GermanNoob
-
Posts
160 -
Joined
-
Last visited
-
Days Won
1
Posts posted by GermanNoob
-
-
Hmm, I'm not aware of the single user mode. Maybe you need to set the VID / PID to an Apple Keyboard?
On 15.3.2017 at 0:24 PM, valentino00776 said:Ive tried hello world on mac and it works
This wasn't in single user mode?
-
Which ATTACKMODE have you set?
Bunny should be under 172.16.64.1 as it acts like DHCP server for your computer.
-
then lets get creative.... lol
take the "hello world" that worked, copy all lines of it into your payload script at the beginning.
I just want to see, if the whole file doesn't work. It seems like that, if you have everything done I said before. So, hopefully this test will also fail (nothing QUAKed like in test with the three rewritten lines). The bad news in this case: You will have to rewrite your script completely without any copying...
-
Thanks! Works perfect!
-
Hi,
I'm looking for a way to test payloads in virtual machines. Unfortunately I'm failing by now...
I tried to start the payload scripts with
LED B sleep 10
before setting the BashBunny to an attack mode.
The idea was that I have 10 sec to connect the device to the virtual machine. But it doesn't seem to work... Payload pauses (LED isn't Blue) and then runs script without me having the chance to connect it to the vm...
Has anybody a idea or uses the BashBunny with VMs for testing?
-
Having BashBunny in an ethernet attack mode allows you to ssh into it... no need for screen there...
-
No change means that only LED lights change?
-
8 hours ago, frankace said:
I did notice the bunny_helpers is missing this bit of code:
please use only the actual versions from GitHub! There are a lot of improvements already done...
-
Which OS are you using?
have you done initially a Guided setup? Mode G? That has to be conducted first!
-
Unfortunately I think you are right... This really sounds a like a hardware issue. Go for the tech support and explain them in detail like in your last post what you did.
-
18 hours ago, Sohrce said:
I downloaded the Enable RDP duckycode from the Duck Tool Kit example payloads and wanted to modify it to work on the Bash Bunny. I added a Q in front of evreything except for the strings i added Quack. Will this work and is there a difference between Quack and Q.
You have to install the dependencies by using the DuckyInstall payload in advance.
There is no difference between QUACK or Q instead of the length... AS it is written in wiki:
QUACK Injects keystrokes (ducky script) or specified ducky script file. Q Alias for QUACK -
This sound like a real problem...
5 minutes ago, Sgoblin said:Green LED for 5 secs, followed by blinking blue LED
In arming mode this is the expected behavior. Can you connect your BashBunny to an external USB power source, like USB charger? just if the BashBunny boots there as it should. If so, the problem is most probably your computer.
If not: try to reset your BashBunny:
Firmware Recovery
If the Bash Bunny fails to boot more than 3 times, it will automatically enter recovery mode. The LED will blink red while the file system is replaced by the backup partition. DO NOT UNPLUG THE BASH BUNNY DURING RECOVERYThis process takes about 3 minutes. When complete, the Bash Bunny will reboot as indicated by the blinking green LED. -
You have to social engineer your victim. With the rubber ducky it only takes seconds to conduct a payload...
-
- can you ssh into the lan turtle from the victim computer?
- could you please as I asked before post the output of ifconfig of your victim computer?
-
On 13.3.2017 at 7:28 PM, valentino00776 said:
it works with rubber ducky but cant get it to run on the Bashbunny
The light goes red and green but no keystrokes
As the script itself (except the QUACK commands) functions, try the following:
Open your script (the one with the QUACK commands to be sure) on a linux machine or the Mac with nano. the first lets say three QUACK command lines with ctrl + k to ensure that the whole line is killed and then retype those three lines manually. Save the file and give it a try...
-
-
-
Did you do a
source bunny_helpers.sh
in your payload?
-
4 hours ago, Onus said:
LED R G 300
Q DELAY 3000
LED B 100 Q
DELAY 100I don't have my windows vm ready to test the overall script, but at least I don't understand your first four lines of code...
- setting the LED
- pause the HID to make keystrokes? You haven't typed anything by now... I'm not sure if a beginning pause is needed on the BashBunny as I don't know when the script will be executed (after the target host accepted the attack mode?)
- setting the LED to blue
- another pause for the HID (this one can definitely be removed and from my point of view at least on of the LED settings).
And you are missing to set the attack mode...
-
1
-
21 hours ago, valentino00776 said:
By the way the hello world payload was tested on a windows pc not mac
My script is for mac with terminal already opened.
just wont type
Well, it would be good to test the HelloWorld payload on the machine you got problems with... So give it a test on the Mac...
If that works, I don't see why the other payload won't work (if you have the terminal already open AND in focus)... But of course you could add the following command to be sure, that the focus is set right:
Q GUI SPACE Q STRING terminal Q ENTER Q DELAY 2000 -
6 hours ago, Zylla said:
For instance; when walking around doing a pentest, and you're trying to cover a big area.
You would also free one of the radios which gets locked in station mode when connected to your iPhone over wifi.Well, for me its not that problem as I use an additional usb wifi adapter for the iPhone connection. So I'm using the USB port which would otherwise be used for cable connection...
Nevertheless, you are right: It is anxiety to have this feature only in android...
-
Congratulations!
So now its only something about your script...
4 hours ago, valentino00776 said:#!/bin/bash
LED R
ATTACKMODE HID
LED R G
QUACK DELAY 1000
QUACK STRING mount -uw /
QUACK ENTERYou simply begin to quack commands without having opened a terminal or anything to write in...
-
just to be sure: is it named "payload .txt" or "payload.txt"?
And please try a simple "hello world" payload... In your script I'm missing opening a terminal or similar...
And post that script also...
-
19 minutes ago, valentino00776 said:
just looking at the payload
Do i need to unzip it and run it somewhere (on a different pc )?
what di i actually install and how
I know getting embarrassing to ask
You don't have to unzip anything... just move everything to the switch folder and go for it.
What you are going to install? Just read the readme.txt!
QuoteDuckToolkit installer for Bash Bunny. Adds support for new languages. and uses the Ducktoolkit python library for encoding. Version 1.0.0 Moves the libary files to /tools Update Q and QUACK to point to the new library Writes error to /root/ducky.log Purple Blinking.................Moving tools Purple Solid....................Tools moved Amber Blinking..................Setup tools Red Solid.......................Tool installation failed White Solid.....................Installation completed successfully
Help idiots guide to use Rubberducky code to Basbunny
in Bash Bunny
Posted
As this command would have to be executed by the target, you would need to insert a copy command with QUAK... If you are still talking of Single User mode this will probably not work...
Can you tell me why you are attacking the machine in single user mode? Just curious to get an idea...