Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by bg-wa

  1. Bump! Ducky Script 2.0 on the Bunny would be super cool! I was watching the Payload Party the other day and was hoping I could finish this old Windows Mouse Control payload (https://github.com/bg-wa/bashbunny-payloads/blob/windows_mouse_control/payloads/library/general/windows_mouse_control/payload.txt) with the new HOLD command (https://docs.hak5.org/hc/en-us/articles/360047381354-QUACK-and-Ducky-Script-2-0) +1
  2. Is this safe for whom? Is this safe for you to use, because it saves you time? Sure! Just as a hammer can build a house or break a window, a script is a "safe" as the person using it. If you think its a useful tool someone else could use, commit it back to the repo. If not, keep it local.
  3. Haven't seen this before. Have you tried a factory reset?
  4. bg-wa

    Nothing Works...

    This is the official, tested, working solution to do a factory reset: If you can't get to the "police" pattern, you're unplugging the device at the wrong time.
  5. Lee, You should install git for windows: https://git-scm.com/download/win then run the command: git clone https://github.com/hak5/bashbunny-payloads.git This will download all the files you need locally AND let you contribute back to the community. https://github.com/hak5/bashbunny-payloads.git
  6. @anao00 Yes, you are correct DNS is a fragile system (in more ways than this example). Regardless of where you intercept, it can be difficult to detect. One thing not mentioned is SSL... you can use this method to host https://amazon.com at https://my-custom domain.com or http://amazon.com, but you wont have the right cert on your middleware machine to host https://amazon.com. Its subtle, but browsers are doing a better job of pointing out non-secure sites lately.
  7. I made this a few weeks ago. https://github.com/bg-wa/rails_in_the_middle Set up the app and point your DNS to it, point the app to the site you want to modify, and inject whatever code you want before it's sent to the user (also works the other direction, sending data to the original server). *Also not sure how practical this is, but its possible.
  8. *** UPDATE *** I've copied this AMI to all US Regions
  9. @criticalmass Nope, I can see it from multiple AWS accounts when I search "hak5" and filter by "Community AMIs"
  10. I put together a basic EC2 instance for C2 Community Edition based on Ubuntu 18.04 HAK5-C2-Community - ami-075cd8edc70aeda3f 1. Search hak5 in EC2 community AMIs 2. Launch a new instance with 22, 80, 443 and 2022 open in your security group. 3. Configure your domain in DNS for certbot. 4. Connect and run: sudo ./c2_community-linux-64 -hostname "YOUR-DOMAIN" -https 4. Visit your domain and finish setup with supplied Setup Token and License Key
  11. I don't see a github page... can we contribute? I wrote BB Studio back in march and would be stoked to share what I learned.
  12. Kinda late, so maybe you already got this working, but I use codemirror a lot: https://github.com/fixlr/codemirror-rails Working example with file access here: https://github.com/bg-wa/bash-bunny-studio
  13. I started this quick POC, which uses Rails as a web-content proxy to allow intercepting and modifying html pages. [End User Request > My Bad URL > Actual server > My Bad URL > Nokogiri (modify response) > End User Response] It's pretty bare bones and allows you to browse any website at your own URL, modifying the response in the middle. https://github.com/bg-wa/rails_in_the_middle Seems like an interesting loophole. Even with CORs set up properly, assets could be stored and re-served to the end user.
  14. Customize your Bash Bunny with this 3D Printed switch! Lose or break your switch? Print a new one! Do you have a bunny infestation? Organize them by colors instead of tape! Get it here: https://github.com/bg-wa/bash-bunny-switch The switch surface area is large enough to draw/print a single character for further customization. Enjoy!
  15. I also tried this, without much luck. I was trying to touch a new file at either [/Volumes/.../mac.txt] or [/meadi/.../linux.txt] etc. in a loop, then check for that file on the bunny side. It sort of worked, but wasn't great. HID only TARGET OS would be great, but I haven't put much time into researching 2-way HID communication possibilities with standard drivers.
  16. I present: The Bunny Cage The Bunny Cage is a CHIP single board computer, with battery, broadcasting its own AP and running Bash Bunny Studio With this device, you can program your Bash Bunny wirelessly from your phone or tablet, then let it out of the cage when your payload is ready! STL Files Here: https://github.com/bg-wa/bash-bunny-cage This is a really simple project that can be run on any SBC, with wifi and Rails installed. Enjoy!
  17. Alright, I reworked almost the entire app... The UI is now built on Foundation, is mobile friendly and is much easier to maintain. I'll be finishing up some small features shortly, but I don't foresee any more major framework overhauls at this point. @Dave-ee Jones Feel free to submit a PR with whatever additional UI changes you want to see! If anyone else wants to contribute, or test (especially on Windows) please jump right in!
