Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by VincBreaker

  1. THIRD! The read-only mode can be really really useful (even though I'd prefer custom filter rules). Thanks a lot for implementing it :)
  2. Making the Keylogger BBTPS-Compatible is an awesome idea, injecting the keylogger into other process is even greater, but may trigger some AV's so it should be optional (and I don't think the average user would rate a process called "Windows PowerShell" suspicious). I'm also thinking about a feature to automaticly obfuscate the powershell script because I love obfuscation, but we have to keep in mind that AV's may or maynot detect the obfuscation instead of the keylogger. Finally, I'll continue developing my java obfuscator since I had some great ideas while developing the keylogger (it's one of my "I need to think about something else than obfuscation" projects), but I'll surely will be continueing the keylogger soon :)
  3. Thanks a lot, supressing the powershell popup would make the keylogger so stealthy that it would probably won't get noticed even when somebody sits in front of the monitor :) @PoSHMagiC0de I didn't quote you since your post is really long. However, I don't see the need to turn the payload into a powershell function since you already can pass parameters to script using the param statement. That method is already used and doesn't require you to specify any method name so the Win+R box can run faster and we don't scratch the char limit that fast, which is the reason I decided to not transfer the backend's URL via a parameter. (Even though most URL's should fit within the 130 chars left) Another possible solution would be to write the parameters into a file which then would be read by the PowerShell script, but this will lead to issues once script is downloaded and the BB no longer registeres itself as storage device. // EDIT: SMB shouldn't work yet since I'm still working on it. // EDIT Nr.2: I'm not a PowerShell expert, but I used C# for two years and PowerShell seems to somehow be based on .Net. My experience is to don't force garbage collect at the end of a programm since that one of the first thinks the runtime does after the programm has exited AND it's way more effective after the exit. It's just not worth locking the exit for garabe collection just to run into a way more effective garbage collection. // EDIT Nr.3: I like that exfil-method fallback concept.
  4. Great idea, well coded, may become really handy, thank you :)
  5. UPDATE: https://github.com/Vinc0682/bashbunny-payloads/tree/master/payloads/library/phishing/WinKeylogger The payload: Is now faster (thanks to @jafahulo) Now supports exfil via a webserver, just copy the backend.php to a server supporting PHP and copy the URI into the powershell script Also, the've been some major changes to the keylogger to make adding future exfil methods (like the wip SMB exfil) easier.
  6. This seems to be really powerfull when it comes to pranking friends, but since you already could have done it manually, I either didn't hear of it yet or it isn't possible or you are really the first one to think of that attack vector. When it comes to android exfiltration, I would write an exfil app and then push it to the app like Demnsec did or register the bash bunny as storage and then manually install and use an file manager or use ADB to copy the files to the BB.
  7. The current online version already hides the powershell window, but since @jafahulo reworked the launching, it isn't needed anymore. Your window tracking idea is really interesting, I'm gonna try it after I implemented the web (and maybe the SMB) exfil method.
  8. I am currently coding a little PHP script which then should run on an external server so the keylogger no longer depends on the BB. (I hate PHP)
  9. Thanks, your approach to clean up lead me to an idea to make the payload even faster. Also, I'm gonna try to make the payload exfil via web and / or smb :) The BB in general can become pretty hot and then behave strangely, one more reason to have an exfil method which doesn't depend on the BB.
  10. Hi there, I just finished the first version of my BB keylogger. It basicly launches a powershell which keylogs to the loot folder of the BB. Features: Fast launching (thanks to USB Exfil for the one line launcher) Leaves no traces when cleanup is enabled. (Insert feature?) Link: https://github.com/Vinc0682/bashbunny-payloads/tree/master/payloads/library/phishing/WinKeylogger VincBreaker PS: I will create a push request upon positive feedback and improve the payload in the other case.
  11. Hi there, as other users already reported, payloads may get removed from the bunny since AV's can detect it when you are running in storage mode. One way to overcome this should be to simply not tell the target these payloads exist. It would be really nice if you could define your own filters to also hide other files the target shouldn't see in first place, like social engineering. Is this feature possible or is there a risk the target may overwrite the files hidden? VincBreaker
  12. As I said, you already can do some research using a keyboard and an adapter to connect your keyboard / bunny to your phone. Maybe, the method used by the ducky script works for you, or you find a new way of bypassing to lock screen for your surely white hat / ethical hacking research...
  13. 1. Since the bash bunny is a linux box, you possible could install the adb-tools if they are not bigger than 2 gigabytes (which is the free space you have on your bunny). You shouldn't have to install the complete android toolset but just the adb-tools so I think that my fit. 2. Try to connect a normal keyboard to your mobile and enable debug mode using it. If you can do so, you can use the HID attack vector to enable debug mode. 3. There is already a unlock script for android in the ducky repo, maybe this will work for you. If not, you will have to find a way to unlock your phone / byass the lock screen to enable the debug mode and exfiltrate data. Good luck.
  14. Hi there, I got my bunny today and while developing a payload to drop my meterpreter onto the computer, it actually got detected by my AV and deleted from the storage. At that point, I remembered a pretty boring defcon talk I once saw showing a device able to block every write / delete on an usb stick. Further it allowed to filter the data to get passed to the os so you can ultimatively hide any files until you need them which can be especially useful when you have a stick with multiple exploits / payloads on it and some of them may trigger the AV but are not necesserily needed at one stage or your usb stick get's checked when walking into a facility while pentesting (actually happened to me once :/). So I'm kindly requesting an extension to the API which: Allows to block every write to the usb stick. Allows to filter every read / write from / to the storage. I would suggest the visitor pattern, but I guess it is not compatible to bash :( Yours sincerely, VincBreaker
  15. I guess everyone has it's little mistakes... I once was developing a small platformer and have been reworking the basic controls. The character just didn't wan't to walk to the right, no matter how much I debugged it... After a few hours, I realized having pressed the left arrow key the whole time
  16. Nice tutorial, I will surely will take use of it since I already have a fairly good enough mapping for german from my Ducky2Digi transpiler. (Since a ducky was to expensive / not worth it for me, I once bought a small crappy arduino alternative and were to lazy to translate all ducky payloads by hand so I took the definetly smaller effort of writing a small compiler :P)
  • Create New...