Jump to content
Hak5 Forums


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


About TheHermit

  • Rank
    Hak5 Fan +

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location
  • Interests
    CyberSec, Electronics, PenTesting, DFIR, Malware

Recent Profile Visitors

2,727 profile views
  1. Help idiots guide to use Rubberducky code to Basbunny

    I have created a site that lets you very easily create duck code for use on the bunny. https://bunnytoolkit.com/create/ On step two select the "Ducky Code" template. On the next page that appears Under payload.txt change SET_LANGUAGE gb to SET_LANGUAGE us Then enter any ducky code you like in ducky_code.txt Download either the tar or the gz and then just put these contents in to a switch position. If you want to use languages other than US you will need to install the DuckToolkit library using the Installer from the github - Details here - You can also use the ducky template payload - https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/DuckyTemplate
  2. [PAYLOAD] DuckToolKit + Languages

    Just a thread created for it. I track most issues through the github and issues that get raised on ducktoolkit. But this allows me a single place to fix whatever i have broken :p
  3. [PAYLOAD] DuckToolKit + Languages

    DuckToolkit installer for Bash Bunny. Adds support for new languages. and uses the Ducktoolkit python library for encoding. Version 1.0.0 Moves the libary files to /tools Update Q and QUACK to point to the new library Writes error to /root/ducky.log Purple Blinking.................Moving tools Purple Solid....................Tools moved Amber Blinking..................Setup tools Red Solid.......................Tool installation failed White Solid.....................Installation completed successfully
  4. Language porting from rubber ducky to bash bunny

    We (ducktoolkit.com) have ported the ducktoolkit python library and all the languages to a bunny payload that you can install and then use all the languages and syntax available from the encoder. You can also use this library if you have compiled scripts and no longer have the ducky code that goes with them. https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/DuckyInstall
  5. bunnytoolkit.com

    This is a little later than i had liked but im finally ready for an 'Alpha' Release. From the team that brought you https://ducktoolkit.com i am happy to announce https://bunnytoolkit.com Concept is fairly simple. All the payloads that are in the github can be opened in the browser. You can then edit the files in the browser make changes as you like and once your happy with changes click the download button to get your payload folder. Copy the contents of this in to a switch position and away you go. For those who need a quick way of creating your own payloads we have the custom payload wizard. Answer some questions or pick a template and when you click finish you get a page that contains all the base templates which you can then add your own code to and save it as you do with the payload editor above. I will continue to add more custom features to the wizard and welcome any feedback or thoughts you may have.
  6. PoisonTap by Samy Kamkar

    Thanks for letting me know.
  7. PoisonTap by Samy Kamkar

    Samy Kamkar has released a tool called PoisonTap - https://samy.pl/poisontap/ tldr; siphons cookies, exposes internal router & installs web backdoor on locked computers Created by @SamyKamkar || https://samy.pl When PoisonTap (Raspberry Pi Zero & Node.js) is plugged into a locked/password protected computer, it: emulates an Ethernet device over USB hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface) siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding (thanks Matt Austin for rebinding idea!) installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain does not require the machine to be unlocked backdoors and remote access persist even after device is removed and attacker sashays away He says it should be possible to run on a Lan Turtle, Anyone familiar with creating modules happy to look at this? Else you have to wait till i learn how to write modules.
  8. @LaNMaSteR53 can the recon-rpc return a list of modules / options?