Jump to content

MB60893

Active Members
  • Posts

    205
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by MB60893

  1. To my understanding, when the Bash Bunny is first plugged in, it draws power from the USB lines and boots its own Linux OS. From there, whatever options were listed in the script will be applied (such as the hardware ID), and after this point, the Bash Bunny will communicate its new settings to the USB Host device (i.e. whatever the bunny is plugged into.) As is indicated in the documentation for VID and PID: This would make sense, as drivers need to be present before a USB device can be mounted/setup for use by the system. Therefore, the VID and PID must be set BEFORE the bunny connects. Hope this helps!
  2. There are a number of packages I would like to update for my Bash Bunny. I use a variety of programming languages on my Bash Bunny, especially: Python 3 (3.7 and up.) GCC (5.0 and up.) GoLang (1.14 and up.) Lua (5.3 is there, but the latest is always nice.) I know the firmware images I'm using are based on Debian, but I'm not sure if there is a way I can get the latest packages without the risk of running software that isn't supported by the Bash Bunny. @Sebkinne and @Darren Kitchen, considering there hasn't been an update to the firmware since August 2019, can you please advise how best to proceed without borking anything? Thanks all! 🙂
  3. Execute the first cURL command with the --insecure flag. Then try executing the second command. If it prompts you with a GPG command, run that, then run the second command again, possibly with the --insecure flag as well.
  4. MB60893

    impacket SMB

    You should be installing all the packages through the bash bunny's serial console connection in PuTTY. Alternatively, just disable defender for the time being until impacket has been installed to the /tools folder on the bash bunny, then everything should execute without being exposed to Windows from the Bash Bunny's linux partition.
  5. Check the BashBunny Github Repository.
  6. Sounds like the Bash Bunny's physical switch may not be working correctly... If you can still access the bash bunny, it may be worthwhile flashing it with the latest firmware, seeing if that fixes it (in case it was just a software issue,) else contact the HakShop and see what they can do for you.
  7. Also worth noting that Windows Internet Sharing with the Bash Bunny seems to be quite temperamental at times. I've had to reboot mine and configure things in a specific way in the past numerous times.
  8. MB60893

    Python Tools

    As the Bash Bunny is essentially a Debian linux machine, just use apt-get install python for either version 2.7.3 or the newer python 3 versions. Then you can use PIP. If things don't install, make sure you are running with sudo privileges. EDIT: The impacket example is actually the tools compiled for the Bash Bunny into a single .deb file, which may then be installed using the dpkg package manager, hence the REQUIRETOOL part checks the tools directory to see if this is installed, and uses the tools there. You won't need to do this in Python, just simply tell the bash script to execute a python script, the same way you would run a .py file from the command line.
  9. Unless the device has a network port open (such as SSH or Telnet) this would be very difficult to accomplish, as physical/keyboard access is generally required to start powershell or command line programs. For Windows, I'd look into PSExec and other PSTools by Mark Russinovich as potential tools to accomplish such a task, but even then it may be difficult to gain access.
  10. Easiest thing to do is to reflash the bash bunny with the latest firmware.
  11. Flash the Bash Bunny with the v1.5 firmware. See if you still have the same problem after doing so.
  12. Try a different payload that doesn't require any dependencies/packages/tools on the bunny. As for the apt-get upgrade, this is most likely because you haven't followed the network sharing guide for Windows/Linux. There are instructions on the Bash Bunny Wiki.
  13. Run the chkdsk utility on the drive. Refer to any USB with this problem on Windows.
  14. I think Seb pinned a post in the Bash Bunny forum somewhere with the image for the bash bunny. Possibly try flashing that onto the bunny...? It may be a few versions behind, but when you update it, everything should work just fine. EDIT: Almost forgot the link: https://wiki.bashbunny.com/#!downloads.md
  15. Darren said in a video some time ago that he will be working on streamlining the process for approving and merging community payloads into a repository. Apparently the GitHub solution hasn't been working too well for some reasons (of which he did not go into detail.)
  16. To be clear, you can't access it at all through PuTTY or any other terminal access? If the drive is lockerd on the attack side, but not on the Bash Bunny's linux box side, then you could simply reformat the partition that is usually shown on the machine being exploited.
  17. Also, see this article: https://serverfault.com/questions/430682/dpkg-warning-files-list-file-for-package-x-missing
  18. I will attempt to find another solution... For the time being, I would attempt to get the bash bunny connected to the internet, and ensure you can ping a known server on the internet. If you get ping replies, try running my scripts again, and rebooting before running the apt-get upgrade and update. Also: try clearing the apt-cache. That may also help.
  19. Can you provide more information @vay3t? Possibly some things you've tried, or the error messages you're getting?
  20. Make sure to enable network sharing to the Bash Bunny. This needs to be done on Windows otherwise the payload won't give anything in the loot folder.
  21. The idea is that a locked PC can't have data exfiltrated from it, without having some method of transmitting/receiving data from behind the scenes (see Mubix example for snagging creds from a locked machine.) For a reverse-shell to be started, you need to actually be able to copy the file to the computer and execute it, meaning that you would have to have access to the machine through a graphical user interface of command line to copy the file and execute it. The best way of knowing whether the Bash Bunny can do something is to look at other people's examples, or try things out on a computer beforehand by typing everything on the keyboard yourself. This will give you an indication as to what is possible, and what is not.
  22. @e-Euler A question I have frequently asked! It depends on what you want to do. For example, the USB Rubber Ducky is based off an Arduino Teensy platform, which is typically programmed in C. If you're interested in making hardware, check out Arduino type solutions and PICAXE microcontroller chips. If you want to go a step up from here, you could check out Field Programmable Gate Arrays (FPGAs.) Think of these like "liquid" hardware, in the sense that you program them using Verilog or VHDL, and the physical gates on the chip become a piece of hardware you create. It's kind of difficult to explain, but Ben Heck had a great example on his show where he turned an FPGA into a GameBoy, not by actually simulating a GameBoy's software like an emulator does, but actually by making the FPGA work physically like the electronics of the GameBoy of old. I wouldn't blame you if FPGA's are too complicated though... Personally, I would recommend using an Arduino for custom-hardware solutions as they are quick to use, and easily scalable to meet your needs. If you need a more powerful base, I'd recommend looking at using a Raspberry Pi and the GPIO pins on board, which can be used just like the pins on an Arduino. Additionally, I have done numerous projects with a library for C called "WiringPi", which gives you the ability to use Arduino commands in your C code for the GPIO pins! If that is still too complicated, Python also has some easy GPIO examples for the Raspberry Pi, although you will substantially compromise performance of the solution for easy coding in return. I hope this helps! If you have any other queries, feel free to write them below or DM me. ^_^ -MB60893.
  23. I don't know about opening apps and stuff, but on the logitech ultrathin portable keyboard cover for iPad, you could move around the screen using the "command" and "left"/"right" arrows on the keyboard. Something like "command+3" or "Function+3" (don't include the +) opens the search feature, and I think you can open apps that way.
  24. I do not off the top of my head. I know that such commands are possible with a bluetooth keyboard (such as the Logitech bluetooth keyboards for iPad, which you can press combinations of buttons for using the "command" key and letters on the keyboard, which would work I assume by using the "GUI" button syntax for the USB rubber ducky/Bash Bunny.)
  25. You would need a lightning adapter for most modern iPhones, the only caveat being that any accessory plugged into an iOS device prompts whether or not you wish to "Trust" the device that is connected to your phone. Permitting you know the passcode and are able to press "Trust", go for it. ^_^
×
×
  • Create New...