Jump to content

Search the Community

Showing results for tags 'WINDOWS'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. My first payload, wanted to make something simple and cross-platform to try and learn the platform. Please give any feedback (I can't test on OSX myself) you may have to help me improve my payload writing! Features I'm looking to add that I need help with in a future version: - Loop so that the video opens multiple times before ending payload - Ability to crank up device volume while executing payload ######## INITIALIZATION ######## LED SETUP # Use RNDIS for Windows. Mac/*nix use ECM_ETHERNET ATTACKMODE RNDIS_ETHERNET #ATTACKMODE ECM_ETHERNET ######## ATTACK PHASE (WINDOWS RUN PROMPT) ######## # Use this version if user cannot use CMD (lacking perms or something similar) LED ATTACK # Open run prompt Q GUI r Q DELAY 200 # Open web browser Q STRING microsoft-edge:// #Q STRING chrome Q ENTER Q DELAY 100 # Enter RickRoll link & enter it Q STRING https://www.youtube.com/watch?v=dQw4w9WgXcQ Q ENTER ######## ATTACK PHASE (WINDOWS CMD) ######## #LED ATTACK # Open CMD #Q GUI r #Q DELAY 200 #Q STRING cmd #Q DELAY 100 #Q ENTER #Q DELAY 100 # Opens default web browser with video, cleans up cmd window #Q STRING start https://www.youtube.com/watch?v=dQw4w9WgXcQ && exit #Q ENTER ######## ATTACK PHASE OSX / *nix) ######## #LED ATTACK #Q GUI SPACE #Q DELAY 200 #Q STRING terminal #Q DELAY 100 #Q ENTER #Q DELAY 1000 #Q GUI n #Q DELAY 1000 #Q STRING open https://www.youtube.com/watch?v=dQw4w9WgXcQ && exit ######## FINISH ######## LED FINISH Github link: https://github.com/GlitchingGogo/BashBunny-SimpleRickRoll
  2. Hi All, I know this one seems to have been done to death on the forum but I am not sure what else to do. I have read all the posts that I can find on trying to get an internet connection on the BB. I have set, reset the different permutations with regards to RNDIS device, IPs, Drivers etc and get the same results. No internet. Ive tried on Windows 10, 8 and 7 and its the same. Ive tried deploying the payload to the different switches. Ive tried sharing the WiFi and Ethernet connections on the laptop. Okay, so I have updated the firmware to the latest. Storage and HID are fine. The payload is the simple ATTACKMODE RNDIS_ETHERNET. internet sharing is set on the laptop, IP address of BB is 172.16.64.1. IP address of windows side is 172.16.64.10 (have also tried 64). I have also tried disabling and enabling the lan devices as per some of the advice. I can Putty in both serial (arming mode) or SSL in on either the attack switches. When running ifconfig on the BB side, i get the expected 172.16.64.1 IP so all seems ok there. Ive set some LEDs to track the payload going through its motions but i get a red LED and no internet. Its the same for every configuration of the BB on all windows machines. This must be something so silly thats staring me in the face but for all the trees in the woods, i just cannot see it. Any help will be greatly appreciated.
  3. Hey guys and gals. I need to crack a password for a very very old piece of software (its over 20 years old at this stage and the dev is no longer supporting it). Pretty sure it was developed in Windows 98. The software gets activated with a 6 digit number. The apps way around brute force is to shut down the app after every failed attempt. This is the code i need to loop... 1 million times (with the second string increasing by 1 digit every time) 😂. GUI r DELAY 100 STRING C:\app\software\app.exe ENTER DELAY 1000 STRING 000001 ENTER ENTER What's would be the fastest way for me to write in the increasing 6 digit number (6th line of the code) into a script? Currently i have an excel file open with column A populated with increasing numbers (cell A1=000000, A2=000001 etc). I can write the script to copy from the excel list after every attempt but would there be a more efficient way to code the numbers directly into the ducky script to increase the speed of the brute force. Short of that could you advise of some brute force software on windows that can follow the above script's flow since the app shuts down after every failed attempt and needs to be re-launched again.
  4. Will a payload targeted at a Windows 7 OS still work on a Windows 10 OS, or are they completely different?
  5. Will a payload targeted at a Windows 7 OS still work on a Windows 10 OS, or are they completely different?
  6. Windows Persistent Reverse Shell for Bash Bunny Author: 0dyss3us (KeenanV) Version: 1.0 Description Opens a persistent reverse shell through NetCat on victim's Windows machine and connects it back to host attacker. Targets Windows 10 (working on support for older versions) Connection can be closed and reconnected at any time Deploys in roughly 15-20 sec Works with NetCat Requirements Have a working Bash Bunny :) STATUS LED STATUS Purple Setup Amber (Single Blink) Installing and running scripts Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files from WindowsPersistentReverseShell to either switch folder Edit the persistence.vbs file and replace ATTACKER_IP with attacker's IP and PORT with whichever port you like to use (I use 1337 ?) Save the persistence.vbs file Unplug Bash Bunny and switch it to the position the payload is loaded on Plug the Bash Bunny into your victim's Windows machine and wait until the final light turns green (about 15-20 sec) Unplug the Bash Bunny and go to attacker's machine Listen on the port you chose in the persistence.vbs file on NetCat Run the command nc -nlvp 1337 (replace the port with the port in persistence.vbs) If using Windows as the attacker machine, you must install Ncat from: http://nmap.org/dist/ncat-portable-5.59BETA1.zip and use the command ncat instead of nc from the directory that you installed ncat.exe. Wait for connection (Should take no longer than 1 minute as the powershell command runs every minute) Once a Windows cmd prompt appears...YOU'RE DONE!! ? and you can disconnect and reconnect at any time as long as the user is logged in Download Click here to download
