Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by Blix

  1. Hi Decoy and friends, As said above, you can install DuckyInstall by putting it at a switch as a payload and run it. This results in that the following language files are put here root@bunny:~/tools/DuckToolkit/ducktoolkit/languages# ls be.json ca.json de.json es.json fr.json hr.json no.json se.json us.json br.json ch.json dk.json fi.json gb.json it.json pt.json si.json What I did was to copy the needed .json file (change xx to your language) into the following location in the BB: root@bunny:~/tools/DuckToolkit/ducktoolkit/languages# cp xx.json /root/tools/languages/ Now, you can use the following in the payload scripts after the ATTACKMODE HID command (Exchange XX with the laungage letters of the xx.json file you copied: Q SET_LANGUAGE XX I have tried this and for the FIRST time I managed to get a payload to run! Yippie! The payload I tested with was "Faster SMB Exfiltrator" from Darren of Hak5. It worked! Of course, you need to install the tools (run tools-installer just as any payload, put it on a switch and run it) and also log in to the BB using a terminal and from the impacket folder and run "python setup.py install" Before. After that, it hopefully will work! /Blix
  2. Hi, is there an ETA on the new language support mentioned here? What will become more clear on a few Days?
  3. You are probably wrong, since you can remote connect to win registry and change the registry key for the background Picture, given that you have access rights (hopefully the target computer have sloppy security, it may work).
  4. Hi, I checked carefully, tested 10 different language setting and examined the us.json file in root tools languages. Since there are no other files, I guess it is safe to say those keyboards are not availale for the BB. Suggestion: Can we have a forum or subforum with language files? Is there anyone else out there struggling with this? I have spent at least 20 hours on this language problem so far. Any solutions? /Blix
  5. Well, but the format of these files are not suitable for the BB, correct. This is only for the Rubber Ducky. I looked at the us.json file on the BB and that specifies the keys with a six digit code like 02:00:15 (meaning e.g. shift plus key 15 on a US keyboard). Is there a repository with json BB keyboard files for the bashbunny? If not, would it be possible for someone at Hak5 to convert all these so that thousands of hours worth of good work around the globe is not wasted (if we all have to do this manually). /Blix
  6. Thank you Decoy! Appreciated! /Blix
  7. What s/he means is that in order to use the Bunny at all, for any HID-based experiments, one needs to have ones local keyboard mapping, or else or experiments (payloads) provided with the BB will fail, since all special characters will be different. E.g. if I run a script with some flags like "-nop -hidden -didden", then instead of this, the following will be the output "+nop +hidden +didden". Same for / # " = - : and so on, so you can imagine. Also, it is not possible to change the target system language and input to US, since because of difference of ANSI and ISO keyboards standards yet some small number of special characters will still be different. Therefore, s/he needs to under stand two things: 1) How to I set Another laungage is the payload, and 2) Where are any already existing keyboard layout files that are to be put under /root/tools/languages? /Blix
  8. Fellas, For those of you who pass all tests above and have the SMB server running, check that you have actually downloaded all the powerscripts that the payload refers to from bashbunny-payloads/payloads/DumpCreds_2.0/PS/ . I know some people who forgot to do that...... /Blix
  9. Problem: - You are not on a US keyboard and have different language and keyboard layout. WIndows computer. - You do not want to hassle with keyboard files, but just get the BB to work with all US payloads. Partial solution: To answer my own question after a few hours more, this is a possible solution, just put this in the payload file. Note that I had to change the "-"-sign to a "/"-sign in the script before the language is changed. This may work for you as well. #!/bin/bash # Initiate attack ATTACKMODE HID STORAGE # Change keyboard layout and languange to bashbunnys homeland Q GUI r Q DELAY 500 Q STRING "powershell /windowstyle hidden Set/WinUserLanguageList /LanguageList en/US /force" Q ENTER Q DELAY 5000 Q STRING exit Q ENTER # Put your attack payload here Q GUI r Q DELAY 500 Q STRING notepad Q ENTER Q STRING PAYLOADS ARE GONNA WORK TRY KEYS NOW SEE YOU HAVE US KEYS Q DELAY 9000 # Revert to targets original keyboard layout and languange uncomment if you want this # Q GUI r # Q DELAY 500 # Q STRING powershell -windowstyle hidden Set-WinUserLanguageList -LanguageList xx-XX -force # Q ENTER # Q DELAY 5000 # Q STRING exit # Q ENTER LED G Change xx-XX to the original language on the computer if you want to revert back after the attack. /Blix