  18. Bash Bunny Studio can now: - Edit multiple files in your payload folders. - Run Git commands - Glow in the dark ENJOY!
  19. I just put this on a CHIP (w/ battery, hosting an AP), and I can now manage/edit payloads, from my phone over wifi!! This is cool because I can now use one BB, and load/edit any payload I want, in the field on the fly! If I want to change the OS, target_dir, or ETH adapter, I don't even need a laptop! Pretty stoked about this! @C1PH3R you are correct. For now, you can only edit the payload.txt on each switch, I'll probably add some recursive editors to each payload tab, but I'll need some logic to determine syntax hilighting for different file types... I should probably add a tab to access loot data as well... and a BB updater... Lots of fun stuff ahead, but the core is here. @Sebkinne Let me know if there are any other features you had in mind for this project. This is quickly becoming my main development workflow, so I'm sure I'll be adding it quite a bit over the next few weeks.
  20. Here is a little tool I wrote today to manage most bash bunny functions from the web browser. I was tired of copying files all over the place in a file manager, so this lets me do 90% of my development from one screen. This tool lets you mount/unmount the bunny, clone a BB github repo, one-click copy payloads to either switch, in-browser edit payloads, manage extensions, and view debug logs. Feel free to fork and add to it! https://github.com/bg-wa/bash-bunny-studio
  21. Like @C1PH3R said, I'd probably replace Lines 19-22 with: RUN UNITY xterm (for some reason I've had better luck executing commands in xterm than with terminal in Unity) and you'll also need to change your loot_dir to something like: /media/$USER/BashBunny/loot/XYZ then obviously 'killall xterm' instead of terminal. ** Also untested
  22. Hey Luca, You can cut down this code, by putting your file types into an array, then loop through that array, executing at each object your if Exist %USERPROFILE%\Searches (xcopy /C /Q /G /Y /S %USERPROFILE%\Searches\*.[YOUR FILE EXTENSION FROM ARRAY] %dst% >>nul) https://stackoverflow.com/questions/8880603/loop-through-an-array-of-strings-in-bash This will trim up your code for each location. To make it even smaller, you should throw that line into a new function, then call it, passing your location and file-type. As a positive side effect, will also make the script much easier to test and maintain. https://stackoverflow.com/questions/6212219/passing-parameters-to-a-bash-function
  23. Yep, @Rinilyn. Your post reminded me to go back and look at this. I just though I'd put it in an easier to find location, rather than bury it in your post. In my tests I didn't need to do anything with Cucumber. I would have liked it to auto-detect the OS like you had mentioned (or faster yet, just the TARGET_IP), but trying to set the attackmode to eth, without the bunny plugged in, stalled the script and didn't execute any code following the attackmode. The solution I found, using SWITCH, doesn't automatically continue your script, but toggling the switch is an easy solution at this point. In the future I'd like to figure out a way to automate this. My next attempt will be enabling storage, and trying to detect when the Bunny is mounted, then continue the script... Sounds easy enough right?
  24. I remember this being a topic a while back and I couldn't find a dedicated thread. So, I thought I would share how I was able to eliminate boot time, by priming the Bash Bunny with a USB power supply, then use the new SWITCH extension to instantly execute a payload when I plug-in/toggle switch. This could be super useful if you had to, say, wait 15 seconds for a web-server to boot up on your Bunny... The cable I used is included in the Pineapple Nano: The (Super Simple) Code: https://github.com/bg-wa/bashbunny-payloads/blob/warmup/payloads/library/general/warmup/payload.txt (There is probably a better way to automatically wait for the device to be plugged in, but SWITCH worked for this POC.)
  25. It sounds like you have done a good job troubleshooting so far. A couple things I'd try next would be: Try peppering your payload with the DEBUG command to write some custom logs and see exactly where your script is failing. (https://github.com/hak5/bashbunny-payloads/blob/master/payloads/extensions/debug.sh) Screen/putty into the Bunny and try running the commands you think are failing, manually. This will help you figure out any dependencies you may be missing (https://wiki.bashbunny.com/#!index.md) You can easily install dependencies with a shared internet connection (https://www.hak5.org/gear/bash-bunny/docs) Pick a specific payload, troubleshoot as far as you can with the above methods, then ask a more specific question on the selected payload's official thread (https://forums.hak5.org/forum/93-payloads/)
  • Create New...