and usb1 not found

    I think Seb pinned a post in the Bash Bunny forum somewhere with the image for the bash bunny. Possibly try flashing that onto the bunny...? It may be a few versions behind, but when you update it, everything should work just fine. EDIT: Almost forgot the link: https://wiki.bashbunny.com/#!downloads.md
  5. MB60893

    bunny updater payloads library seems limited

    Darren said in a video some time ago that he will be working on streamlining the process for approving and merging community payloads into a repository. Apparently the GitHub solution hasn't been working too well for some reasons (of which he did not go into detail.)
  6. MB60893

    A big problem!!!I need you heip,thanks.

    To be clear, you can't access it at all through PuTTY or any other terminal access? If the drive is lockerd on the attack side, but not on the Bash Bunny's linux box side, then you could simply reformat the partition that is usually shown on the machine being exploited.
  7. Also, see this article: https://serverfault.com/questions/430682/dpkg-warning-files-list-file-for-package-x-missing
  8. I will attempt to find another solution... For the time being, I would attempt to get the bash bunny connected to the internet, and ensure you can ping a known server on the internet. If you get ping replies, try running my scripts again, and rebooting before running the apt-get upgrade and update. Also: try clearing the apt-cache. That may also help.
  9. Can you provide more information @vay3t? Possibly some things you've tried, or the error messages you're getting?
  10. Make sure to enable network sharing to the Bash Bunny. This needs to be done on Windows otherwise the payload won't give anything in the loot folder.
  11. MB60893

    Ability question

    The idea is that a locked PC can't have data exfiltrated from it, without having some method of transmitting/receiving data from behind the scenes (see Mubix example for snagging creds from a locked machine.) For a reverse-shell to be started, you need to actually be able to copy the file to the computer and execute it, meaning that you would have to have access to the machine through a graphical user interface of command line to copy the file and execute it. The best way of knowing whether the Bash Bunny can do something is to look at other people's examples, or try things out on a computer beforehand by typing everything on the keyboard yourself. This will give you an indication as to what is possible, and what is not.
  12. MB60893

    Bare Metal Programming

    @e-Euler A question I have frequently asked! It depends on what you want to do. For example, the USB Rubber Ducky is based off an Arduino Teensy platform, which is typically programmed in C. If you're interested in making hardware, check out Arduino type solutions and PICAXE microcontroller chips. If you want to go a step up from here, you could check out Field Programmable Gate Arrays (FPGAs.) Think of these like "liquid" hardware, in the sense that you program them using Verilog or VHDL, and the physical gates on the chip become a piece of hardware you create. It's kind of difficult to explain, but Ben Heck had a great example on his show where he turned an FPGA into a GameBoy, not by actually simulating a GameBoy's software like an emulator does, but actually by making the FPGA work physically like the electronics of the GameBoy of old. I wouldn't blame you if FPGA's are too complicated though... Personally, I would recommend using an Arduino for custom-hardware solutions as they are quick to use, and easily scalable to meet your needs. If you need a more powerful base, I'd recommend looking at using a Raspberry Pi and the GPIO pins on board, which can be used just like the pins on an Arduino. Additionally, I have done numerous projects with a library for C called "WiringPi", which gives you the ability to use Arduino commands in your C code for the GPIO pins! If that is still too complicated, Python also has some easy GPIO examples for the Raspberry Pi, although you will substantially compromise performance of the solution for easy coding in return. I hope this helps! If you have any other queries, feel free to write them below or DM me. ^_^ -MB60893.
  13. MB60893

    Does keystroke injection work on iPhone?

    I don't know about opening apps and stuff, but on the logitech ultrathin portable keyboard cover for iPad, you could move around the screen using the "command" and "left"/"right" arrows on the keyboard. Something like "command+3" or "Function+3" (don't include the +) opens the search feature, and I think you can open apps that way.
  14. MB60893

    Does keystroke injection work on iPhone?

    I do not off the top of my head. I know that such commands are possible with a bluetooth keyboard (such as the Logitech bluetooth keyboards for iPad, which you can press combinations of buttons for using the "command" key and letters on the keyboard, which would work I assume by using the "GUI" button syntax for the USB rubber ducky/Bash Bunny.)
  15. MB60893

    Does keystroke injection work on iPhone?

    You would need a lightning adapter for most modern iPhones, the only caveat being that any accessory plugged into an iOS device prompts whether or not you wish to "Trust" the device that is connected to your phone. Permitting you know the passcode and are able to press "Trust", go for it. ^_^