Jump to content

unixnerd777

Active Members
  • Content Count

    10
  • Joined

  • Last visited

About unixnerd777

  • Rank
    Hackling

Profile Information

  • Gender
    Male
  • Location
    TN, USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. One option would be to use the smb server in impacket: python /tools/impacket/examples/smbserver.py e path_to_payloads & where path_to_payloads is something like /root/udisk/payloads/$SWITCH_POSITION This allows you to use the BB as a network device instead of mass storage, I like this better as you don't have to eject it when you're done too. (see https://github.com/hak5/bashbunny-payloads/blob/master/payloads/library/credentials/DumpCreds/payload.txt)
  2. There isn't too much that can be done with most android devices. There is a payload for the Amazon Fire TV (runs android). There is only 1 payload for android and all it does is opens a URL in the default browser. Android is difficult given there is such variety across the various versions. The Fire TV payload works because the Fire TV interface is the same across all of their devices. For example, I tried creating a payload to enable developer mode, and it works on my phone, but not an older tablet. I think the closest that will be possible to this is after someone enables developer mode, the
  3. You won't be able to write directly to /root/loot, and I'm guessing you don't actually want to as /root can only be accessed from the BB side (via serial or SSH for example). I'm guessing you mean the root of the BB as it's mounted as a STORAGE device (flashdrive). If you're running firmware 1.3 (IDK about previous ones, I think this works back to 1.1?) there is a variable $SWITCH_POSITION that can be helpful too, for example, in a payload.txt script to put a file (filename) in the loot folder on the root of the flashdrive, you would write to this: /root/udisk/loot/filename if you wanted to wr
  4. I guess I didn't look hard enough, I asked about this after you did: TLDR; use ATTACKMODE RNDIS_ETHERNET RNDIS_SPEED_10000
  5. I'm running OSX Sierra w/Chrome 58.0.3029.110 and mine is here: ~/Library/Application Support/Google/Chrome/Profile 1/Cookies (in the home folder, not the root Library. Also, keep in mind most people will only have 1 profile, so it'd probably be "Profile 1" for most instances. I'd recommend grabbing the entire ~/Library/Application Support/Google/Chrome folder.
  6. I believe that runs automatically with payloads, given you can access /root/udisk/* during a payload.txt script. When you connect the BB as storage (or arming mode) it exposes /dev/nandf as a USB storage device to the computer it's connected to. That command is useful if you're in arming mode and need to access the USB storage from the BB itself (I.E. over serial or SSH). The -o sync part means when you change something on the BB side, it will write it right away instead of waiting a bit. This helps if the BB was unplugged without unmounting/ejecting safely (umount /root/udisk), it doesn't gua
  7. That is exactly what I was looking for, thanks. Yes, the powershell works and I'm using powershell with this payload, but if I wasn't the RNDIS_SPEED will do what I want w/out needing to use powershell. I wonder if RNDIS_SPEED_10000 could be added to https://wiki.bashbunny.com/#!payload_development.md, that way others who are developing for the Bunny would know about it too. I wonder what other flags it supports that aren't (yet) on the wiki...
  8. When I connect the Bash Bunny with ATTACKMODE RNDIS_ETHERNET it sets itself as a default network interface, which is desired in most cases. However, I would like it to show up as a secondary interface as part of my payload requires actual internet. Since the Bash Bunny doesn't have internet itself, it can't provide internet to the windows box. It would be nice if I could configure the Bash Bunny to show up as a non-default interface. It is possible to change the metric in powershell, so if my payload uses powershell, I can do this to change it: Get-NetAdapter | Where-Ob
  9. Thanks, given it's range, I think I'll get a HackRF; then if I can't figure it out, I'll get the YARDstick. I like episode 1912 "How to hack radios with brute force attacks." and would like to attempt the same.
  10. I'm wanting to get into some of the RF world, I have a NooElec R820T SDR and a Baofeng UV-5RAX+ (w/my technical license). I'm looking at the HackRF and the YARDstick, can the HackRF do (almost) everything the YARDstick can? If the HackRF encompasses the YARDstick's frequency ranges, should I just get the HackRF or is there some things you can't do with the HackRF that you can do with the YARDstick?
×
×
  • Create New...