Jump to content

WV09

Active Members
  • Content Count

    6
  • Joined

  • Last visited

  • Days Won

    1

About WV09

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Apologies for the late reply. I followed your instructions and it works perfectly 🙂 Hopefully it gets added to the main repo as going forward this it a perfect way of exfiltration on fully patched/updated Win 10 machines.
  2. Have been digging a bit more and once you enable unauthenticated guest access (see link, only works on pro and enterprise) I still could not get it to work. http://wdc.custhelp.com/app/answers/detail/a_id/21016/~/share-access-failure---organization-policies-block-unauthenticated-guest-access#subject1 I can see the file share now but the powershell on the file share is not getting triggered. Manually triggering the powershell on the file share works and the files are copied and the light goes green.
  3. ...block unencrypted USB or block USB storage media completely but this would by pass that. Also many have IDS/IPS so exfil through ftp would also be blocked or detected.
  4. A quick google confirmed that Microsoft have indeed blocked unauthended/guest on the latest version of Windows 10. https://support.microsoft.com/en-gb/help/4046019/guest-access-in-smb2-disabled-by-default-in-windows-10-and-windows-ser Would it be possible to setup an authenticated share some instead? I will be honest I only got my BB the other day so I am new to the whole thing. The reason I am wanting to get the SMB exfil working is that a lot of enterprise environments block
  5. Many thanks, I downloaded the payload but now it sticks on a light turquoise colour instead of blue. But the SMB ver 2 go me thinking, I am sure Win 10 latest version blocks unauthenticated shares by default. So I tried to navigate to the file share and I get the above message.
  6. I am also having the same issue. I updated my Bash Bunny the latest firmware and placed impacket from the stick link on the forum. After that I unplugged and plugged the BB back in on arming mode to install impacket and the unplugged and switched it to switch 1 and I can see it load the drivers for Ethernet and also open up RUN along with a powershell window that closes very fast. It that just flashes blue and I have even left it for 5 minutes just in case something needed to load. I have used the USB exfiltration and so I know the test files should copy and are the right file format. When I check the loot I see the smb folder but it is empty. Also during the blue blinking light of the attack I did a netstat and I could not see a connection to 172.16.64.1.
×
×
  • Create New...