Jump to content

jafahulo

Active Members
  • Posts

    69
  • Joined

  • Last visited

Everything posted by jafahulo

  1. yes, what you have written on your post is correct. Again, I apologize for any confusion I've caused.
  2. I've always used delay like so: Q DELAY 1000
  3. Oh, my bad. I think I misunderstood. I thought you were asking if there was any way to run commands on the target computer without having to open a shell.
  4. You can run unix commands in the payload - those will run on the bb itself, not the target computer. (someone correct me if I'm wrong) If you want to run commands on the target machine, you will need to open a terminal on their computer.
  5. This is correct, I made a PR yesterday. In regards to the second question see below: This is a stand alone prank. All you have to do is plug the BB in for ~10-15 seconds and then yank it once it's ran the script on the computer. The computer will - on it's own - run my script in the background which includes downloading the pictures (saving them to the /tmp directory) and setting those pics as the desktop background. Hahaha, thanks for the ideas @Dave-ee Jones and @PoSHMagiC0de!!! I'll definitely work on implementing those when I get time!!!
  6. Hey all, I spent last night coming up with a fun prank that Runs a script in background that will download pictures of my little pony (or whatever else you'd like, just change the urls to the pictures) and randomly sets that as their desktop background every 45 minutes - 5 hours. You can change number in for loop to decide how many times it will change their background. Hope y'all have fun with it! EDIT: Link to PR: https://github.com/hak5/bashbunny-payloads/pull/236
  7. I'm wanting to take an idea from this TED talk, which talks about converting information into a form that the brain can decode and understand subconsciously, and apply it to gaming. I think I'm going to want to view RAM in real time, convert it locally on the computer, and then ship it off to an Arduino which will then output it to vibration motors. I want to experiment with: A) Dumping all of the RAM in real time to an Arduino to spit out on vibration motors, and B) Dumping only the RAM for specific processes I've seen RAMMap, but that looked more like a RAM analyzing tool, not something that could view RAM in real time to be exported to an Arduino. Does any one have any ideas on how I can view RAM in realtime? If you have thoughts on any other part of the project, let me know! Thanks!
  8. So, who's gonna be getting this monster of a processor? https://techcrunch.com/2017/05/15/intel-could-be-about-to-release-a-very-expensive-core-i9-cpu/
  9. Amazon Lightsail is a great option. https://amazonlightsail.com/?sc_channel=PS&sc_campaign=acquisition_US&sc_publisher=google&sc_medium=lightsail_b&sc_content=lightsail_e&sc_detail=amazon lightsail&sc_category=lightsail&sc_segment=179121286450&sc_matchtype=e&sc_country=US&s_kwcid=AL!4422!3!179121286450!e!!g!!amazon lightsail&ef_id=WLEE1wAAAF4-gjd5:20170516005033:s
  10. Tickle me impressed/excited to try it out!
  11. I think I'm missing something here, but how does this improve upon the current DumpWiFi Creds payload?
  12. I'm curious as to whether anyone has ported Fluxion to the pineapple. I could see that being a really easy and quick tool to set up and use on the pineapple if it were a module. I haven't tried making any modules yet myself, mainly due to lack of time, but how hard to y'all think it would be to port it to the pineapple? https://github.com/wi-fi-analyzer/fluxion
  13. I was scrolling through some forums trying to figure out a silent way to run scripts, and I found someone talking about how you can setup a file on the disk that windows will automatically run as soon as it finds the file. I can see this being an awesome feature / ability to have, where instead of having to open up the run dialogue and printing code, the victim already has instructions to run a predefined file on the BB. I'm assuming you could spoof a dvd drive the same way you could a keyboard, or a mass storage device, but there might be complications seeing as most dvd drives are hard wired into computers and don't connect through usb. I know some machines come setup to ask you what you want to do with the disk, but I've used several computers that don't require you to do anything, and the auto run programs on the disks will just run. Anyways, I think if this could happen, this would be a huge advantage and we'd be able run scripts soo easily on victims.
  14. Dude, you're profile pic is lit

  15. Hey all, I'm looking to buy a LT, but I had a few questions, and wanted your guys' thoughts on the ups/downs of the LT. My first question is heat management. Does this heat up? If so, has it ever become a problem for anybody? I'm somewhat concerned because my Bash Bunny get pretty hot if you leave it running for too long. Second, for those who have been apart of the community since the beginning of the LT, what's module development looked like? Is the community active? or have things stalled? I ask this because I'm wondering if there are projects that I can contribute too, when I get a LT. Thirdly, what has your guys' experience with the LT been? Good/Bad? Inbetween? How often do you guys use it? Thanks!
  16. I'm pumped to try it out! As an fyi, I'm going to work in my spare time on completely hiding the PowerShell window so the target will only see the Win + R box.
  17. I have no experience with either, though I'm wanting to do a project that involves them. What are the advantages of an http webserver vs a smb server?
  18. In regards to hiding the window, it does that already.
  19. This worked perfectly, thanks! Only downside is that you have to run it each time the bb boots.
  20. Hahaha, yeah same. I don't think this thing'll melt unless it's working hard for an extended period of time, while plugged into a computer that's pumping some heat into it as well.
  21. Yeah, I totally agree. There should be an optional remote location. Again agreed on the idea that the bb is a tool, not something to be left in the computer. My bb had a defect and ended up melting b/c of the heat, but I doubt that would happen to other bash bunnies.
  22. Great idea, but I think I have a few improvements. I cut everything down to l.ps1 and payload.txt, and made it so that only one window is opened. I did change the parameter for CLEANUP to be 0 if you don't want it to run, and anything else if you do want it to run. Also I noticed some general weirdness going on when I was testing, mainly when I was typing quickly it would log some of my keystrokes out of order, but 98% of the time it worked great! An interesting feature would be to implement a SMB server instead of mass storage so that it was less obvious what was going on. I think BashBunny listed in the drives list is a bit of a dead give away, but an extra network connection would probably go unnoticed for a larger portion of the time. Good job with this one! payload.txt l.ps1
  23. I'm starting to look into it, but I wanted to hear what everyone else thought, but what are the possibilities with using the serial attackmode? The first thing that comes to mind is just communicating with the bb regarding where the computer is in the payload, but there's gotta be more you can do with it! Lemme know your thoughts!
×
×
  • Create New...