Jump to content

jafahulo

Active Members
  • Posts

    69
  • Joined

  • Last visited

Posts posted by jafahulo

  1. 1 minute ago, quentin.lamamy said:

    Yes that was the question ^^

    All the conclusion i have drawn from my test and wrote on my post are right.

    yes, what you have written on your post is correct.

    Again, I apologize for any confusion I've caused.

     

  2. On 8/13/2017 at 10:39 AM, Dviros said:

    Hi!
    I've been working with my Bash Bunny for the past week and everything was good.
    Today it stopped working properly and completely disregard the delays I've set in my payload (even 5000 delay gets executed instantly).

    I've used the Bash Bunny Updater and it's the same. Also, different payloads are acting the same.

    Any idea?

    Thanks

    I've always used delay like so:

    Q DELAY 1000

     

  3. 18 hours ago, Dave-ee Jones said:

    I'm assuming it's in the Github repo?

    Also, do you plug your Bunny in, wait for the script to start and pull the Bunny out and it'll still keep going or do you have to leave the Bunny in?

    This is correct, I made a PR yesterday. In regards to the second question see below:

    17 hours ago, PoSHMagiC0de said:

    I'm curious if this is a stand alone or requires bunny connection to run.

     

    Cool feature is to have ti stand alone and run in background, pull the pic, save a copy under a different name and then use a copy of under the original name as the wallpaper.  Check in a certain time interval if the wallpaper has been changed from what you had and if so then use the backup to make a copy to the original d/l name and set it as wallpaper again.  :-P

    I would make it a two fer.  Get 2 pics, second is the original modified with text saying "and the ponies keep on coming" or "Stampede".  That will be the pic that will be set after the first is unset as wallpaper...or tile it  :-)

     

    This is a stand alone prank. All you have to do is plug the BB in for ~10-15 seconds and then yank it once it's ran the script on the computer. The computer will - on it's own - run my script in the background which includes downloading the pictures (saving them to the /tmp directory) and setting those pics as the desktop background.

    10 hours ago, Dave-ee Jones said:

    Could make it randomly flash from one to the other every now and then? So for maybe 5 seconds it will pop up with the text one, then revert back as if nothing ever happened, both being the same wallpaper so it's mildly noticeable but just freaks the user out :P

    Hahaha, thanks for the ideas @Dave-ee Jones and @PoSHMagiC0de!!! I'll definitely work on implementing those when I get time!!!

    • Upvote 1
  4. Hey all, 

    I spent last night coming up with a fun prank that Runs a script in background that will download pictures of my little pony (or whatever else you'd like, just change the urls to the pictures) and randomly sets that as their desktop background every 45 minutes - 5 hours. You can change number in for loop to decide how many times it will change their background.

     

    Hope y'all have fun with it!

     

    EDIT:

    Link to PR: https://github.com/hak5/bashbunny-payloads/pull/236

  5.  

    I'm wanting to take an idea from this TED talk, which talks about converting information into a form that the brain can decode and understand subconsciously, and apply it to gaming.

    I think I'm going to want to view RAM in real time, convert it locally on the computer, and then ship it off to an Arduino which will then output it to vibration motors.

    I want to experiment with:

    A) Dumping all of the RAM in real time to an Arduino to spit out on vibration motors, and

    B) Dumping only the RAM for specific processes

    I've seen RAMMap, but that looked more like a RAM analyzing tool, not something that could view RAM in real time to be exported to an Arduino.

    Does any one have any ideas on how I can view RAM in realtime? If you have thoughts on any other part of the project, let me know!

    Thanks!

  6. I was scrolling through some forums trying to figure out a silent way to run scripts, and I found someone talking about how you can setup a file on the disk that windows will automatically run as soon as it finds the file. I can see this being an awesome feature / ability to have, where instead of having to open up the run dialogue and printing code, the victim already has instructions to run a predefined file on the BB.

    I'm assuming you could spoof a dvd drive the same way you could a keyboard, or a mass storage device, but there might be complications seeing as most dvd drives are hard wired into computers and don't connect through usb. I know some machines come setup to ask you what you want to do with the disk, but I've used several computers that don't require you to do anything, and the auto run programs on the disks will just run.

    Anyways, I think if this could happen, this would be a huge advantage and we'd be able run scripts soo easily on victims.

  7. Hey all, I'm looking to buy a LT, but I had a few questions, and wanted your guys' thoughts on the ups/downs of the LT.

     

    My first question is heat management. Does this heat up? If so, has it ever become a problem for anybody? I'm somewhat concerned because my Bash Bunny get pretty hot if you leave it running for too long.

     

    Second, for those who have been apart of the community since the beginning of the LT, what's module development looked like? Is the community active? or have things stalled? I ask this because I'm wondering if there are projects that I can contribute too, when I get a LT.

     

    Thirdly, what has your guys' experience with the LT been? Good/Bad? Inbetween? How often do you guys use it?

     

    Thanks!

  8. 9 minutes ago, VincBreaker said:

    UPDATE: https://github.com/Vinc0682/bashbunny-payloads/tree/master/payloads/library/phishing/WinKeylogger

    The payload:

    • Is now faster (thanks to @jafahulo)
    • Now supports exfil via a webserver, just copy the backend.php to a server supporting PHP and copy the URI into the powershell script
    • Also, the've been some major changes to the keylogger to make adding future exfil methods (like the wip SMB exfil) easier.

