Jump to content

Search the Community

Showing results for tags 'bash bunny'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Hak5 Cloud C²
    • Plunder Bug
    • