Jump to content


Dedicated Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About PoSHMagiC0de

  • Rank
    Hak5 Ninja

Contact Methods

  • Website URL

Profile Information

  • Gender

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. It is indeed not a good idea to move the switch while the BB is working. With that said, this is only precautionary since most payloads do not require you to mess with the switch while they run and doing so will only change mid range what switch folder to look payloads. Example. If you move the switch from position 1 to 2 before the BB boots up to run payload.txt then payload.txt from switch 2. The switch position also dictates with get_switch returns so moving it mid payload when the payload is not designed for it may cause it to look for stuff in another switch folder. Hope-eye is a payload invented to let you know when it has passed its boot phase and entered the payload phase and is now safe to move the switch to select a payload pre-programmed. Example is it marks what switch position you currently are in and then begins an interval of light colors representing payloads leaving 1 second wait to give you time to move switch when payload you want comes up. It looks after the wait for a change in switch position. If changed, that payload is ran but it uses the old switch position it saved to find all the stuff it needs in the current switch folder. Lets just say the way it is done is safe.
  2. The issue with the BYOD is right now if they did offer something it would just be reverse shell into the device. The reason the Pineapple has more options mainly because it has an API that they can talk to and they already have the code for the interface so I can see it just being a reverse tunnel with the C2 speaking to the API. So...I would say if you want the C2 to support your device or something on your device...give Hak5 something to interface with like an app. Now, say you want to interface with the Raspberry pi version of Kismet which has an API. That would give them some target. Just having it connect to a Pi would be the same as just setting up your own reverse SSH since Hak5 has no product for the Raspberry Pi except for the C2 server itself.
  3. I believe port 443 is for you to connect to the C2 and the SSH port 2022 is for the devices to connect back.
  4. If I do not compile my go apps in the alpine docker container I get the same error. Here is the fix below. Build a new container with this one additional line. RUN mkdir /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2 Enjoy.
  5. AV will trigger because the payloads that are copied to the BB are tagged as bad by AVs. Mimikatz is a password grabber bit is a payload for the BB to get passwords. so, yelp it will trigger bit if you are using the updater from the official site then it will just be copying them to the BB. If you are worried, you can always do the updating manually.
  6. Well, I guess this was coming. Google wants to break ad blockers in Chrome and do not care if they piss off their users. Looks like I am going full blown firefox. https://www.forbes.com/sites/kateoflahertyuk/2019/05/30/google-just-gave-2-billion-chrome-users-a-reason-to-switch-to-firefox/amp/
  7. This is a Powershell module I have been using for a while now. Figured I will share it here. The git readme is thorough enough to explain how it works. Cool features it has is if you are planning to run your finished script as a command from the command prompt then it warns if you are over the character limit. https://github.com/danielbohannon/Invoke-Obfuscation
  8. Awesome. I would only add 1 thing. A require_tool impacket. Smbconnection requires impacket.
  9. In the payload.txt put in: export DEFAULT_DELAY=XXXX I do not know if that will work and was hoping one of the Hak5 folks would chime in with a yes or no if it is possible since I do not see it in any of their documentation of the Bunny and they wrote the Q/Quack command, but do not think that is going to happen. After looking through all the above, I am seeing you are going to need to do some reading up on what the Bash Bunny is and maybe mess around with a linux virtual machine. The BB is a Linux machine in a USB stick.
  10. Yeah, I have been having issues getting my not-domain joined, updated Windows 10 machine to take SMB connections into it unless I screw with the token setting in registry. So, I assume this is an enterprise payload unless the home user/friend you are picking on is knowledgeable, have Win10 pro and setup a home domain or edited his machine to behave as a domain joined machine. I was going to work on an impacket implemented payload (use the actual library to make my own suing smbconnection library to spawn through connections. You could even skip the nmap scan since SMBConnection will throw an error if it cannot connect. Since there is a fast PoC out there already, I am going to move on to working back on my own tool since I have a week off this week. Going to use Go on the BB. Anyway, yeah, it is cool he got MM going on the BB but I knew there would be overhead.
  11. Remember that any other features and payloads can be added on your self to be ran once/if access is gained. The base payload should stay as is and just take improvements to how it works. Hmm, how fast does this payload spin up with metasploit? Wondering if the same bruting could be done with impacket's smbclient?
  12. Nope. I mean there might be an environment variable on the bunny you can set. Or..it may not exist in the Bash Bunny version.
  13. Bash. The commandline shell for most Linux systems like Bat files for Windows.
  14. Not really. no need for it since it is the Bash Bunny. You can probably do something like that with BashFu. Maybe they turned it into an environment variable on the Bash Bunny you initialize.
  15. Hmm, just started trying it out and doesn't work half bad. I only made a web forensics image from the kali image but plan on doing one for wifi abd testing out the privilege flag to see if it works for direct access. Also, to push the net stack I may try yersinia commandline version. Yersinia sometimes crashes my net stack when I run bare metal doing dhcp exhaustion. Lets see if it breaks faster in a docker container hehe.
  • Create New...