Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Profile Information

  • Gender
  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

oXis's Achievements


Newbie (1/14)

  1. . C:\YOURPATH\get_facebook_cookies.ps1 To import the code. Windows might warn you that the code is not signed or something like that.
  2. `get_facebook_cookies.ps1` is a Powershell script that creates two functions ( Get-FacebookCreds-Firefox and Get-FacebookCreds-Chrome). If you import this script inside one of yours, or if you import this script inside a Powershell shell you can then use those functions.
  3. Replace sudo with a little bash script that acts like a wrapper around the real sudo to get sniff the password when the admin is using the sudo command.
  4. Looks great. It's a shame you're installing pip packages on the victim computer, maybe you can try and bundle those packages together to avoid having to rely on a external internet connexion.
  5. A couple of time ago I posted this script on Evil Portal's topic. The PineAP works with openwrt, so the iptable chains are a little bit different than the ones in Debian for example, so it's hard to use a Pi to prototype the rules. Here is my script, https://pastebin.com/zZhzqf91 the init section shows the rules to redirect traffic. HTTPS is hard to redirect because of HSTS and Certificates, either you drop it or you expect clients to authorised the self signed certificate (doesn't work with HSTS). Hope it helps.
  6. Hi, You should have a folder /sd/portals, the symlink is from /root/portals to /sd/portals (ln -s TARGET LINK), so the command is ln -s /sd/portals /root/portals Hope it helps
  7. It works on my Nano, so I bet it's in the kernel now. Take the last version, I've changed something (HTTP input ACCEPT)
  8. Hi @newbi3, I've been looking at the iptables rules to create a captive portal. Because the PineAP runs OpenWrt, there are some predefined rules that interfere with yours. So I've written a script that creates the iptables rules. https://pastebin.com/zZhzqf91 ./portal.sh init -> will initialise the captive portal ./portal.sh purge -> remove all the rules, but keep OpenWrt ones ./portal.sh add/remove IP -> authorise a user HTTP (80) is successfully redirected to port 80 on the PineAP. HTTPS (443) is dropped and DNS is accepted (you can also redirect locally). I can't find a way to have HTTPS redirections to work without a certificate error or a protocol error if you redirect to port 80. Hope it helps :) (I fixed SSH and PineAP manager address, now it works)
  9. Ding ding, it's payload time This is a two stages payload. First you use the 'injector' that will install a small bash script which is a wrapper for sudo. The script will store the passwords. Second, you use the 'cleaner' to get the passwords back and clean the backdoor. So basically, you get access to a computer running MacOS or Linux (you can config the payload by setting mac=true) and you install the backdoor. A couple of hours/days/weeks later you comme back, grab the passwords and erase traces. Easy Link: https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/credentials/SudoBackdoor I'll submit a pull request but first I need people to test this on MacOS and Linux. It works on my Linux Mint. Ninja!
  10. I've been also working with a HTTP Python server with firmware 1.1 of the Bunny and I discovered that sometimes, when you reach the end of the payload, the server stop working. But it doesn't happen all the time, it's like the bunny kills the payload. If it happens, you can see the LED switched off. Put a "sleep 60" a the end of the payload and see if this is the same error.
  11. oXis

    Violation of CoC

    This is wicked man
  12. Payload updated! Now without any connexion to the Internet. A python script will pop a HTTP server, powershell will use this http server to download the payload and then upload the results to it. Check it out here -> https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/WindowsCookies But, I've come across some bugs in Windows 7, powershell regex groups are not working....
  13. I had the same problem. Your solution seems fine I rewrote the password grabber for firefox because the powershell script is detected by kaspersky. Instead of grabbing the password and decrypt it using powershell, I copy key3, cert8, and logins in the loot folder and use a python script to decrypt the password within the BB.
  14. Ok, I wrote the payload (mainly using illwill code base) and also support for Firefox cookies. https://github.com/oXis/WindowsCookies What do you you think?
  • Create New...