  7. One of the problems I had with the ducky is that when typing a script on a target's pc it's really hard if there is a person in front of it. Instead of trying to create the command screen as small as possible so the targets won't see the screen, I've made it so big that they will think the monitor crashed or the cable fell out. The only thing you see now is a black screen and black text so the targets won't see any strings the ducky types. It also doesn't matter if the user clicks on somewhere on the screen with the mouse, because te whole screen is the command line. Here is the payload: REM Make Black Screen DELAY 1000 GUI r DELAY 100 STRING cmd CTRL-SHIFT ENTER DELAY 100 ALT y DELAY 100 STRING mode con: cols=30 lines=1 ALT SPACE UP ENTER DELAY 100 TAB SPACE SHIFT TAB SHIFT TAB STRING 5 SHIFT TAB RIGHT TAB UP TAB TAB TAB SHIFT TAB STRING 0 TAB STRING 0 TAB STRING 0 TAB TAB TAB TAB TAB DOWN DOWN DOWN TAB TAB TAB SHIFT TAB STRING 0 TAB STRING 0 TAB STRING 0 TAB TAB ENTER ALT ENTER REM Black Screen made! REM ***Disable keyboard & mice *** REM ***PAYLOAD**** One problem I had was to disable the targets keyboard (and mouse) so the target can't screw up the script/program the ducky is writing. It is a possibility that the target will freak out and push a lot of keys when they see a black screen. If anyone knows a sollution to this problem, please notify me.
  8. HoldEmUp Private Encryption Locker By REDD (aka Ar1k88) Fork from: https://github.com/private-locker/Private-Encrypted-Locker GitHub URL: https://github.com/private-locker/bashbunny-payloads/tree/master/payloads/library/general/HoldEmUp (Waiting on Official Hak5 Merge) This Script was previously released on here, then taken down. I had decided to release it on here again since we have also released the Source on our Community GitHub. Features: Use 256 AES Encryption to encrypt and secure files with a Uniquely Generated AES Key. Edit "settings.db" to change the file format of encrypted files. No need to 3rd Party Applications to hide documents. "How this was made? I saw how WannaCry and other Ransomware would "Hold You Hostage". So I decided to sit down, make a PoC (Proof of Concept) that quickly turned into a Security Tool that could be used to lock and unlock your own files. So I held onto the files, even released them for Hak5 as a Demo on the BashBunny, but quickly realized it had "Ransomware" qualities. I quickly removed it. But as times come to pass; Security is getting better. There's other Programmers besides myself that could benefit from this project. Prevent the next wave of "Ransomware". -REDD " DO NOT LOSE YOUR LOCKER KEY'S! NO KEY = NO DECRYPTING. YOU HAVE BEEN WARNED!
  9. In the spirit of april fools, I ported the original UnifiedRickRoll to windows, so you can easily switch between apple and windows computers and still get the same effect. https://github.com/hak5/bashbunny-payloads/pull/139
  10. I've had two BashBunny payloads fail on me (USB_File_Exfiltration and SmartFileExtract_Exfiltration) when I ran them in the morning, after working on them for a full day trying to get them to work (the night before). Debugging the scripts on Windows, I found out that the date/time stamp formatting for the filename was causing the issue. The hour is left-padded with a space in the AM. I found the following hint for creating Windows Batch Script variables that are properly formatted with the date/time. My modified code to match the format in the payload scripts is below: @echo off for /f "tokens=2 delims==" %%a in ('wmic OS Get localdatetime /value') do set "dt=%%a" set "YY=%dt:~2,2%" & set "YYYY=%dt:~0,4%" & set "MM=%dt:~4,2%" & set "DD=%dt:~6,2%" set "HH=%dt:~8,2%" & set "Min=%dt:~10,2%" & set "Sec=%dt:~12,2%" set "datestamp=%YYYY%%MM%%DD%" & set "timestamp=%HH%%Min%%Sec%" & set "fullstamp=%YYYY%%MM%%DD%_%HH%%Min%%Sec%" echo datestamp: "%datestamp%" echo timestamp: "%timestamp%" echo fullstamp: "%fullstamp%" pause Here is the output: datestamp: "20190809" timestamp: "084546" fullstamp: "20190809_084546" Press any key to continue . . . And here is the link that helped me figure it out: How do I get current datetime on the Windows command line, in a suitable format for using in a filename? I hope this helps someone avoid the struggle I've been having the last two days.
  11. Hello there, i´m writing my first payload for the USB Rubber Ducky . I'd need a key combination to hide a window, the only problem i have is that i need to do something IN the window so i can't just ban it to the task bar. I hope you could help me. Greetings Ares
  12. Hi, Based on the powershell script written to extract creds from Google Chrome, I made a script to read the SQLite database where the cookies are stored and extract Facebook session cookies. It uses no library, like in the ChromeCreds payload, I use regex to search for the cookies. I haven't written any payload, and I also want to do the same with Firefox. http://pastebin.com/25Z8peMb Enjoy
  13. I have been working on a small little virus to mess with some friends, when you start up the program it will ask you what file type you would like to shuffle, after inputting that it will do the rest of the work for you! Any ideas on what I could add to the program? (You can find it here https://github.com/SkullScript/Puffle-Shuffle)
  14. WDuckyFlasher This is a ducky firmware flasher with all firmwares built in. It is handy in case you only have a nearby windows computer because this is made in batch! I'm always open for suggestions! Have fun. Download link [ZIP]
  15. Harun

