Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


1 Follower

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

bg-wa's Achievements


Newbie (1/14)

  1. Bump! Ducky Script 2.0 on the Bunny would be super cool! I was watching the Payload Party the other day and was hoping I could finish this old Windows Mouse Control payload (https://github.com/bg-wa/bashbunny-payloads/blob/windows_mouse_control/payloads/library/general/windows_mouse_control/payload.txt) with the new HOLD command (https://docs.hak5.org/hc/en-us/articles/360047381354-QUACK-and-Ducky-Script-2-0) +1
  2. Is this safe for whom? Is this safe for you to use, because it saves you time? Sure! Just as a hammer can build a house or break a window, a script is a "safe" as the person using it. If you think its a useful tool someone else could use, commit it back to the repo. If not, keep it local.
  3. Haven't seen this before. Have you tried a factory reset?
  4. bg-wa

    Nothing Works...

    This is the official, tested, working solution to do a factory reset: If you can't get to the "police" pattern, you're unplugging the device at the wrong time.
  5. Lee, You should install git for windows: https://git-scm.com/download/win then run the command: git clone https://github.com/hak5/bashbunny-payloads.git This will download all the files you need locally AND let you contribute back to the community. https://github.com/hak5/bashbunny-payloads.git
  6. @anao00 Yes, you are correct DNS is a fragile system (in more ways than this example). Regardless of where you intercept, it can be difficult to detect. One thing not mentioned is SSL... you can use this method to host https://amazon.com at https://my-custom domain.com or http://amazon.com, but you wont have the right cert on your middleware machine to host https://amazon.com. Its subtle, but browsers are doing a better job of pointing out non-secure sites lately.
  7. I made this a few weeks ago. https://github.com/bg-wa/rails_in_the_middle Set up the app and point your DNS to it, point the app to the site you want to modify, and inject whatever code you want before it's sent to the user (also works the other direction, sending data to the original server). *Also not sure how practical this is, but its possible.
  8. *** UPDATE *** I've copied this AMI to all US Regions
  9. @criticalmass Nope, I can see it from multiple AWS accounts when I search "hak5" and filter by "Community AMIs"
  10. I put together a basic EC2 instance for C2 Community Edition based on Ubuntu 18.04 HAK5-C2-Community - ami-075cd8edc70aeda3f 1. Search hak5 in EC2 community AMIs 2. Launch a new instance with 22, 80, 443 and 2022 open in your security group. 3. Configure your domain in DNS for certbot. 4. Connect and run: sudo ./c2_community-linux-64 -hostname "YOUR-DOMAIN" -https 4. Visit your domain and finish setup with supplied Setup Token and License Key
  11. I don't see a github page... can we contribute? I wrote BB Studio back in march and would be stoked to share what I learned.
  12. Kinda late, so maybe you already got this working, but I use codemirror a lot: https://github.com/fixlr/codemirror-rails Working example with file access here: https://github.com/bg-wa/bash-bunny-studio
  13. I started this quick POC, which uses Rails as a web-content proxy to allow intercepting and modifying html pages. [End User Request > My Bad URL > Actual server > My Bad URL > Nokogiri (modify response) > End User Response] It's pretty bare bones and allows you to browse any website at your own URL, modifying the response in the middle. https://github.com/bg-wa/rails_in_the_middle Seems like an interesting loophole. Even with CORs set up properly, assets could be stored and re-served to the end user.
  14. Customize your Bash Bunny with this 3D Printed switch! Lose or break your switch? Print a new one! Do you have a bunny infestation? Organize them by colors instead of tape! Get it here: https://github.com/bg-wa/bash-bunny-switch The switch surface area is large enough to draw/print a single character for further customization. Enjoy!
  15. I also tried this, without much luck. I was trying to touch a new file at either [/Volumes/.../mac.txt] or [/meadi/.../linux.txt] etc. in a loop, then check for that file on the bunny side. It sort of worked, but wasn't great. HID only TARGET OS would be great, but I haven't put much time into researching 2-way HID communication possibilities with standard drivers.
  • Create New...