Jump to content
Hak5 Forums

oXis

Active Members
  • Content count

    18
  • Joined

  • Last visited

About oXis

  • Rank
    Hak5 Fan

Profile Information

  • Gender
    Male
  • Location
    Oui
  1. darkCharlie (stealing SSH creds)

    Looks great. It's a shame you're installing pip packages on the victim computer, maybe you can try and bundle those packages together to avoid having to rely on a external internet connexion.
  2. [PAYLOAD]SudoBackdoor

  3. A couple of time ago I posted this script on Evil Portal's topic. The PineAP works with openwrt, so the iptable chains are a little bit different than the ones in Debian for example, so it's hard to use a Pi to prototype the rules. Here is my script, https://pastebin.com/zZhzqf91 the init section shows the rules to redirect traffic. HTTPS is hard to redirect because of HSTS and Certificates, either you drop it or you expect clients to authorised the self signed certificate (doesn't work with HSTS). Hope it helps.
  4. [Official] EvilPortal

    Hi, You should have a folder /sd/portals, the symlink is from /root/portals to /sd/portals (ln -s TARGET LINK), so the command is ln -s /sd/portals /root/portals Hope it helps
  5. [Official] EvilPortal

    It works on my Nano, so I bet it's in the kernel now. Take the last version, I've changed something (HTTP input ACCEPT)
  6. [Official] EvilPortal

    Hi @newbi3, I've been looking at the iptables rules to create a captive portal. Because the PineAP runs OpenWrt, there are some predefined rules that interfere with yours. So I've written a script that creates the iptables rules. https://pastebin.com/zZhzqf91 ./portal.sh init -> will initialise the captive portal ./portal.sh purge -> remove all the rules, but keep OpenWrt ones ./portal.sh add/remove IP -> authorise a user HTTP (80) is successfully redirected to port 80 on the PineAP. HTTPS (443) is dropped and DNS is accepted (you can also redirect locally). I can't find a way to have HTTPS redirections to work without a certificate error or a protocol error if you redirect to port 80. Hope it helps :) (I fixed SSH and PineAP manager address, now it works)
  7. [PAYLOAD]SudoBackdoor

    Ding ding, it's payload time This is a two stages payload. First you use the 'injector' that will install a small bash script which is a wrapper for sudo. The script will store the passwords. Second, you use the 'cleaner' to get the passwords back and clean the backdoor. So basically, you get access to a computer running MacOS or Linux (you can config the payload by setting mac=true) and you install the backdoor. A couple of hours/days/weeks later you comme back, grab the passwords and erase traces. Easy Link: https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/credentials/SudoBackdoor I'll submit a pull request but first I need people to test this on MacOS and Linux. It works on my Linux Mint. Ninja!
  8. Python server not continuous on BB

    I've been also working with a HTTP Python server with firmware 1.1 of the Bunny and I discovered that sometimes, when you reach the end of the payload, the server stop working. But it doesn't happen all the time, it's like the bunny kills the payload. If it happens, you can see the LED switched off. Put a "sleep 60" a the end of the payload and see if this is the same error.
  9. {PAYLOAD] MrRobot

    This is wicked man
  10. Facebook Session cookies

    Payload updated! Now without any connexion to the Internet. A python script will pop a HTTP server, powershell will use this http server to download the payload and then upload the results to it. Check it out here -> https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/WindowsCookies But, I've come across some bugs in Windows 7, powershell regex groups are not working....
  11. Facebook Session cookies

    I had the same problem. Your solution seems fine I rewrote the password grabber for firefox because the powershell script is detected by kaspersky. Instead of grabbing the password and decrypt it using powershell, I copy key3, cert8, and logins in the loot folder and use a python script to decrypt the password within the BB.
  12. Facebook Session cookies

    Ok, I wrote the payload (mainly using illwill code base) and also support for Firefox cookies. https://github.com/oXis/WindowsCookies What do you you think?
  13. Facebook Session cookies

    Hi, Based on the powershell script written to extract creds from Google Chrome, I made a script to read the SQLite database where the cookies are stored and extract Facebook session cookies. It uses no library, like in the ChromeCreds payload, I use regex to search for the cookies. I haven't written any payload, and I also want to do the same with Firefox. http://pastebin.com/25Z8peMb Enjoy
  14. Android data looting

    I'm far from being able to do that.
  15. Android data looting

    Thanks, I haven't thought about looking for Ducky scripts..., I actually found a script to bypass the lock screen, can't test it now though. Yes, that's what I'm looking for.
×