qdba
-
Posts
87 -
Joined
-
Last visited
-
Days Won
2
Everything posted by qdba
-
Please go the right forum........
-
New Version added You can set UAC_MODE=0 in payload.txt
-
It's for Windows 10 only
-
Which Version of DumpCreds do you use? The newest ist 2.3. You can download it here https://github.com/qdba/bashbunny-payloads/tree/master/payloads/library/credentials/DumpCreds
-
@PoSHMagiC0de Thanks for your comment. This comes from not searching enough. But now there are 2 scripts for encrypting code. This helps to hide some code from detecting by AV. I just started with powershell scripting so it was good for learning.
-
EncDecFiles.ps1 Author: (c) 2017 by QDBA Version 1.0 Description EncDecFiles.ps1 is a powershell script to Encrypt / Decrypt a powershell (or any other) file with AES. You can use it to obfuscate your powershell script, so AV Scanner doesn't detect it. Usage: EncDecFiles.ps1 < -Encrypt | -Decrypt > # encrypt or decrypt a file < -In Filename > # Input File [ -Out Filename ] # Output File [ -Pass Password ] # Password Example 1 - encdecfiles.ps1 -In c:\test.ps1 -encrypt Encrypts File c:\test.ps1 with password "hak5bunny" encrypted file is c:\test.enc Example 2 - encdecfiles.ps1 -In c:\test.ps1 -encrypt -pass secret Encrypts File c:\test.ps1 with password "secret" encrypted file is c:\test.enc Example 3 - encdecfiles.ps1 -In c:\test.ps1 -encrypt -Out c:\encrypted-file.aes -pass Secret Encrypt a File c:\Test.ps1 with password "Secret" encrypted file is c:\encrypted-file.aes Example 4 - encdecfiles.ps1 -In c:\Test.enc -decrypt Decrypt a encrypted file c:\test1.enc to c:\test1.ps1 with default password "hak5bunny" How to run the encrypted powershell script In the Script "Run_Script_Example.ps1" you see an example how to load and execute the encrypted Script. Load the encrypted script to a variable. Than execute the function Run with the variable and a password Download https://github.com/qdba/MyBashBunny/tree/master/Other/EncDecFiles
-
smbserver stuff removed handshake removed HTTP Server added (Download Powershell scripts, upload loot) Invoke-m1m1d0gz.ps1 AES encrypted to Invoke-m1m1d0gz.enc. Not really neccessary but if you are in storage mode, the AV doesn't remove it. All in all a little bit faster removed the debug code recoded the Get-WiFiCreds.ps1 for working on Windows 7
- 25 replies
-
- 1
-
-
- mr robot
- bashbunny 1.1
- (and 2 more)
-
2.2 is heavy under development and not ready for use. - Payload not ready - main.ps1 50% ready all powershell files were aes encoded they will encoded direct to memory so av scanner does not detect them too fast. - Encode Decode Script ready Please wait a few days until all is working fine.
-
does it work if you are no admin and there is no uac prompt?
-
yes, that's what I said. The only way for me to get rid of the timeout problem at the moment was set the Timeoutsec variable as I described in the first post of these thread. But it is only for experienced linux users who knows what they do. For others waiting for FW 1.2
-
hi sebkinne I changed the bunny_framework and changed the hop command at the last line to hop & Payload does not work and when I boot in arming mode the blue Led stop blinking and goes off after a few seconds. I can login in serial mode. can you confirm? I will so some more investigation and give you some logs.
-
in version FW 1.0 there is no bunny_framework. Important that you can login to bunny, so the bunny works. You put the & at the wrong place.I got the advice with the & from sebkinne, but during writing the patch I'm not sure if it works right. Therefor I removed the post from this list. Please wait for the patch. Or wait for FW 1.2 which will come asap.
-
had you plug off the bunny during recovery or installation fw1.1 could you login with serial in arming mode.
-
so do a Clean Factory reset. November Stay at fw 1.0 .Test if you can reach the bunny
-
Open the File with the vi editor. Are there ^M at the end of the line. Be sure the notepad++ Edit --> EOL Conversion is set to "Convert to Unix Format" My scripts was also created with notepad++
-
extension..... #!/bin/bash function BLABLA() { LED G } export -f BLABLA payload..... LED STAGE1 BLABLA Works for me.. payload.txt folder.sh
-
Remember... The first line of the folder.sh sccipt must be #!/bin/bash tested it - it works
-
./payloads/library/extensions/folder.sh function FOLDER() { LED G } export -f FOLDER
-
The Debian apt does not install the files to the /tools. I tried this with impacket. It works, but all checks from Fw 1.1 requiretool impacket and so on fails. I decided to make my own deb file and with postinstallation script so impacket installs find to /tools and does the setup.py in the deb file postinstallation script Link to impacket.deb
-
Look here
-
while [ $(ping -c 1 -W 1 172.16.64.10 >/dev/null ; echo $?) -ne 0 ] ; do sleep 1 done
-
Try this, 1. ssh to bunny. 2. Backup the file /usr/local/bunny/bin/bunny_framework to /usr/local/bunny/bin/bunny_framerwork.bak cp /usr/local/bunny/bin/bunny_framework /usr/local/bunny/bin/bunny_framework.bak 3. enter followed command cat /usr/local/bunny/bin/bunny_framework.bak | sed 's/^hop\w*$/hop \&/' > /usr/local/bunny/bin/bunny_framework Advice: taking a look at /var/log/syslog is a good idea for debugging
-
The powershell window stays open, because your are in debug mode. Delelet the DEBUG file from payload folder and all all will be ok.
-
@Mohamed A. BasetSorry It should be looked that I ignore your post. You are right. SMB is really a nightmare. In the ner future I will rewrite the payload. But I'm waiting for bunn FW 1.2. Sebkinne said FW 1.2 will come asap.
-
I updated the URL. If you had created the File DEBUG in the payload folder debug information is written to the file /tmp/log.txt. At the end of the payload the log is copied to the /loot folder. But If you run into timout neither the debug log nor the loot could be copied to /loot folder. For debugging you can ssh into the bunny and look at /tmp/log.txt
