Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About jblk01

  • Rank
    Hak5 Fan

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I know it can do keystroke injection, but what about things the Bunny can do? Such as pretending to be a second network adapter, give the target a second IP address and then run an nmap scan against the target? Edit: I just saw it has Ethernet, Serial etc. on the product page. Never mind. 🙂
  2. It's available here but doesn't seem to be listed on the Essentials Field Kit page. Any thoughts @Darren Kitchen?
  3. @Geesknees - Try to access the BB via SSH or Serial. If you wish to use SSH (my preferred method) then create a payload.txt file in either the switch1 directory or the switch2 directory and enter this: LED M FAST ATTACKMODE AUTO_ETHERNET Save the file, remove the Bunny and then reinsert it using whichever switch directory you used. Then ssh into it: ssh -l root Password is: hak5bunny Then run: 'udisk unmount' and then run 'udisk reformat'. This should remove all of the old files on the user accessable partition.
  4. @Foxtrot - As per my pull request on Github, I had to use a newer release of Impacket to achieve setting a username / password combo for the SMB server in my smb_exfiltrator v2 payload. Would you consider updating the .deb file here with the latest release of Impacket?
  5. @WV09 - I'm glad it works for you! My first time modifying a payload to that degree, so I was worried it might fail. I hope they add it to the main repo too.
  6. REM Play the Imperial March STRING while ($true) { ENTER STRING [console]::beep(440,500);[console]::beep(440,500);[console]::beep(440,500);[console]::beep(349,350);[console]::beep(523,150);[console]::beep(440,500);[console]::beep(349,350);[console]::beep(523,150);[console]::beep(440,1000);[console]::beep(659,500);[console]::beep(659,500);[console]::beep(659,500);[console]::beep(698,350);[console]::beep(523,150);[console]::beep(415,500);[console]::beep(349,350);[console]::beep(523,150);[console]::beep(440,1000); ENTER STRING } ENTER Done 🙂
  7. Okay, I got it working on my machine so that Windows does not complain. Here is my pull request: https://github.com/hak5/bashbunny-payloads/pull/392 And the files are here: https://github.com/jblk01/bashbunny-payloads/tree/master/payloads/library/exfiltration/smb_exfiltratorV2.0
  8. @WV09 - I have updates. I factory reset my Bunny, then I installed the latest firmware (1.6). From there I did the following: You should now see a '-username' and a '-password' option. Setting these in the payload.txt along with telling Windows to authenticate with it via NET USE should make this work. I am now on my way to get my Windows 10 machine from my friend's place. I'll keep you posted.
  9. @WV09 - Try my modified version. It works correctly on both Bash Bunnies I own. I also added SMB ver. 2 support as well as slightly changed the LED pattern to suite my tastes. I even added extra file types in the s.ps1 file and I can share those if you'd like. 🙂 https://github.com/jblk01/bashbunny-payloads/blob/master/payloads/library/exfiltration/smb_exfiltrator/payload.txt
  10. Found a unique payload setup HERE. However I have read that moving the switch while the bunny is powered was dangerous, so would using this payload damage anything?
  11. Saw this cartoon drawing of the Bash Bunny on Twitter, and I've seen similar drawings of the LAN Turtle, Pineapple etc. Where can we find these? They would make awesome wallpapers!
  12. My mistake, I saw the reviews of the BB online and all photos came with a cable. It's not a big deal as one is $5 but I was just curious. Thanks for the links Darren.
  13. Grab the Impacket DEB file here, copy it to the /tools directory while in arming mode. Unplug and then replug the device in arming mode and it will be automatically installed. Also, I had to modify the payload.txt script because the attack would fail halfway through. Using my modification should work, as it works for both of my Bunnies unlike the payload.txt hosted on the Github page. Tools: My SMB exfiltrator script fix. If one can maybe improve it I'd be grateful:
  14. @skitz0 I did this and got the same result, however both my inject.bin works and I am able to store files on the microSD card. Is it supposed to flash green and red? Everything seems to work fine. Any issues after your last post?
  15. Same as the title says, if one is using the Twin Duck firmware, do you need to take out the microSD card, and hook it into an adapter in order to copy a new inject.bin file? Also, can one use this to store say a PDF, then hide the inject.bin so that you can seem innocent by asking someone to print off a PDF for you?
  • Create New...