Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by kuyaya

  1. @bjlentsHey man, I think I'm almost finished. One last thing: Have you made any changes to the payload.txt from SMBbrutebunny? If so, could you please send me the whole file? I don't think you've made changes to mmcbrute.py, so sending this one wouldn't be necessary.
  2. hey guys Something just came up on my mind: y'all know google's find my phone right? You can't find it, you start the service and let it ring. Pretty useful, you don't have to spend hours searching it. Now, just in theory, would it be possible to let a phone ring as soon as it connects to the pineapple? I mean, you can't find your phone, you start PineAP, your device auto-connects, you let it ring :). That'd be really damn cool. Does anyone have an idea?
  3. Yeah sorry, I haven't looked at it yet. I'll probably do it tommorrow. It's already late here...
  4. Heyo guys I bought myself a nano quite a while ago. The WebUI on the nano is sometimes a bit buggy (buttons don't work, it doesn't save settings, etc...). For those who've bought the Mark VII: Is this still a thing on the mark VII or does it work flawlessly?
  5. If you can give me a few days I'll combine them for you
  6. Foxtrot mentioned it in discord. They discontinued it because....I don't know exactly. But I think it was because of the lack of costumers.
  7. I don't know exactly - I'm not an expert. However, there are more people active here on our Hak5 Discord, mabye someone there is able to help you. https://discord.gg/Z2jsSWyT
  8. Hm, strange. I've always had success with defining the DUCKY_LANG in config.txt. Mabye it's just a typo error, just like there is a typo in your example here https://forums.hak5.org/topic/53256-language-configuration-with-configtxt/ :). If that is not the case, have you tried re-installing the firmware?
  9. There is no i.vbs and e.cmd anymore. You can see that on github. You'd have to download past releases This made me laugh🤣
  10. kuyaya


    Googled it, didn't find anything. I guess you have to provide more details :).
  11. Hmm, sorry. I won't tell you that. Let's see if I find some other ways and then I'll PM you about it, ok?
  12. OK, now try this: Download the bunnyupdater from here. Run it twice, so you're 100% sure everything's fully upgraded. Try a payload with the following contents: LED SETUP ATTACKMODE HID LED ATTACK DUCKY_LANG=xx # Example would be DUCKY_LANG=ch RUN WIN "notepad" Q DELAY 1000 Q STRING "the quick brown fox jumps over the lazy dog" LED FINISH and see if it outputs the sentence correctly.
  13. Then there is probably an issue with the language or something else
  14. That's my little secret😉 If I upload it here, I'm sure some idiots will upload it to virustotal and then it'll get flagged soon. There's a lot of information about obfuscating scripts out there, I'm sure you'll find your way :).
  15. Hey I guess this is a username problem (it's on metasploit, not the bunny). I'm sure there are some videos that show how to use it on domain machines.
  16. kuyaya


    Seriously??? Read the post from darren again. What does it say on the third line? Exactly. This post is made pre firmware v1.6 You said you want this to work on firmware 1.6_305. So you're following a guide for an older firmware. To install it on your firmware, just get the metasploit firmware from here. Copy it to the tools folder and then replug the bunny. Then you're done :). Then you can SSH into it, cd /tools/metasploit-framework, ./msfconsole and you're presented with the msfconsole And for god sake, please stop with the "....", it pisses me off. In case you think there's something wrong with it (you wrote like 8 comments < 24h): No, the device is not broken. No, it's not a 'scam device' or anything. If you ask friendly, people will answer you friendly. If you seriously think there's something wrong with the bunny, you can open up a ticket and they may send you a new bunny.
  17. Jep the Bash Bunny was the first tool I've bought from hak5. I still use it today and I still love it. It's very useful and you can do all kinds of pentests with it. It's the best Hak5 tool imo.
  18. I don't have a lan turtle and don't know the modules, but I assume that the quickcreds is 'specialized' on the quickcreds payload, while you have more options with the responder module. Just guessing from the name.
  19. I don't have a ducky, but I really don't think that the ducky itself gets detected. Is it relevant? Depends on what you want to do. It still works as good as it did 8 years ago, but it definitly got harder to make it useful these days. If I were you, I would buy a BashBunny, which has a lot more functionalities.
  20. He P.M.'d me and it is fixed now :).
  21. I've already answered your question on discord. For those who aren't in discord: it was probably the wrong keyboard layout.
  22. Hey all For anyone still searching for a solution, I found one! I've been searching for a working solution just to dump the logon hashes with powershell. Haven't found a working one, but instead found a working invoke-mimikatz! The one from PowerSploit and Empire doesn't work, but the one from nishang does. Link: https://github.com/samratashok/nishang/blob/master/Gather/Invoke-Mimikatz.ps1 Time to obfuscate it... Update (09.09, 23:41 CEST): Successfully obfuscated! I tested it on the latest win10 (version 1903 build 18362.1016). AV was Windows Defender, so it also shouldn't get detected by other AV's. I'm obviously not gonna upload it to virustotal, I don't want that script to be detectable 1 week later... GL to all who also try it, it's totally possible.
  23. Hey there The payloads which are uploaded to github are tested, they should work. BashBunny payloads are typically written in bash. Get started with bash, combine it with the bunny language and try writing your own little script. What payloads have you tested so far? By the way, the text would be much easier to understand if you would use punctuation marks.
  • Create New...