Jump to content


Dedicated Members
  • Content Count

  • Joined

  • Last visited

  • Days Won



About PoSHMagiC0de

  • Rank
    Hak5 Ninja

Contact Methods

  • Website URL

Profile Information

  • Gender

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. If you install tools, they will be on the local Bunny drive located at: /tools They will each have their own folder. Delete what you do not want in there.
  2. Yes you can. You need a way to server the scripts and conditions setup either in the cradle that handles running the script on the local machine or code at the end of each script to run the next. I hate tooting my own horn but that is exactly what the outdated BBTPS does. You can use it or use it as an example of something like that would work. Of course it is just an automated way how other post exploit frameworks work like Empire, Metasploit or Convenant. You create a server with node, python, etc that runs on BB, you quake a command to call server to get first script which s
  3. So the man got himself a new pineapple. No better person for it. Now with Zylla having his early Xmas gift, the module repo may start growing heheh. Yeah, when it came to bettercap I have only used it outside of the pineapple. Like on the machine the pineapple is tethered to and just using the natural MiTM already there to use for bettercap (no arp spoof, no need). Just have to remember to override the interface with the pineapple interface and the gateway with my real gateway. Will through an error about not finding MAC of gateway but ignore since only needed for arp-spoofing
  4. Hey, posted this on Discord but the wp7.sh script has a couple of typos. At the top here are the variables it is using. wpver=7.0 spineapplenmask= spineapplenet= spineapplelan=eth1 spineapplewan=wlan0 spineapplegw= spineapplehostip= spineappleip= sfirsttime=1 But under the connect function the pineapple netmask variable is missing the "s". function connectsaved { if [[ "$sfirsttime" == "1" ]]; then printf "\n Error: Settings unsaved. Run either Guided or Manual setup first.\n"; menu fi ip
  5. The BBTPS I wrote has a means for you to report back to it from your payload to grab additional jobs/payloads. Good for cases where you want to check if it is safe to pull down possible detectable code if it is safe..like no AV. Also to check if a victim meets conditions before pulling down a larger script to run. I been sidetracked and done very little with newer version converted from nodejs to golang for the server and the update the SMB part for file exfiltrations but that should give you some ideas for what to do with it. Also wanted to add quack back for smarter Admin dete
  6. Welp, it checks to make sure you are in the local administrators group. Now, I can see an issue ensuing in the way I am checking this since I am directly checking the local group, If you are added to Administrators group via another group, it may not see you. You can remark out the check if you want to test for yourself, the code is commented. Anyway, if your name is not in the local administrators group, it will just exit. Also, it checks for a specific version number of Windows. Will run if Win10 or greater or if version 8.1...specifically major version 6.3 it looks like. I was goi
  7. Just retested. It works. You have to be a local admin on the machine first before you run this. It will not warn you or do absolutely anything if you are not. This is not a priv escalation from a unprivileged user to admin. This is to bypass UAC. UAC is that prompt you get when you are on as an admin and need to run something that requires elevated rights so it greys out the screen with that "are you sure" message. It is Windows version of sudo. For automated tasks where keyboard access is not there this is very helpful since you will not be able to click "yes" via code.
  8. Sounds like a simple masquerading NAT rule except for the forwarding part you set the default policy to drop and then set rules to allow your specific IPs through. As long as the outgoing interface is on that 10.10.10.x network, masquerade will assign it the IP of that interface. If you are blocking incoming from that outside interface by default then you will need a rule to allow the status mode of ESTABLISHED,RELATED to get through. Lookup iptables and masquerading or setting up a linux machine as a router with iptables. If you have not played with iptables to that extent.
  9. Lol, this isn't a Darren issue. It is MS doing their due diligence and fixing an issue. If you want to get hashes from locked machines, you will need to come up with a new method....not Darren. He has given you the tool to use whatever you come up with. Use it damnit.
  10. Welp, I mentioned awhile back on the correct way to create Powershell payloads/scripts that are easily transportable. That method is to make them as functions. This is a function. When you ran that, it created the function and stored it in memory. To run it, you have to run the function name with the parameters. The file method needs to local location of the ps1 file to be ran. The encoded way needs the powershell commands you want to run encoded as base64 unicode encoded (like if you were going to run the encoded powershell commands with the "powershell /E" way). So, if you
  11. Don't know or remember what I added but ok.
  12. "\$" escapes question mark. "\\" escapes back slash. "\\\$" escapes back slash and question mark.
  13. I do know if the BB comes up as a new device, Windows 10 will attempt to locate drivers for it. This can include looking up on Windows update which can take some time. After the drivers are install if you do the same combo attack again, it should be faster since now the machine as the drivers. There isn't way around this unless you preload the required drives before inserting the BB. HID is is normally fast but I noticed on machines I have not inserted the BB in yet if I use the dual HID Ethernet or ethernet it will take some time to find drivers for it before it is available for use.
  14. Try deleting the reponder folder under "/tools/" on the root of the BB system drive and then try reinstalling the responder.deb tool again by copying to the tools folder on the BB arming mode partition, safely ejecting and reinserting the bunny. File should vanish from the tools folder there an end up install in the tools folder on the BB system drive. See if that works.
  15. The P4wnpi is running raspian also so it is a general arm distro and has all the deps available for meta and stuff in their repo.
  • Create New...