Dave-ee Jones
-
Posts
1,488 -
Joined
-
Last visited
-
Days Won
40
Posts posted by Dave-ee Jones
-
-
Or just > Payloads?
:P
+1
-
34 minutes ago, JBNZ said:
If anyone was wanting to experiment with this, just had a quick look and early indications are that this is fairly trivially achievable by modifying ATTACKMODE. I used the same format used for idProduct and idVendor to modify iSerialNumber and added SN_*) into the case statement which parses arguments. Now giving argument SN_DEADBEEF as argument to ATTACKMODE changes my device's serialnumber to that.
Will report back if I run into failure cases on this.
Neatly done. Although, people are rarely going to whitelist SN_DEADBEEF :P
-
1
-
-
23 minutes ago, Draxiom said:
I am confused. That is exactly what my payload does. The web GUI runs on the bb and you can swap out payloads or run commands. How is different from what you want to make?
Oh. Well RIP. I thought it was different...
Well, similar can also mean the same virtually, I guess.
I cannot run commands on it, if that makes you feel any better!
I do have a question though...For some reason any devices connected to the same network as the webserver cannot connect to the webserver. May have to wait until I port it to the BB.
Oh, another question, how did you get the Bunny to take commands? Or is it just a web-based console that the webserver acts on, not the BB?
-
30 minutes ago, Draxiom said:
Interesting. The web server I set up, should be able to run on arming mode, but you only get an ip if you share the internet with a host computer. Perhaps one could pipe the webpages through serial to lynx on the host.
Yeah, it will be similar to what you are doing basically. The BB will run a web server that allows computers connected to it to access it with a web GUI. This could allow someone to change payloads, update the library, etc.
Making an SSH/Serial terminal inside a webpage is very tricky without embedding someone else's program.
-
36 minutes ago, elkentaro said:
I'll have to look into it. The key would be to find out the byte array written to the /dev/hidg0 , in the ducky.py script . I'll take a look after I get done with some job-work. Although I suspect that if you add ["ALT-SHIFT-NUMLOCK " :"06,00,53"] to your language.json file it might work. Given that Alt-Shift is the modifier key code "06,00,00" and hence you would only need to add the num lock key to the modifier.
That would probably work.
-
17 minutes ago, Draxiom said:
Thanks @Dave-ee Jones. I agree that it would be best if you could run this payload from any computer, and not have to have internet sharing set up. However, I don't see a way of making it work in arming mode :/ Any suggestions? If you are in arming mode, you could probably just swap out payloads with the standard file browser, the normal way.
It does indeed work by copying payloads out of the library folder. I use git to clone the payloads directly to the mass storage, and then simple cp commands to move them to the available switch directory.
Sounds good! I'm making my own webserver via Powershell on a localhost. I will probably finish it out and then modify it to be compatible with a BB, so that it can run a webserver for any clients on it.
Not exactly sure what it is gonna be used for yet...Lol.
EDIT: I wonder if you can get a working serial terminal inside the webpage straight to the BB...
-
Just now, bg-wa said:
@Dave-ee Jones I'm sure ours are the same, as I have not modified mine. I'm wondering if I need to create a new "CTRL SHIFT NUMLOCK" command, or if I can accomplish this task with the existing keyboard methods.
I see no reason why it wouldn't work
-
I wonder if you can execute two QUACKs one after the other and still register them as one combo?
E.g.
QUACK ALT QUACK SHIFT NUMLOCKAlso, do you know if NUMLOCK is the correct term?
Another thing as well, maybe try quoting the whole 3 terms, because it might not like all 3.
-
What computer and OS are you using?
Could be your PC isn't giving it enough juice for some reason :P
Although, my phone happily boots up the Bunny...
EDIT: Try a different USB port. Preferably a USB 3.0 (usually has a blue plastic bit in the middle of it). Sounds like your USB port is a bit fiddly and it's tines are bent.
-
And no red lights or anything?
Can you verify the switch is in the closest position to the USB end?
Seems weird, but it also sounds like it could be something super simple, like it accidentally running a payload while in a switch position...
-
Clever. I like the idea of it booting a webpage on a local server so you can access it and have a nice looking Web GUI to change out your payloads or run a payload. What would be awesome is if you could get this running in Arming mode...
Does it work with the library folder? Like, seeing all the different payload folders in the library and swapping them out in the switches?
-
What I would do to debug it is this:
Remove the hidden window style so you can see what is going on, and remove the ErrorAction SilentlyContinue parameters as well so you can see the actual error that is happening. It could be you mistyped one of the strings or it could be you aren't accessing the right Control Panel area. Could be anything.
