Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by kuyaya

  1. He P.M.'d me and it is fixed now :).
  2. I've already answered your question on discord. For those who aren't in discord: it was probably the wrong keyboard layout.
  3. Hey all For anyone still searching for a solution, I found one! I've been searching for a working solution just to dump the logon hashes with powershell. Haven't found a working one, but instead found a working invoke-mimikatz! The one from PowerSploit and Empire doesn't work, but the one from nishang does. Link: https://github.com/samratashok/nishang/blob/master/Gather/Invoke-Mimikatz.ps1 Time to obfuscate it... Update (09.09, 23:41 CEST): Successfully obfuscated! I tested it on the latest win10 (version 1903 build 18362.1016). AV was Windows Defender, so it also shouldn't get detected by other AV's. I'm obviously not gonna upload it to virustotal, I don't want that script to be detectable 1 week later... GL to all who also try it, it's totally possible.
  4. Hey there The payloads which are uploaded to github are tested, they should work. BashBunny payloads are typically written in bash. Get started with bash, combine it with the bunny language and try writing your own little script. What payloads have you tested so far? By the way, the text would be much easier to understand if you would use punctuation marks.
  5. Ah, that's why u asked. You cannot run these payloads on an ordinary USB drive, and there are no drivers which will make it work. The BB is a Linux machine. It's not a ordinary USB drive, it's a Linux system inside a USB drive. You could maybe recreate it with a raspberry pi, but that would take a lot of time and effort.
  6. Read what I said above. Read the payload...After the payload successfully ran, press shift five times and CMD comes up. READ.MY.TEXT.ABOVE The payload does that for you. You don't have to configure anything. But I also said that above. Read. My. Texts. No, the payload only works when the computer is unlocked. But that is written in the readme.txt. Read. The. Fucking. Manual. After the payload is executed, you can "spawn" a cmd shell even when the comptuer is locked. Please inform yourself what a product does before buying it. And read the manuals. https://docs.hak5.org
  7. tf is that text formattingšŸ˜‚
  8. Just click on the github link and copy it into the switch positions. That's all you have to do. Save the file as .txt, you don't need to configure anthing. When you take a look on the payload.txt, you see that it opens powershell. So yes, powershell needs to be installed on the victim computer (but that's default in win10 and win7).
  9. Hm, that shouldn't be the case. There's no such thing as a timeout. I'd maybe make a factory reset, although I don't know if that helps. It's probably a hardware issue. I'm sorry, I don't know any further.
  10. Does the bunny behave the same on other computers aswell?
  11. maybe first update your firmware
  12. Yeah, those are corrupted files. You also can't delete them (by just right click > delete) . Reformat the USB drive and you should be good. You don't have to bin it.
  13. Both sold...šŸ˜“I wish I would've seen it earlier
  14. If you have an updated machine, scp should be pre-installed in the command line. It's insalled on my machine and I don't remember installing any third party tool for scp in command line. Type "scp" in cmd and see if it finds the command. If not, consider using the options from Jtyle6
  15. You mean that the computer should think like a human and only try passwords that really only humans use? Try rockyou.txt! Those are the 14'443'549 most used passwords. Or you can use the mask function of hashcat, which PanicAcid described above. Or if you want even more advanced stuff, try the rule function of hashcat. You can do things like that every word of a wordlist will be used backwards, or in leetspeak or both together.... Maybe I got the wrong idea of what you're trying to say, but it's kinda hard to understand your english...
  16. kuyaya

    No LEDs

    There might be a problem with the usb ports of the victim PC, if the BB works fine on other computers. On my laptop, only one of the two usb ports is still working. There may be the same problem on that victim PC.
  17. What a dumb desicion. You could've sent it to me instead of wasting it, I'd pay for it....
  18. Although the title is a bit misleading, I don't think that it has to do with the pineapple but with shipping/importing. It could also be a ducky or anything else.
  19. Hi I've seen other forums that look very similar to this one here. Most things are literally the same. Is there something like an open library for forums? Something like OpenFORUM (doesn't exist, just an example).
  20. You just summarized programming in one sentencešŸ˜‰ btw please stop with the copy-pasting ;).
  21. Dude, just ask the person if you can meet her/him. Don't be a creep.
  22. Hm, I know that hashcat is able to set up a server where I PC acts as the server and the others act as clients and crack together, but I don't know if that's what you're looking for.
  23. 1. https://www.google.com/search?q=change+name+of+usb+device 2. What do you mean with "define a folder which is shown to the user in attack mode"? Can you explain what you want to do? If you want to show it as a mass storage just do ATTACKMODE STORAGE
  24. That is probably a bunny or ducky thing, and not a couldc2 thing, so you are in the wrong section here. What do you exactly mean with "connect to c2"? Just go to the web interface or...?
  • Create New...