Jump to content

kuyaya

Active Members
  • Content Count

    107
  • Joined

  • Last visited

  • Days Won

    2

About kuyaya

  • Rank
    Hak5 Elliot
  • Birthday April 8

Contact Methods

  • Website URL
    https://github.com/githubkuyaya/

Profile Information

  • Gender
    Male
  • Location
    Swiss
  • Interests
    eat, yeet, repeat

Recent Profile Visitors

431 profile views
  1. Hey, great you found your way to the Hak5 Forum. What really confuses me are those several points (how they could do this): 1. I assume that you have 2-Factor Authentication on, else you would be really dumb. Sorry but this is your banking account. It is hard to trick 2FA but it can be done, for example with a phishing site that also crabs your cookies. That means they got your cookies and the cookies tell your E-Banking website that you've logged in 2 minutes ago and you don't have to do 2FA right now. 2. I'm not an expert, but I think it is really hard to trick the ip address and that it still fits with the geological place. Idk how they did it, but I have an idea. My theory on how they did this: I think you got tricked and they got access to your pc. Else, I couldn't imagine how they should trick all systems. My guess: they got your login password of your computer somehow. How did they got it? I don't know, maybe you got phished and your facebook password is the same as your computer password. Or they phished your Microsoft password, and with that they can also login to your computer. You can remotely log into a computer as long as you have the login credentials and the other computer is turned on. After they got access to your computer they logged into your banking account from your computer. Idk how your settings are but some people don't have to do 2FA from their personal devices each time they log in. How did they got your bank password? That's easy if they have access to your computer. 2FA is very important. That would also explain why it came all from your IP-address and your location. Because it was your computer who did it, he was just remotely controled. What I recommend you to do: First of all, let your antivirus do a full scan of your computer. Maybe they did place a keylogger on your PC in case you would reset your passwords. If that would be the case, they would also have the new passwords, which would make your whole security crumble. Sometimes keyloggers also don't get detected by AV's, so be sure to look at the processes on the task manager from time to time and check if there are some suspicious apps running. Second: Untrust all devices you have. By that I mean that your phone probably knows that your computer is a trusted device and won't message you if someone logs into a account of yours (from the computer). I would reset all passwords, untrust and re-trust your devices, and turn all possible security features on (for example 2FA). Just do a reset, like you would buy a new phone. I don't mean to do a factory reset or delete all files, just renew your accounts and passwords. I know this is a lot of work and it is very boring, but it is only for your security. If you see again suspicious activity on your banking, immediatly block it. It saves you a lot of money and work. let me know if there is anything else you would like to say cheers
  2. Great, update is out! Now you can rely on the LED FINISH. I did this with a very easy while loop. You can look it up in the payload.txt. But that didn't work and I asked myself why. Then I did research and I found this post. This guy had the same idea as I. The reason it didn't work is, that if you create a file in the bunny while SSH, you can't see it in the explorer. Example: Got it? Now, there should be a testfile in explorer, but there isn't. Try it yourself, if you don't belive me. It also doesn't work the other way around. If you create a file in the loot folder by hand or with powershell (both does the same), it does show up in the bunny but the bunny can't recognize it. Example: See that? It just doesn't work together. It doesn't work from bunny to explorer, and also from explorer to bunny. The reason why this is even necessary is, that the while loop checks if there is a "done" file. If that isn't the case, it stays in LED ATTACK (yellow led). The second last part of the .ps1 file is, that it should create a "done" file in the /loot/LaZassword directory. But that wouldn't work, because the bunny wouldn't recognize it, as I explained above. That's why the last part of the .ps1 file is the ejection of the BB. Then the BB syncs with the explorer and recognizes the file, which breaks the loop, which then makes and LED FINISH. And you don't even have to laborious eject the BB by hand. That's great, isn't it? Now, the solution: Poshmagic0de wrote this in that post I mentioned above. Short explanation: You have to eject him first. The great thing is, the bunny doesn't shut down when you eject him. You just don't have access to the bunny via explorer enymore, but PuTTY still works. So you can still run commands, even when you have already ejected him. @PoSHMagiC0de You brought me the solution, so I wrote you to the creds on my LaZassword payload. Is that okay for you? Please message me if not.
  3. Update on the payload incoming.
  4. Yes, I know xd. But I'm not home yet. I meant that I don't know the Winver of my PC by heart. I can look it up this evening. Update: Winver of my PC is 1809.
