HeadScratchCode
-
Posts
11 -
Joined
-
Last visited
Posts posted by HeadScratchCode
-
-
Sometimes I have issues with Q LEFT/QUACK LEFTARROW when running scripts. Even by increasing the DELAYs I'll sometimes find the script hitting ENTER on 'no'.
It's not the worst problem in the world, as I just press the left arrow myself, but it's more ideal for the script to do the whole job.
Anyone else have this issue and know a solution?
-
The best VPN is always the one that has good encryption and where the owner of the service isn't based in your country under those laws. The price is secondary.
I use a VPN service by Astrill. They are based in Sweden, which have different laws to the US. So, that gives the extra piece of mind about the government strong-arming them for your info. That's the kinda things to think about before you get attracted to cheap monthly/yearly prices.
-
This is one of the best payloads. Even if you can't snag the plain text (windows 10) you still get the password hashes. If you can't get it working. just add a few more DELAYs.
As, I'm in China, I have to add Q SHIFT once it opens the terminal. This is because many systems use a pinyin input method that switches back and forth from English to Chinese by pressing SHIFT. If I don't, the terminal will fill up with Chinese characters.
Great payload dude!
-
19 hours ago, digip said:
Cool beans, glad you got it working.
TIP: if powershell is disabled on a system (like I have it on my system with GPO) you can change the "+STRING POWERSHELL" to "+STRING cmd /k powershell", for which then there would be two exits needed. I only mention using cmd in the event powershell is disabled, while cmd is still open. You can set a group policy to disable both cmd and powershell too if you want to defend against this kind of attack using gpedit.msc, but only on Windows Pro and above versions. Home users would have to use a registry edit to do the same thing since gpedit is not available to them on home editions. These are smaller mitigations, as there are VBS and other scripting languages you could use as well, but cmd and powershell user environments can be disabled which is 99% of the HID based attacks you will see.
I've made a note of your tip. Appreciate it!
-
Hi guys, sorry for a late reply. I couldn't reply for some reason.
20 hours ago, b0N3z said:did you download the tools from the forum post labeled tools? also the tools will not show up in the /root/tools folder after they are installed, you will have to ssh or serial in to see with in /tools not /root/tools. FYI gohttp will not show up in this file even after you install because it installs somewhere else. Seb made a post about it on the Tools post.
Yes, from the post labeled 'tools' I did download gohttp. Along with this, I downloaded responder_2.3.3.6-2 which is not from that same 'tools' post, but from the main QuickCreds thread. The reason I did downloaded responder_2.3.3.6-2 instead of the one Seb's posted one is because it solves the problem of QuickCreds being stuck in a responder loop (Amber light continuous flashing). I miss spoke when I said the tools folder in root. I should have said: after logging in as root via SSH, then cd.. , then cd tools, responser & gohttp are not there. Not I figure that the responder I tried to install just doesn't work, & as you mentioned, gohttp won't display in /tools anyway. I tried to install impacket, and it worked fine, so there is no installation issue after all - I guess. However, I could install responder_2.3.3.6-2 before I upgraded to the latest firmware, and it did solve the QuickCreds issue that a few of us are having, so ideally I wish that this version of responder would install. I guess I now need to find another solution to get QuickCreds working - but that's for another thread.
9 hours ago, Dave-ee Jones said:The post b0N3z is talking about is here.
Yes. Thanks for helping.
Thanks everyone.
Overall: There is actually no installation bug, as gohttp won't show in /tools anyway & responder_2.3.3.6-2 doesn't install (it seems).
-
I recently upgraded the bash bunny to version 1.3_264
After following the install tools method, the tools don't appear in /tools. I first downloaded the tools, put them in the tools folder of the bash bunny while it was in arming mode. Plug it back in again on arming mode, the magenta LED display as it is meant to. After this process finished, there were no tools to speak of in the /tools folder in root via SSH. Therefore, QuickCreds won't work.
Any ideas?
Thanks.
-
Solved it! Just needed to increase the DELAY time after it sends the email.
Appreciate your time trying to help.
-
The script opens straight into powershell.
Here's the full code:
-
I think I'm having the same issue as the comment above, but I'm unsure how to fix it. Successfully continuing past the IEX string fails. The image below displays the problem.
Would be graterful for any help in finding a solution. Thanks, guys.
-
I'm having trouble writing a powershell script that will 'exit' the terminal after running the code. This problem occurs when using a Quack script on the Bash Bunny.
Here's the end part of the Ducky script into that I wrote:
QuoteSTRING del ip.txt
ENTER
DELAY 100
STRING exit
ENTER
I pretty sure that's correct, and it should exit after deleting a file called ip.txt However, no such luck.
What I have tried to solve the problem:
- STRING EXIT
- STRING Exit
- STRING exit;
- STRING del ip.txt; exit;
But, no of these make a difference. I even checked a Ducky script written by DarrenHak5 who has the same way of exiting the powershell terminal. So, I can't understand why it's not working for me. If I manually type exit it will do so, if the HID type it, it will not exit.
Guys, do you have any suggestions?
Thanks
(SOLVED) Cannot SSH into BashBunny from Debian/Linux Host
in Bash Bunny
Posted
If you're doing it on Linux Debian, you should set the payload to RNDIS_ETHERNET
From my experience it doesn't work if I use ECM