This is a challenge to whomever will take it (I've noticed some OPs languishing for lack of ideas, but I'm an OP languishing for lack of skill).
After seeing the capabilities of Ian Haken's BlueBox (https://github.com/JackOfMostTrades/bluebox), I was inspired to find a way to port it or remake it for the Bash Bunny.
Seeing that Microsoft "patched" the vulnerabilities exploited by the BlueBox, I'd like to see what else could be gained by plugging a rogue DC into a locked computer. The challenge is to make a Bash Bunny payload that mimics an easily configurable domain controller to accomplish things like:
- Lockscreen bypass
- User-to-Admin Privilege Escalation
- Arbitrary registry edits via Group Policy
See also:
https://www.blackhat.com/docs/us-16/materials/us-16-Beery-The-Remote-Malicious-Butler-Did-It-wp.pdf