    PacketSquirrel

    Hi, I just checked the tutorials on how the PacketSquirrel works and what it does and I've decided to purchase one myself to have a play around with it. I've captured traffic on the device, recorded and analysed the TCP dumps on WireShark. The only part I'm struggling on is how to get the dns spoof to work. I have switched to Arming mode and edited the 'spoofhost' file to 'facebook.com' with the ip address being my victim's ip address on the Windows machine. I'm wondering how it's possible to create a fake web page and harvest the victim's usernames and passwords via my fake facebook page and have them redirected back to the original facebook login
  16. Lets say we have a win 7 computer with non-admin access. There is a particular registry setting we want change. And we dont have permissions to any cool stuff like regedit, gpedit, etc. And lets say any registry setting we do manage to save, through something like chntpw, gets reverted on boot/profile load to its original setting. Computer is on a domain system. And lets pretend creating a new windows admin user might be a little too invasive for a vigilant System admin ignore. What methodology would you guys use to permaset a reg setting?
  17. So heres whats going on i made a shell, using reverse_tcp. And i put it on victims computer and opened it everything went smoothly in the process of opening the exe, anyways after i opened it, the shell didnt send a tcp connection back to me. Im doing this on a LAN network, both computers are right beside each other connected to ethernet. I made the exploit in a vm then uploaded it to mediafire and downloaded on other pc. But when i ran it, i didnt get a connection back it was like it was never ran. Heres all my console output currently even after opening i didnt take a screenshot but i did copy and paste. And put it on pastebin, so heres the link hopefully one of you can help me i would also like to say the the target pc had antivirus disabled. LINK: https://pastebin.com/R9G5nQGB I used port 4444 and my local ip. That link shows the whole process of setting up the payload and handler thats what all i did. Thanks to everyone who takes the time to read this i really need help.
  18. Mirothor