  10. We really need a fast and good solution to the language and keyboards compatibility problem.
  11. Dear Fellas, I try to change language before and after an attack to en-US as suggested here on the forum elsewhere (thank you). I am on a Danish keyboard on windows 10 set to Danish language. I am trying to QUACK the following: powershell -windowstyle hidden Set-WinUserLanguageList -LanguageList en-US -force but the output becomes: powershell +windowstyle hidden Set+WinUserLanguageList +LanguageList en+US +force In other Words, all minuses "-" becomes pluses "+". Once I have solved this little thing, I think it may be possible to get some of the scripts to run. I have tried for a few hours now, with different characters for the string, but I can never achieve a "-" minus-sign needed. (the BB frequently get bricked because of I assume it does not like certain characters, so I have had to reset it to factory three times already.) Any suggestions on how I can quack a "-" sign on my Danish keyboard BEFORE I change to en-US (since this is needed in that command). /Blix
  12. I am a client of yours, thank you for this support. But these guides you are referring to collectively say that certain characters (that are always needed in the scripts) can not be generated for non US target systems. Have I misunderstood this? The only partial solution I have seen works only for windows and that takes time and involves setting the target system language to US and then back. There is no solution for OS X, and the one for windows is not optimal. Can you confirm what you are stating above that we can just change language and these new maps can generate all characters? /Blix
  13. Possible problem: since the HID mode emulates a physical keyboard with 101 keys (US ANSI standard) and many other countries have the 102 keys ISO standard, it is not only a matter of changing the keyboard mapping. This may be a global problem, Hak5 can you respond with advice? It may be unsolvable? /Blix
  14. Dear Peter, Thank you for this answer. I can see that some of my questions are started to be solved in other threads here. I really appreciate your concern and that you took the time to answer. Let me know if I can help you with anything. If you are anyone else here would be interested in helping us all sort out this question that would be great: Which of these scripts that are available for the BB, will work and produce the expected result on a windows 10 box where the user is logged in but the computer is locked? /Blix
  15. Thank you for the insights you shared here above. You enumerate many important aspects to consider with any type of demonstration of tools that can be used both for good and for not so good purposes. I am still waiting to get my hands om the BB since it is in shipping, and I look forward to that. Apologies for a long post below, but my question above needs clarification: WILL THIS SCRIPT WORK IN SITUATION X? All scripts for the BB require specific circumstances for them to produce useful results on a given platform (e.g. android, OS X, windows, etc.). It would be extremely useful if we could help each other to clarify under what circumstances a certain script will "work" and produce the expected result. I have seen some other posts elsewhere asking for or implying that this kind of information is needed: - does this work on windows X Y Z?, - will the user need to be logged in?, - will this work on a machine that is locked?, - this does not work on machines with certain keyboard layouts, etc. It would be a waste of time if all users of the BB for themselves would have to go through e.g. the library and find out for themselves as there are hundreds of combinations of scripts and circumstances. So let us help each other with this in some good way. Any suggestions how this can be approached in general? Can BB-users be asked to contribute this kind of information to the scripts readme-files? WHICH SCRIPTS WORK MOST OF THE TIME? Furthermore, since there are many specific requirements that will have to be met for some scripts to work, there are probably some scripts that work most of the time in most circumstances for a certain plattform. It would be good to single these scripts out, e.g. "This script will work all all windows machines". So my question to the community is: Which of these scripts can I depend on to work most of the time, e.g. on all later windows machines, and under what circumstances will they work? SCIPTS THAT WORK IN A TYPICAL SITUATION LIKE WIN 10 LOGGED IN BUT LOCKED? A typical situation, is a windows PC that is running Windows 10 and that is set to automatic security updates and otherwise default settings. Since windows 10 has been around for two-three years now and we are on the final year for mainstream support for windows 8.1, I recon that windows 10 is a good typical target. Also, only few scripts on the BB seems to target OS X. I have understood from the forum that (naturally) many scripts work when the computer is unlocked, some when it is locked (but user logged in) and very few when the user is logged out. Hacking unlocked computers with physical access may not be very interesting for certain pen testing assignments or demonstration purposes, and very few scripts work when the user is completely logged out. Therefore, the middle alternative with a logged in user but locked computer with windows 10 seems to be an interesting target to aim for. The question is therefore; which of these scripts that are available for the BB, will work and produce the expected result on a windows 10 box where the user is logged in but the computer is locked? If we could sort these things out together, we could create optimized and time-efficient super-scripts that combined many of the "attacks" for specific platforms and circumstances. This would be very useful for pen testing assignments and demonstration purposes. Any ideas, comments and answers to the questions above are most welcome. Sincerely, Blix
  16. Dear RazorBlade, dear all, Thank you for your warm welcome! It is great that we have these forums so that we can exchange ideas and solve problems! It is not a matter of "know how to make payloads" or not. I am sure all on this forum can create, modify and combine payloads. Nevertheless, surely some here may have more experience with the Hak5 products and may be able to suggest interesting and demonstrable payload combinations that actually will work most of the time. I would be surprised if it was the only one in the world in need for a good demonstration payload - this can also be used for demonstrating to potential clients. So let us work on this together. RazorBlade, show us what you have got! What is your idea and take on this?
  17. Hi, I am new to this forum. Hello! Nice to meet you all! I am planning a hacking demonstration on national TV in my country and I want to show the bashbunny and what it can do on a live show. For this I need a demonstration payload which can be used to show what a hacker can do. Starting points: - assume windows laptop with recent and updated operating system - assume the "'hack" should be carried out on a computer that is on but possibly locked (with user logged in) - I have maybe 30 minutes in total, but this part should only take maximum three-fives minutes including showing the results of the hack and explaining what it means - the audience is the general public without any detailed technical understanding Ideas: - can we make a demonstration payload that can showcase some hacks that will work most of the time? - can this be a combination of payloads that results in e.g. Copies files, passwords, backdoor? - for the hack only one or very few files need to be exfiltrated to demonstrate - not all files. - ideally the demonstration should result in audience says "wow, that was incredible, can that really be done"? Solution and ideas - this is where I need you guys and gals. Any ideas? /Blix
  • Create New...