Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by mame82

  1. Common, there's a LanTurtle with a 3G shield added (and a small price increase )
  2. The post referred to an order of an OrangePi on AliExpress. I'm pretty sure the Allwinner SoC is ARM based, not MIPS. The packet squirrel is based on a MIPS SoC, which doesn't seem to be the fastest one (according to the complains on LanTurtle, which uses the same SoC)
  3. Not sure what should be ported. You ordered an ARM device capable of running a full fleged Linux distro. Use the packet manager to add the tools you need, prepare a setup script and ad it to a systemd service to run on boot ... done. Most of the cheap single board computers available today could do the job.
  4. Now you mentioned BLE. I'm doing some tests against my "Smart bulb". The setup: P4wnP1 connected to external SSH server using local WiFi and AutoSSH. Shell access to P4wnP1 from a place several kilometres away through same Internet facing SSH server. From remote connection P4wnP1's Bluetooth module is used to write characterostics to the bulb (which is nearby to P4wnP1) and read back results. So I'm fuzzing a BLE bulb over Internet with P4wnP1 running on a device which is cheaper than the bulb. Unfortunately I'm still not sure where to place my BashBunny in this setup :-(
  5. mame82

    BB vs RP Zero

    When I wrote the 'LockPicker' payload for P4wnP1, the intention was how things could be combined. Cracking isn't the best idea on neither of the two devices. Btw. I used JtR Jumbo in its default setting, which means it isn't a pure dictionary attack, but goes on with pattern based bruteforcing. In fact the behavior of JtR could be modified per config file, which I haven't done for the LockPicker demo. Now as P4wnP1 is able to join an Internet connected WiFi AP and connect to an external SSH server, it wouldn't be a big problem to load up a captured hash to a more powerfull applience. The remotely cracked credentials could than be downloaded again and used to unlock the target. I'm not willing to implement such payloads for P4wnP1, as it is meant to be a framework. A demo using the AutoSSH feature to bring up a remote shell (only communicating through a USB HID interface with the target) and relay it to an external SSH server is in the P4wnP1 repo, which shows the basic capabilities. This unfortunately can't be done with BB due to its hardware limitations. Here's a tweet with a picture on the basic idea
  6. Beside the fact that I brought up P4wnP1, before BashBunny was there, the devices are comparable. In fact there's a feature comparison in the P4wnP1 readme. So there're two things P4wnP1 could do, which BB isn't capable of: - bring up an USB HID device which serves as covert backchannel to get networkless remote shells - relay this shells to built-in WiFi AP Okay, maybe there's more in the future (bluetooth support, CDROM emulation, pivoting by tunneling TCP sockets through HID device). P.S. P4wnP1 has a payload to unlock boxes, after a hash has been fetched:
  7. @qdba Although I'm still waiting for the bash bunny to arrive, two ideas come into mind in order to achieve what you want. We known Python Responder is available (for Quick Creds)... 1) Use pre-installed python with python -m SimpleHTTPServer 2) As responder is able to deliver a custom HTTP error page, change the error page to deliver your powershell payload and you should be able to access it (no matter what target URI your victim client is using). To change the HTTP header of the Responder error page, some code manipulation is needed (change content-type from "text/html" to "application/octet-stream"), but you're basically able to deliver a custom HTTP page
  8. @Darren Kitchen Maybe we should get in touch, according the composite device configuration which is needed to make Windows enumerating the interfaces in correct manner. Feel free to copy the setup from my repo, otherwise. Would love to see this PnP capability for RNDIS+UMS+HID in Bash Bunny firmware, too. I'm looking forward for the arrival of my bash bunny. I'm really interested in how you managed to get the device to act as insanely fast 2GBit adapter. Could you give details on the UDC of bash bunny?
  9. @Darren Kitchen Your statement on the need of manual driver installation for a RNDIS composite device is wrong. My already mentioned project P4wnP1 works as composite RNDIS, USB Mass Storage, HID keyboard and CDC ECM without installing custom drivers on Windows 7 to 10 (Plug and Play). Its a matter of having the right USB configuration to force Windows to enumerate the composite interfaces one by one and install a driver for each single interface. BTW. Although I'm doing exactly the same on a 5$ device, I ordered a bash bunny - I like the work of hak5 ... Keep on going. See here for details: P4wnP1
  • Create New...