Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by GermanNoob

  1. Hi everybody, I got the following problem with the new firmware version: In Recon mode I do not capture all SSIDs in my area (and therefore can't add them to the PineAP Filter). I receive some of the SSIDs but not all. Any idea what I'm doing wrong? Thanks for your help!
  2. @SchwarzerLotus What's your firmware version?
  3. Hi there, I don't understand what you are trying to achieve... Why do you want different mass storages for logging and tools?
  4. Privilege escalation is quite a complicated topic... You will have to analyze the machine on different vulnerabilities. I don't think that it is suitable to use BB for this. Have a look at the these two links to get an idea of the many ways that are possible to escalate privileges on windows and linux: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ https://toshellandback.com/2015/11/24/ms-priv-esc/
  5. @PoSHMagiC0de, for sure you are right... What I'm doing in the social engineering attack is: ask the legit user to print a file for me, that's on the BB connecting the BB with ATTACKMODE STORAGE and SEWAIT getting the legit user to pick up the print out or talking about something completely different (i.e. getting his attention away from the display) changing switch position to get the payload executed
  6. Hi @Am3ience, according your first question: Could you give us more information. Which distro are you using and can you give us the output of "ls -l" of the bunny folder after you copied it there. According the second question: You should find the payloads (when sshed in) under /root/udisk/payloads
  7. Hi @Samyo, so you want to insert the BashBunny to the victim and show the user some pictures on the STORAGE (ATTACKMODE STORAGE), right? I did a "Social Engineering Wait" which you can find on Github: https://github.com/hak5/bashbunny-payloads/pull/328
  8. No, this just needs ATTACKMODE HID & STORAGE. Have a look at some payloads, that use these ATTACKMODES in combination and access the BASHBUNNY storage folder from the victim. Don't go out there and run ANY payloads that you don't understand!!!
  9. if you have it on the BashBunny STORAGE partition you can run it from there on the victim computer. No need to copy it first.
  10. No, just start a nmap executable from the STORAGE location, but you have to run it from the victim computer. The other way would be to utilize port forwarding on the victim computer. then you should be able to scan with nmap from the BashBunny... Method A (STORAGE) would be easier to do...
  11. Not 100% correct: BB tells you with GET TARGET_IP the IP of the target computer on the BashBunny Ethernet adapter. The victim computer leases the IP from the BashBunny which gives the IP to the victim. As said before: If you want to scan another network adapter you can do it by using a HID & storage attack (starting nmap from storage on the victim computer) or with a HID & ETHERNET attack by pivoting through the victim computer.
  12. What Firmware version are you using?
  13. well, I tested them in a windows vm and this short test payload works fine with both lines: LED SETUP variable=TEST LED ATTACK ATTACKMODE HID WAIT RUN WIN powershell sleep 1 Q STRING "start 'AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\\"$variable"\'" LED FINISH
  14. Hi @PoSHMagiC0de, well, I never experienced any problems using BB with an vm. Depending on which system you use (VMware or VirtualBox) you can tell the software just to add the USB device directly to the vm... It's just easy....
  15. well, this should work: Q STRING 'payloads\'$variable "'AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'" Q STRING "start 'AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\\"$variable"\'"
  16. I'm not sure how confident you are with the BashBunny and / or Linux. So please excuse myself for explaining this you might know... When you have used putty to log into the BashBunny, then just type: ls /tools This will show you all files installed on the BashBunny root file system (not the root user)... Tell us if impacked and responder are there. According the ATTACKMODE RDNIS_ETHERNET: Please put in switch1 folder the following content of payload.txt ATTACKMODE RNDIS_ETHERNET then safely eject the BB turn the switch to position 1 and put it back in the computer. Check if Windows recognizes the BashBunny as a new network adapter. If so you can use putty also ssh into the box. While you have to go to class, I have to go to bed... See you tomorrow!