  5. Factory reset is explained here(wifi pineapple) or here(BashBunny). I did reinstall responder of course, I mean, the payload doesn't give me an error, it just never finishes. The target PC didn't change, and I mean, if it would, that shouldn't make a difference because the payload should work on all PC's shouldnt it? On my laptop I have also Win10 1903, I don't know what version of win10 on my pc is. Anyways, it doesn't work on both. I'll try to experiment a bit and look what I can fix.
  6. Ah, that means my payload is completely useless.... I thought the DumpHash.py would just dump the hashes from the PC, because once I ssh'd into the bunny and ran DumpHash.py and it printed out the hashes. It also worked from a locked machine, but that was only because I ran QuickCreds before. I'm dumb af. The thing is, the quickcreds payload doesn't work for me anymore. It stays in the blinking yellow stage, but it worked like 1 week ago, which is really strange. I did a reset and after the reset it didn't work anymore. Even though I had the same setup. But that means that it is my fault and not the bunny/payload's fault. I'm just doing something wrong and I don't know what. Should I delete my payload from github?
  7. Hm, take a look at that. That looks exactly like your problem. The only difference is, on the turtle there is just the Responder.db stored but on the wrong place. Here it is on the right place but it doesn't has any contents. There is no other directory on the bunny that has something to do with Responder except /tools/responder itself. Proven by typing 'find / -type d -name "responder"' or 'find / -type d -name "Responder"' {sometimes the "r" from responder is written in capital letters, sometimes not.} Now I need help from somebody where it works, because I don't have access to my BB right now. Can someone please post the Responder.db here? I think it would be even better if we would have the whole working responder here. So if your responder works, please post the whole directory here or upload it somewhere on a free-file-upload-site. If you're too busy then just post the Responder.db. That would be really helpful.
  8. How do you know that DK has let this unit slide into oblivion?? When did he say that? Mine works perfectly. Also I find that the setup is really easy and it works fine. I love it. Best wireless pentest tool in my opinion.
  9. Is your issue solved? Or is it still persistent?
  10. First of all, use the search bar. You would find this: This topic was posted in november 2019 and is still very accurate and not outdated. But ok, I'll answer your questions. 0. You probably think of the bunny like that: A malware device that will hack your computer but it mostly gets detected by AV's. That is completely wrong. The BB is a linux system in a USB-stick. It doesn't have to do anything with malware. That's the same like if you would download malware on your computer and then you would tell me that your computer is a malware computer that will hack other computers. But, you can use your computer ofc also for hacking. 1. Yes it is worth getting a BB in 2020. Why wouldn't it be worth? Tell me pls. Tell me the negative points, because I don't see any. It's the best hak5 product in my opinion. 2. No, the BB won't be detected by the AV. Look, the BB isn't something dangerous. It is a trusted device, or more like, it takes the clothes of a trusted device. The BB itself ins't "dangerous" and won't be detected, there would be no reason for that. But I mean, if you would put a virus program on the BB, it may be detected, but that's the same as on a regular USB device. If you put WannaCry on an usb-stick, your AV will go crazy. 3. No, it doesn't turn to a DedBunny. I mean, that is just one guy here who got a dead bunny and all the other 600000 (idk how many) are working. There are always some black sheeps in the horde. And we don't even know what this guy did with the bunny. Maybe it fell into water or something. Maybe it isn't even the bunny's fault. 4. I'm using mine since december 2018 almost every day. That's around 400 days. Some days I'm using the bunny for more that 5 hours (im not kidding xd) and some days I don't use it at all. And it still works perfectly. It does have a long live. But there's also a topic for that in the forums, you could use the search bar 😉. Last words: 95% of the people who have issues getting the bunny to work are using it wrong (e.g. wrong setup or something). On almost every topic it isn't the bunny's fault. And I would recommend you to write your own payloads, as some of the payloads on the hak5 github don't work. Note: Those aren't hak5's payloads. Those are community payloads.
  11. Hmmm, hard to tell. And you can't ssh into it? Is there really no attackmode? Well, if the methods you mentioned above don't work, you'll probably have to bin it...
  12. Oh well Responder.db is empty. I think that's the cause of the problem. Have you tried re-installing?
  13. @Flebbi Okay, let's see. SSH into the /tools/responder directory and do
  14. kuyaya

    Dedicated member

    Example: Under my profile picture is "Active Members". Under Rkiver's profile picture is "Dedicated Members". I wanted to know what you have to do to become a dedicated member. ty mate
  15. The thing is, I noticed that it was slow do I did the payload again and used a stopwatch to check the time. So it should've already installed the drivers. What I noticed is, that on mac it takes only about 8 seconds, which is more than 4x faster and that was the first time I used it into the mac.
×
×
  • Create New...