Just allow yourself to see any errors and make sure it is all working first before you hide everything.
-
4 minutes ago, Bryfi said:
It used to which is what is throwing me off. Now it just blinks green once then turns off. I tried factory reseting (in and out 3 times) no results. No red light
Be patient. At boot up it blinks green once/twice and then seems to turn off. After a few more seconds it will start flashing blue for a second per flash.
-
LED Status
Green (blinking) -> Booting up
Blue (blinking) -> Arming mode (ready for USB or whatever)
Red (blinking) -> Recovery mode (DO NOT UNPLUG!)
Blue and Red happen after boot-up. Does it flash green or just stay green?
If you plug it in Arming mode (closest to the USB end) it should flash green for a bit, go off for a few seconds and come back on with a blinking blue light (might go solid as well).
If you plug it in Switch 1/2 it will do what the payload has set the LED light to be. 99% of payloads have details on what colours mean in a readme.txt or readme.md in the same folder as the payload. Or you can look at the payload.txt and see for yourself.
For more details, go here.
-
1
-
-
I would recommend Veeam, Syncrify or MS Backup.
-
Don't forget to install the tools. Just put the whole of the installing tools folder into a payload's folder and run the BB under that switch position and it'll do it by itself.
-
Instead of disabling DHCP etc. when switching on the fly why not just make both switches refer to a different payload.txt in the one switch folder? That would mean that switch1 and switch2 are just text files and not folders, so it would just run the text files without changing DHCP and mounts etc.
Would be quicker, don't know how easy it would be to redo that system...
-
On 3/25/2017 at 4:12 AM, Blix said:
Dear Peter,
Thank you for this answer. I can see that some of my questions are started to be solved in other threads here. I really appreciate your concern and that you took the time to answer. Let me know if I can help you with anything.
If you are anyone else here would be interested in helping us all sort out this question that would be great:
Which of these scripts that are available for the BB, will work and produce the expected result on a windows 10 box where the user is logged in but the computer is locked?
/Blix
Unbelievable. He just said himself that the answers to find these questions are all over the forums and he asks it AGAIN anyway after saying he already knew where to find the answer.
Severe laziness is what is NOT driving this guy, and glory-seeking in the TV scene is what IS driving this guy..
-
Blix,
It may not be a good idea to make a public demonstration on TV of how the BashBunny works. 80% of the general public wouldn't even understand what the name of the USB means, let alone how to use it or how to program it. Also remember it is easily considered a 'hacking tool', so don't expect everyone to take it well.
Also, based on your first post, you are asking the forums to design your whole show for you, basically giving you the credit for 'our' work.
6 hours ago, Blix said:It is not a matter of "know how to make payloads" or not. I am sure all on this forum can create, modify and combine payloads...
All except you it seems.
The forums are right here. There are many payloads posted, and quite a few on the GitHub for BashBunny (www.bashbunny.com is the place to go).
My suggestion would be is to work out the BashBunny for yourself, see how it works, program your own scripts and, if you HAVE to do a TV show, run it how you would want to see it run.
It would look pretty silly for someone to run a show about something that he has no idea about himself. If you were pulled over for an interview on the BashBunny what would you say? If they asked you to show them how you can write a payload or how you can utilise the Ducky script, how would you go about it? You couldn't, because you have no idea yourself.
So I wouldn't go about it that way.
-
3
-
-
Well, it is starting a server up...Not exactly the quickest thing to do
Just be silly and set the delay to ~15-20 seconds :P
-
41 minutes ago, illwill said:
you need to escape bash special chars with backslashes or quotes or theyll be translated by the bashbunny as commands
check out how I did it to my powershell script here
I would say it doesn't like those special characters as well. What could be best is using a separate text file and then just saying something like
QUACK switch1/file.txtand let it run them line by line in the file. Would definitely be easier for your larger amount of code.
-
Well, if you think of the Bash Bunny as a small Linux machine then it would predominantly be made for Serial shells. Using SSH, it may have to convert its connection to Serial before it can perform such an action. I'm not quite sure though.
Do you have to use SSH?
-
Remember to add your
QUACK STRING <line>
to actually use the HID injection. Just using that line/those lines without a command in front of them won't do anything. It will just come up with similar errors.
-
Are you calling this line with a QUACK command?
If so, try doing this:
".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\" "$SWITCH_POSITION" "\a.cmd')"
Use 3 separate commands, one after the other, to write them instead of all in one line. Sometimes it misinterprets something and gets confused.
Bunny vs Duck
in Bash Bunny
Posted
Bunny :D