Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by oXis

  1. . C:\YOURPATH\get_facebook_cookies.ps1 To import the code. Windows might warn you that the code is not signed or something like that.
  2. `get_facebook_cookies.ps1` is a Powershell script that creates two functions ( Get-FacebookCreds-Firefox and Get-FacebookCreds-Chrome). If you import this script inside one of yours, or if you import this script inside a Powershell shell you can then use those functions.
  3. Replace sudo with a little bash script that acts like a wrapper around the real sudo to get sniff the password when the admin is using the sudo command.
  4. Looks great. It's a shame you're installing pip packages on the victim computer, maybe you can try and bundle those packages together to avoid having to rely on a external internet connexion.
  5. A couple of time ago I posted this script on Evil Portal's topic. The PineAP works with openwrt, so the iptable chains are a little bit different than the ones in Debian for example, so it's hard to use a Pi to prototype the rules. Here is my script, https://pastebin.com/zZhzqf91 the init section shows the rules to redirect traffic. HTTPS is hard to redirect because of HSTS and Certificates, either you drop it or you expect clients to authorised the self signed certificate (doesn't work with HSTS). Hope it helps.
  6. Hi, You should have a folder /sd/portals, the symlink is from /root/portals to /sd/portals (ln -s TARGET LINK), so the command is ln -s /sd/portals /root/portals Hope it helps
  7. It works on my Nano, so I bet it's in the kernel now. Take the last version, I've changed something (HTTP input ACCEPT)
  8. Hi @newbi3, I've been looking at the iptables rules to create a captive portal. Because the PineAP runs OpenWrt, there are some predefined rules that interfere with yours. So I've written a script that creates the iptables rules. https://pastebin.com/zZhzqf91 ./portal.sh init -> will initialise the captive portal ./portal.sh purge -> remove all the rules, but keep OpenWrt ones ./portal.sh add/remove IP -> authorise a user HTTP (80) is successfully redirected to port 80 on the PineAP. HTTPS (443) is dropped and DNS is accepted (you can also redirect locally). I can't find a way to have HTTPS redirections to work without a certificate error or a protocol error if you redirect to port 80. Hope it helps :) (I fixed SSH and PineAP manager address, now it works)
  9. Ding ding, it's payload time This is a two stages payload. First you use the 'injector' that will install a small bash script which is a wrapper for sudo. The script will store the passwords. Second, you use the 'cleaner' to get the passwords back and clean the backdoor. So basically, you get access to a computer running MacOS or Linux (you can config the payload by setting mac=true) and you install the backdoor. A couple of hours/days/weeks later you comme back, grab the passwords and erase traces. Easy Link: https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/credentials/SudoBackdoor I'll submit a pull request but first I need people to test this on MacOS and Linux. It works on my Linux Mint. Ninja!
  10. I've been also working with a HTTP Python server with firmware 1.1 of the Bunny and I discovered that sometimes, when you reach the end of the payload, the server stop working. But it doesn't happen all the time, it's like the bunny kills the payload. If it happens, you can see the LED switched off. Put a "sleep 60" a the end of the payload and see if this is the same error.
  11. oXis

    Violation of CoC

    This is wicked man
  12. Payload updated! Now without any connexion to the Internet. A python script will pop a HTTP server, powershell will use this http server to download the payload and then upload the results to it. Check it out here -> https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/WindowsCookies But, I've come across some bugs in Windows 7, powershell regex groups are not working....
  13. I had the same problem. Your solution seems fine I rewrote the password grabber for firefox because the powershell script is detected by kaspersky. Instead of grabbing the password and decrypt it using powershell, I copy key3, cert8, and logins in the loot folder and use a python script to decrypt the password within the BB.
  14. Ok, I wrote the payload (mainly using illwill code base) and also support for Firefox cookies. https://github.com/oXis/WindowsCookies What do you you think?
  15. Hi, Based on the powershell script written to extract creds from Google Chrome, I made a script to read the SQLite database where the cookies are stored and extract Facebook session cookies. It uses no library, like in the ChromeCreds payload, I use regex to search for the cookies. I haven't written any payload, and I also want to do the same with Firefox. http://pastebin.com/25Z8peMb Enjoy
  16. I'm far from being able to do that.
  17. Thanks, I haven't thought about looking for Ducky scripts..., I actually found a script to bypass the lock screen, can't test it now though. Yes, that's what I'm looking for.
  18. Hi, I just ordered my Bash Bunny, and while I'm waiting for it, I'm gathering info for my project. On the github, there is a payload to loot data from a Windows host and I would like to do the same for an Android phone. The idea will be to use adb to extract the data, but if the Debug Mode is not on (mostly the case for normal users) you can't really use adb. I have a Galaxy S5 mini (Android 4.4 I think) to test my code on. The idea is to proceed like below: 1/ Being able to steal data from an -unlocked- phone with Debub mode enable (I think this part is easy :) ). 2/ Being able to steal data from an -unlocked- phone with Debub mode disabled. 3/ Being able to steal data from a -locked- phone with Debub mode disabled. Do you people have some kind of idea about how to do it? Like exploit a flaw to use adb or inject an app. I'm sure we can find something :)
  • Create New...