Draxiom
-
Posts
63 -
Joined
-
Last visited
-
Days Won
7
Posts posted by Draxiom
-
-
caffeine helps
-
1 minute ago, Dave-ee Jones said:
Pfft, messing with you, yeah why would I-why would-pfft-no.
Seriously though, it is a pretty big issue to get around. You more than likely incorporated your own GitBunnyGit which means you didn't do it the way I want to do it
I was hoping there was a way to do it all with JavaScript but atm all I have it do is download the repo and not do anything with it. Extracting a ZIP is far easier with PHP but then if you want to move files or anything like that you would need to use JavaScript or something else other than PHP.Easiest thing I can think of is make JavaScript run Powershell which can then do anything you need it to, but you have to make sure it is all client side and not run by the Bunny (otherwise it be like "What is this .zip you keep speaking of? I don't have anything like that!").
Swapping out Payloads is probably not going to happen with my webserver though, if that makes you feel any better...
Have you tried this payload? The main function is swapping out payloads and no zips are necessary. Also, I did incorporate GitBunnyGit, because I wrote that payload too... thanks for the plug ;). Using php and ajax calls, BrowserBunny copies each payload from the library folder, to the available switch directory. So the first step clones the repository on the bunny so all payloads are stored locally. The second step uses a command like:
exec("cp -r /root/udisk/payloads/library/BunnyTap/* /root/udisk/payloads/switch2/.");Isn't that what you are describing?
-
6 hours ago, Dave-ee Jones said:
Also, anyone got any ideas as to how I would download a GitHub repository of the payloads and replace the current library folder with the downloaded library folder inside the whole GitHub repo? Would be much simpler if Darren made the folders in the repo zips...
Are you messing with me? Cause that is the other only functionality of this payload. The console will git clone directly to the device, and the payloads page helps you swap out the payloads from the git repository.
-
5 minutes ago, Dave-ee Jones said:
Yeah, exec() seems to be the easiest way to go, and in some ways the nicest.
In regards to connecting to the BBs webserver, the computers that are being hosted by the BB can, right? As in, if you had a 3-way USB port from the BB to the computers (DHCP server giving them the 172.16.64.10-12) all of them could access it via 172.16.64.64:8080 (or whatever port you are using, I am assuming it's 80 or 8080) right?
Yes the web server is hosted on the bb and is on port 80. Not sure if a 3 way usb port would route the traffic though. LMK if you get that working.
-
9 hours ago, Dave-ee Jones said:
Oh. Well RIP. I thought it was different...
Well, similar can also mean the same virtually, I guess.
I cannot run commands on it, if that makes you feel any better!
I do have a question though...For some reason any devices connected to the same network as the webserver cannot connect to the webserver. May have to wait until I port it to the BB.
Oh, another question, how did you get the Bunny to take commands? Or is it just a web-based console that the webserver acts on, not the BB?
No worries. I thought I was missing something from your explanation. The web server is hosted on the bb, and requires you to share the internet connection with the host computer. You won't be able to access the site from any other devices, because they are not also sharing their internet (no route to that ip address). As for the commands section, the web server is already running as root, so it has full privs to do anything. I am actually a php dev by day, and that was the quickest way (for me) to get this project done. In php there is an exec() function an I am essentially just passing raw strings (from the user) to that function, to execute commands. However, a future enhancement that I want to make, would be to incorporate a full terminal emulator like GateOne, to have the full set of commands and features in the browser. For now, it is just simple commands sent to exec() and the response parroted back to the browser.
-
1 hour ago, Dave-ee Jones said:
Yeah, it will be similar to what you are doing basically. The BB will run a web server that allows computers connected to it to access it with a web GUI. This could allow someone to change payloads, update the library, etc.
Making an SSH/Serial terminal inside a webpage is very tricky without embedding someone else's program.
I am confused. That is exactly what my payload does. The web GUI runs on the bb and you can swap out payloads or run commands. How is different from what you want to make?
-
2 hours ago, Dave-ee Jones said:
Sounds good! I'm making my own webserver via Powershell on a localhost. I will probably finish it out and then modify it to be compatible with a BB, so that it can run a webserver for any clients on it.
Not exactly sure what it is gonna be used for yet...Lol.
EDIT: I wonder if you can get a working serial terminal inside the webpage straight to the BB...
Interesting. The web server I set up, should be able to run on arming mode, but you only get an ip if you share the internet with a host computer. Perhaps one could pipe the webpages through serial to lynx on the host.
-
1 hour ago, Decoy said:
Is he really your Dad?
Yea. Hacking runs in the family.
-
Thanks @Dave-ee Jones. I agree that it would be best if you could run this payload from any computer, and not have to have internet sharing set up. However, I don't see a way of making it work in arming mode :/ Any suggestions? If you are in arming mode, you could probably just swap out payloads with the standard file browser, the normal way.
It does indeed work by copying payloads out of the library folder. I use git to clone the payloads directly to the mass storage, and then simple cp commands to move them to the available switch directory.
-
1 hour ago, Just_a_User said:
Nice work, I like it a lot.
Thanks dad.
