-
Posts
122 -
Joined
-
Last visited
-
Days Won
2
Everything posted by quentin_lamamy
-
Issue with Bash Bunny Mark 2 not being recognized on Kali Linux
quentin_lamamy replied to Intelkush's topic in Bash Bunny
Can you tell us which one ? -
payload Github Information Exfiltration
quentin_lamamy replied to quentin_lamamy's topic in Payloads
Just to mark the topic as solved -
Description : Exfiltrate github username and email Target : OSX Download : Github
-
whatever the way, the goal is to trigger payload run after downloading the new one
-
Just to mark it as solved
-
My bad, typing too fast, and my english not as good as i want ^^ If in command line bb is unmounted and mounted does it trigger the run of the payload like if you unplug the bb and plug it again ?
-
The best idea i have for you at the moment is to create a generic payload that download from an anonymous link like we transfer or whatever the real payload, store it on the BB storage, open a terminal on the host, unmount the bb and mount it. After your attack use the host terminal to delete your payload. If you set your dl link to one time use there will remain nothing "public" of your malicious payload This idea need to be tested, not sure for the mount unmount @dark_pyrro When unmount -> mount it is the same for the bb than remove it -> plug it in
-
and if custom protocol don't work, local agent running a web server do the work OR a regular desktop app or shell script
-
yes Edit: After some check seems possible without server, just register the custom protocol and do thing, will make a test after my work day
-
Need a local server to make hack5 payload "store" communicate with the bashbuny So that we can have an install button on for example (or in payload studio)
-
Need a staff info, don't know who know the roadmap More simple, just use arming mode and use the OS mount point to transfer file for ex on osx /Vollumes/Bashbunny
-
It's a still a need ? Can work on it. My idea is : A node js local agent or a local app (as you want) Add on the website install button that post to an url like bashbunny://payload/install , this king of button could be added to payload studio
-
Please be respectful, i just mention that your contact information are strange an sounds like a scam. Btw goodbye
-
Is this a scam ? Phone number (which is a bit weird) and discord (which is not a valid one) are the same
-
Description : Exfiltrate file or string through discord webhook Download : Github
-
My bad , There is the wait.sh extension that block the payload until switch change. Will resolve the use case too. Input serial nuber, change switch that trigger next steps
-
Discord exfiltration still have some issue, variable scope, escaping. Even with Korben explaination , i'm still a bit lost. What a hell ^^ But the basic usage, exfiltrate text and file works, just want to finish cosmetics with discord embed message feature
-
Hi, yes if it just need some predefined keyboard input. But if , like on lot of computer your need "perfect" timing to go in bios it will be difficult As far as i know, no, But Bashbunny have a switch and if i remember well (need validation from other people of the community), you can detect the change, and it can be the trigger of the next steps after entering your computer id
-
nop it's just an improvment, it works with empty var but it not so powerfull than default value And i have 2 extension at 99%, a discord exfiltration , and a osx extension with lot of system features
-
I did not ask on discord for this issue but i can. But i don't want to ask more than 20 question a day on discord XD
-
What is the process to send this issue to support ? Issue on github ?
-
it's part of an extension, i want, when $5 argument not set to replace it by a default value
-
Hi, In my extension i am trying to set default parameters, i try this but doesn't work "MYFUNC") if [ -z $5]; then $5=${1:-"foo"} fi # HERE DO SOMETHING COOL ;; But it don't work, I'm sure it's possible but i'm not very familiar with bash, i'm a backend developer not an admin sys ^^
-
As expected the same thing as Q STRING <, get stuck with my LED ATTACK
-
Hi, According to the documentation the Q STRING command argument don't require quotes. During my work on an OSX layout for bb i discover this strange behavior : LED SETUP ATTACKMODE STORAGE HID LED ATTACK # Line 5-12 are just test to check if the command works well with and without quote # and that this behavior are the same on the short QUACK command QUACK STRING Hello World Q ENTER QUACK STRING "Hello World" Q ENTER Q STRING Hello World Q ENTER Q STRING "Hello World" Q ENTER Q STRING "<" Q ENTER Q STRING < Q ENTER LED FINISH Produce : Hello World Hello World Hello World Hello World < I expected Hello World Hello World Hello World Hello World < < < The bashbunny get stuck on line 15 (line 14 has been executed), my led stay in LED ATTACK forever. Seems that using the STRING command with symbol without quote make the bunny sick (i have made the test with others symbols). When trying to press the [<] key it the same it's stuck LED SETUP ATTACKMODE STORAGE HID LED ATTACK QUACK STRING Hello World Q ENTER QUACK STRING "Hello World" Q ENTER Q STRING Hello World Q ENTER Q STRING "Hello World" Q ENTER Q STRING "a" Q ENTER Q a Q ENTER Q STRING "<" Q ENTER Q < Q ENTER LED FINISH Is there something i miss understood or it's an issue ?