  17. Hi @0rang3! to check if the .deb tools were installed: Have a ssh / serial into the BashBunny and have a look in /tools/ . According other tools: Let's have a look at a specific payload and lets walk through... This way we might find the problem you are facing. According logs: I don't know a specific BashBunny log. What I do during payload development / adjustment is to insert some loglines, like: date >> /root/test.log; echo 'Logtext' >> /root/test.log if there are any bash commands run, you can also do bashcmd >> test.log to see the errors happening... According the ATTACKMODE RNDIS_ETHERNET issue: Is the BashBunny recognized as an Ethernet device? I'm not sure if this is still necessary, but in the beginning you needed win7-win8-cdc-acm.inf in the BashBunny directory. Do you have that one? I hope this helps you a little bit
  18. Ah, so we would need an Apple keyboard config file for each language to solve this?
  19. Hi @C1PH3R, I had a look at your payload and as you asked for, here are some minor remarks / suggestions: Line 29-31 Since Darren's WAIT I prefer that at this moment of the payload. It speeds up things if you don't know the performance of your target in advance... line 32-35 Not sure why UAC should be triggered in this moment. Seems to me that you entered a command before that you have deleted? Line 43-46 Why don't you use here "RUN WIN POWERSHELL" as you did before on line 37 Line 52 & 55 Instead of forcing the user to do changes within the payload, I suggest to to use a variable for "service host.txt" in the config part. Best regards!
  20. @Kaos39: Shouldn't that be solved by setting the right language file in the config.txt of BashBunny (firmware 1.5)? Did you try that? This would be much easier instead on working through all payloads...
  21. OK, so let's start working on your issues... According the BashBunny: Why don't you install an virtual machine with Windows to test your payloads? I personally find that very useful, just to see if I messed up something before going to the real targets... Am I assuming right, that you own a WifiPineapple Nano AND a WifiPineappleTetra? I'm just confused as you are talking about Pineapple and Nano... I have a WiFiPineapple Nano, updated it to the actual software not long ago and I can assure you it works fine... To get more specific, I suggest you just open a thread in the right forum and explain what you are trying to achieve and which modules you are using. biggest problem for newcomers: Check your filter settings! Best regards!
  22. @Pentester1975, I don't know which products apart from the Pineapple Nano you tried. But if you don't get them going you are probably a very poor pentester if at all... As you can see from the comments and the help of other users, the products work just fine. But unfortunately a lot of Skiddies are buying the stuff and think they are now hackers or pentesters. In many threads you will see, that people often don't understand the basics of networks, bash, etc. No product in the world will make you a pentester or hacker! You have to do it by yourself! By buying a formula 1 racing car you will not become a formula 1 driver. If you expected something else, it might be the best to ask Hak5 (in a kind manner) if they would take back your gadgets. And before the trolling starts: No, I'm not paid by Hak5, but I use several (not all) of their products...
  23. Which vm system? VMware or virtualbox? what's the default gateway IP? What do you mean with "just a blank screen"? Do you have a ssh session or not? So, if you have a ssh-session as it seems according you last post (again: use edit), try to ping to see if there is at least a connection... But I'm quite sure you messed the guided setup, as your statement before doesn't match the others... Please answer the questions above, otherwise I have to give up and let somebody else try to explain... Here is a picture from my bb.sh guided setup. Please note that my default gateway is for sure not the same as yours... So finally I was too slow... lol... try to reproduce it, so that you understand how it works...
  24. Uh, try to use the edit function to not flooding this thread... And it would be helpful if you describe more in detail what you are doing in which vm software now... is the IP of the BB, so it doesn't make sense to define it as the default gateway! Also I told you to connect the BB not before the Guided Setup asks for it! If you would have done so, wouldn't have been available... Do what I told you step by step, be calm and describe in detail what happens! Otherwise I can't help you... And please do me a favor: Do it in virtualbox as I don't have VMware workstation here, as I told you...
  25. I'm not sure yet, but I assume that you need the Pro version of VMWare Workstation / Fusion to use more than one ethernet adapter simultaneously... what would be very sad, to be honest! I asked the VMware support, but probably an answer will take some time... So get virtualbox! As I wrote: it worked fine in there!
  • Create New...