-
1
-
-
I am working on a new payload that will act as a web gui for standard BashBunny functions. The idea is that you keep this payload in one switch folder, and run it from a non-target. The BB will spin up a php server, and serve a local website at http://172.16.64.1 With the gui up, you can execute daisy chained shell commands in the 'console', or quickly swap out payloads found in the git repo, to the other switch folder. The repository url can easily be swapped out for your own fork, so you can quickly pull down changes, and make debugging payloads easier. Check out the repository and tell me what you think.
To do (I might submit the pull request before these tasks are done, and make them a future enhancement):
- Write help page (or leave it as is)
- integrate existing terminal emulator in place of custom 'console'
https://github.com/mathew-fleisch/bashbunny-payloads/tree/master/payloads/library/BrowserBunny
-
5
-
@b0N3z, what should the default dns be on the mac? I'm running pi-hole at home and I think it is conflicting with whatever the dns is supposed to be.
-
perdy
-
On 3/14/2017 at 11:42 PM, hipcrime said:
Would attach a screen shot but don't see how others are accomplishing that (all that's in the menu is Insert Image from URL and Insert Existing Attachment).
Considering you couldn't figure out how to attach a screenshot to this thread, I have little faith in your ability to use the device for anything other than a toy.
-
16 minutes ago, GermanNoob said:
lol, not able to get the BashBunny online and therefore thinks its useless... Some people are really priceless.... lmao
Seriously... @hipcrime if you aren't clever enough or too lazy to get it working, perhaps you can give it to somebody that cannot afford one, and doesn't give up so easily.
-
2
-
-
5 minutes ago, hipcrime said:
Not interested in running VirtualBox, so have given up and just thrown the BB onto the pile of useless money-wasting toys.
Psh. lame. It's only useless if you don't use it.
-
2
-
-
2 minutes ago, hipcrime said:
Have to agree that you cannot directly share the connection on a mac.
So far nothing has worked and I have very carefully followed every posted recipe.
Real problem for me since I have no windows machines at all.
@hipcrime, have you tried the vm method?
-
13 hours ago, Torrey said:
sorry for the 'usb 10/100 lan' confusion, it's from the tetra. you might remember me mentioning that on irc yesterday.
I remember you saying that. I just thought it might be related, since it is the only thing I can see that is different between my setup and both of yours. Grasping at straws I suppose...
-
Hey @Torrey and @graythang,
I really appreciate you guys figuring this out. Unfortunately I have not been able to reproduce your results and I'm not sure where I am going wrong. I did notice that you both have different ips for the "SharingNetworkNumberStart" value (172.16.64.10 vs 172.16.64.64), but neither worked for me. Another missing piece for me that is in both of your instructions, but not present in my setup is the "USB 10/100 LAN" as a device to share the internet with; I only see the "RNDIS/Ethernet Gadget" in the list to check. I see all of the proper ip addresses in your list gray, but when I try to ping google, it fails. Not sure what else to try, but I am accepting suggestions. I'm running an old macbook pro 2.6ghz with an i7 from 2012 (osx 10.12).
Note: I have been successfully sharing my internet connection through a linux vm as described here:
-
You have to enable internet sharing first. I wrote the instructions on the readme for linux, but the process should be the same. Check the wiki to set up internet sharing, and then give my payload another try. It sounds like the payload was running, but couldn't get out to the internet.
-
1 hour ago, frankace said:
@Draxiom I was not able to get your payload to work properly. I am sure it is something i missed. Your suggestion did lead me to the post from Just_a_User. I downloaded to the zip from his post, extracted the bunny_helpers.sh and copied to my bash bunny.
Thanks for the help
np. Out of curiosity, how did the payload fail?
-
21 hours ago, frankace said:
To clarify this is the bunny_helpers.sh that is located in the library folder
The back-up/original version of bunny_helpers.sh does not include the switch_position variable. You'll have to pull the latest version from the repo (or add it yourself manually) to be able to use that variable. To make updating the payloads easier, I have created a payload (with @audibleblink) that will clone the repo directly to the bunny. Check it out:
https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/GitBunnyGit
-
Hey guys,
I was talking with Seb on irc and he tells me that you cannot directly share the connection on a mac, as of now. However, it does work if you use a linux vm (I am using ubuntu in virtualbox) on top. The sequence is a little tricky and took me a while to figure out; so I'll describe how I got my bunny connected to the internet on my mac:
- With you vm turned off and the bunny unplugged, go to Settings > Ports > USB and enable usb 3.0
- Switch the bunny to state 1; plug it in and wait for it to load completely
- Add a usb filter (plus icon) and add the device (mine says "Linux 3.4.39 with sunxi_usb_udc RNDIS/Ethernet Gadget [0333]")
- Eject the bunny
- Flip the switch to states 2 & 3 and repeat steps 2-4
- Turn on your vm and keep the bunny unplugged
- wget the bb.sh script in the vm
- Run `sudo bash bb.sh` and follow the guided setup
- With the bunny NOT in arm mode (position 3) plug the bunny in after the third step/question
- If you did it right, the script will "detect" the bunny at this stage
- The last step is to press "C" once you see the main menu again to "connect" using the settings you just set up
- You should now be able to ssh in and test the connection with ping
Hope this helps somebody.
-
3
How to hak?
in Gaming
Posted
Also, if it doesn't start right away, you can blow (on) it: