Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

theonewhoknocks's Achievements


Newbie (1/14)

  1. I got annoyed pretty quickly by the amount of times I had to re-plug the Bash Bunny in order to test a complicated payload of some sort, so I threw together this rather rudimentary payload that spins up a flask server. Given that you can see the bunny via IP, you can test your payloads with ease by POSTing some text to it. The post data type should be JSON and look like: {"text": "cat "hello.txt";commands here;"} I recommend putting a sleep in there so you have time to tab out of Postman or whatever you use to test APIs with I just wanted to get the idea out there, but I think I'll clean it up soon enough. I can imagine some more advanced things with this, related to data exfil or even remote administration.... And yeah.. I know.. this is suceptible to RCE, but whatever, it's testing! ---------------------- I ran these commands from https://blog.miguelgrinberg.com/post/designing-a-restful-api-with-python-and-flask NOTE: Requires you have ICS on the bunny in order to "apt-get install python-pip" so that you can get flask from pip repo $ mkdir app-name-whatever $ cd app-name-whatever $ virtualenv flask $ flask/bin/pip install flask ------------------------------ Python app.py code below: #change to whatever folder it is in relative to /root/ #ex: app-name-whatever/flask/bin/python #!apiserver/flask/bin/python from flask import Flask, jsonify, abort, request import subprocess app = Flask(__name__) @app.route('/api/test', methods=['POST']) def getapi(): try: with open('data.txt', 'w') as outfile: cmd = request.json.get("text","") outfile.write(cmd) subprocess.call(['/bin/bash', "data.txt"]) subprocess.call(['/root/ATTACKMODE', "RNDIS_ETHERNET"]) subprocess.call(['LED', "R", "100"]) return jsonify("OK") except: abort(500) if __name__ == '__main__': app.run(debug=True) The LED will flash red once the server is accessible again (because you probably changed attackmodes when testing)
  2. Might be a good problem for pre-booting with battery to solve
  3. I was struggling with that same project. I found an ICS vbs script online, a netsh command for static IP, and threw together ducky script to bring up powershell for it all, but the frickin driver install messes it all up as it takes too long. No amount of pre-sleeping can help. I wanted it to work on virgin computers so I had to uninstall BB ether every time I try to run it. I can give you my script so far if you'd like to help.
  4. Razer, no need to be brash. However, RTFMing is a good strategy to have productive forum posts.
  5. You would have to exploit any unpatched vulns that are through the network connections. Since you are the router, I suggest using QuickCreds to get the authentication information. Maybe use a cracker of some sort to decrypt the hashes, unlock the computer, run your commands for april fools, and then lock it again. In theory, this should work.
  6. Ok so it turns out it was because I was going straight to RNDIS without any in between. If I did STORAGE in between, it was recognized.
  7. Whenever I switch from ATTACKMODE HID STORAGE to ATTACKMODE RNDIS_ETHERNET, Windows 10 (1607) gives me a USB Device Not Recognized. It seems like the OS is rejecting it because the device that is was before is no longer there, and it it's like, hey, this wasn't there a second ago... I do get the USB device disconnects, and RNDIS_ETHERNET does work on this machine all by itself, but it seems that switching is the issue. Can anyone shed light on this? Device manager shows up as Unknown USB Device (Configuration Descriptor Request Failed).
  8. Yeah, this isn't the device for that. It's not possible to boot a machine and use the Bunny's cpu or use the bunnys os and the comps cpu. It also cannot mount the host disk directly. Edit: You could, however, setup a windows share on the C: drive and cifs mount that! I bet duckyscript can whip up a good series of CMD/Powershell commands to help you.
  9. This can be easily diagnosed as a power or system error by logging dmesg.
  10. Thanks for the update. I can understand a product launch being very hectic. Needless to say, I can't wait to get my hackery hands on it. I love what you guys do to make hacking accessible and fun!
  11. When was the March 10th batch declared? I ordered The BB on the 1st at 2pm, so it couldn't have been backordered then or my order status would have reflected it. I know this probably isn't the forum, but I need some feedback on what happened. The last update on my order said: "Being Processed" at 2pm on the 1st. Thanks!
  12. If it only reads it at boot, I can probably rig up a script to read the states of the switch as it's probably tied to something in /dev/. Then the real fun can begin.
  13. I don't know if this is practical at all, but I think it'd be pretty cool to be able to flip the switch a series of times to access different payloads or render the bunny inactive/active. Depending on the types of signals you guys use. Does the bunny necessarily restart after you flip the switch or is there an internal kill bash that happens and it switches to execing the other payload? Haven't got mine yet so I don't know. If so, I could probably put conditional logic to hide or disable the scripts.
  • Create New...