    I'm pumped to try it out! As an fyi, I'm going to work in my spare time on completely hiding the PowerShell window so the target will only see the Win + R box.

    • Upvote 1
  9. 3 hours ago, RazerBlade said:

    Instead of a smb server, just use a simple python HTTP webserver which is able to receive POST requests

    I have no experience with either, though I'm wanting to do a project that involves them. What are the advantages of an http webserver vs a smb server?

  10. 3 hours ago, RazerBlade said:

    A improvement to this would be to add 

    
    -windowstyle hidden

    During the attack phase so it looks like this

    
    RUN WIN powershell -windowstyle hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\b.cmd')"

    This way the powershell script is hidden. To improve the keylogger, I think you should look into powersploits keylogger: https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-Keystrokes.ps1

    As it's able to capture the programs title (says a lot about what website a user logs in to for instance) and adds timestamps to. Maybe incorparate it? Overall your key logger is very simple and does the job very good. Impressed!

    In regards to hiding the window, it does that already.

  11. On 3/17/2017 at 8:54 AM, graythang said:

    I got it to work. 

    Short answer: use root@bunny:~# route add default gw 172.16.64.(octet assigned to your BB by the mac)

    so for mine it was root@bunny:~# route add default gw 172.16.64.10

     

     

    Long answer

    I had the same problem described by HipCrime above.   after scratching my head for a minute and rebooting the mac and trying all the suggestions in the post I finally went back to the basics (always do it by the numbers when your stumped).

     

    So I connected up the BB opened a term on the mac and check ifconfig to see where the BB IP-addrs was set

     

     

    next I check networking to see if it matched and to see what the other settings were (originally the DNS server was set to 172.16.64.1 , i set it to 8.8.8.8 to match what was in the BB /etc/resolv.conf).  

     

     

    Next I ssh into the BB using ssh root@172.16.64.1

    in a separate shell on the mac I started tcpdump on the BB interface (in my case en10)

    tcpdump -i en10

    back in BB land I ran netstat -r to see the route table and watched the tcpdump action

    looking in the tcpdump window I see ARPs for 172.16.64.64

     

     

    and the route table on BB shows:

     

     

    Which can't be right for ICS because ifconfig on the mac shows 172.16.64.10 as the interface and while I get why the OS X networking UI would show 172.16.64.1 as the router, I didn't get where the 172.16.64.64 in the BB route table came from. The BB's default route should point to the interface assigned to it in OS X (in my case the 172.16.64.10 ip).  so a quick 'route add' later and the BB was up and connecting like a champ

     

     

     

    hope this helps :)

    This worked perfectly, thanks! Only downside is that you have to run it each time the bb boots.

    • Upvote 1
  12. 10 hours ago, PoSHMagiC0de said:

    That one melting you had was enough for me to consolidate the tool approach hehe.

    I had to install mini heat sinks and fans in my raspberry pi rats I have because if I work them those chips heat would skyrocket.  I assume if you put a load on this thing, it would probably melt any of them over time.  I think you said you had your just chilling there. hehe

    Hahaha, yeah same. I don't think this thing'll melt unless it's working hard for an extended period of time, while plugged into a computer that's pumping some heat into it as well.

  13. 55 minutes ago, PoSHMagiC0de said:

    Nice simple keylogger.

    A cool addition I can think of is have an optional parameter for a remote location in case you have to disconnect the BB.  When it detects it cannot save to the BB anymore it can start saving to the remote location if it is set.  If that vanishes then it can quit or quit if there is no optional remote and BB disconnects.  I always consider the BB as a tool not to be left for too long (especially with the heat it builds up).

    Yeah, I totally agree. There should be an optional remote location. Again agreed on the idea that the bb is a tool, not something to be left in the computer. My bb had a defect and ended up melting b/c of the heat, but I doubt that would happen to other bash bunnies.

  14. Great idea, but I think I have a few improvements.

    I cut everything down to l.ps1 and payload.txt, and made it so that only one window is opened. 

    I did change the parameter for CLEANUP to be 0 if you don't want it to run, and anything else if you do want it to run.

     

    Also I noticed some general weirdness going on when I was testing, mainly when I was typing quickly it would log some of my keystrokes out of order, but 98% of the time it worked great!

     

    An interesting feature would be to implement a SMB server instead of mass storage so that it was less obvious what was going on. I think BashBunny listed in the drives list is a bit of a dead give away, but an extra network connection would probably go unnoticed for a larger portion of the time.

     

    Good job with this one!

    payload.txt

    l.ps1

    • Upvote 1
  15. I'm starting to look into it, but I wanted to hear what everyone else thought, but what are the possibilities with using the serial attackmode? The first thing that comes to mind is just communicating with the bb regarding where the computer is in the payload, but there's gotta be more you can do with it!

     

    Lemme know your thoughts!

  16. 8 hours ago, Sebkinne said:

    The Bash Bunny should not overheat under normal conditions. The Bash Bunny has a some heat dispersing gel on some of the chips, a heatsink is not required (the units in seen in the video are pre-production units to which I badly soldered some serial leads). There should be no need to drill holes in the case.

    I have also made this PSA before, but putting the Bash Bunny into a new case can be risky because of the high heat. 3D printing for example is probably not a good idea as that will most likely melt or warp under normal operating temperature.

    Saying that, if your Bash Bunny melted, that's probably due to a hardware defect and it should be exchanged (https://hakshop.com/contact). We'll of course replace them.

    awesome, thanks! I submitted a request.

×
×
  • Create New...