    USB-C Ports

    How will Hak5 deal with USB-C ports if they spread to Microsoft, Dell, and more? Also, is Hak5 just going to stay with adapters or make new devices with USB-C capability? I would stick with adapters, but I want to see others opinion.
  19. I need some help in writing some code to automate some of my jobs and I can't figure an efficient way to just get the wireless card and ethernet mac addresses. im trying to use something similar to this ips = subprocess.check_output(["WMIC", "NICCONFIG", "where", "IPEnabled=true", "get", "IPAddress"], universal_newlines=True).strip().split("\n\n")[1:]
  20. Discussion thread for the RevShellBack payload. I've seen quite a few Rubber Ducky projects to do with getting a reverse shell running on a PC so that the shell can be accessed remotely on a different computer. But what got me thinking is this: the Bash Bunny is a full-on Linux ARM computer, right? It has netcat and it can do HID and ethernet simultaneously. So.. why not use that instead? At first, this payload will use a bit of HID trickery to hide itself from an observer as best as it can. As soon as it has done executing the final PowerShell command, HID is no longer used. User-defined commands will be sent to the computer in the background. By default, 4 commands are executed as a demo: Write file (with content) to the desktop Eject CD/DVD tray (if it exists) -- thank PowerShell for making that possible Open calculator application Message box -- powered by PowerShell For information about the payload, the payload script itself and how to configure it, it can be found at this GitHub repository: https://github.com/uintdev/RevShellBack
  21. Testing the BashBunny for use on a physical pentest/red team engagement but noticing a huge problem with using this device for a real world assessment. Mainly, on a Windows 7 x64 desktop, the initial driver install process took over 2 minutes to install. After initial drivers are installed, my payload initializes and finishes within 10 seconds which is great if only I didn't have to install the drivers first... What makes this issue even worse is that the BashBunny doesn't wait until the drivers have been installed before executing the payload which means you need to unplug/re-plug the device in after waiting 2 minutes to execute the payload. Ideally, it would be nice to build some code into the BashBunny to automatically detect when the drivers are installed and then run the payload. Has anyone had any issues with this and is there any way to improve the speed here? 2 minutes is wayyy to long to wait around at an unlocked workstation. I would be better off typing out the payload by hand if it meant only taking 20-30 seconds max.
  22. deck_bsd

    QuickCreds

    Hi everybody, I just flashed my bash bunny to the new 1.3 version of the firmware. I would like to test the QuickCreds payload on my windows 10 Enterprise. It seems to be stuck in yellow mode (LED ATTACK) forever. Responder is correctly installed into the tools folder. In loot/QuickCreds i have a good folder name but nothing into it. I m doing something wrong ? i have noticed some few thins like, in the payload , it is using the -P option but responder.py doesn 't have it, i erased it, but nothing change. Any ideas ? The thing is, before i just change the LED color , when i tried QuickCreds, after the setup light it was directly the blinking green ligh (i didn't get the yellow one, that's why i would like to test it). After i modified those LED instruction (juste the LED i promes) , the payload always stay in yellow mode. Thanks in advance for your support :-)
  23. Hey, i'm reading a book Metasploit The Penetration Testers Guide and in it the author mentions that in general you should not set the THREADS value in Metasploit to more than 16 on Windows machines and more than 128 on UNIX style machines. I'm just curious as to why, and also why so little on windows? Later in the book the author also uses 255 threads for a port scan. Thanks
×
×
  • Create New...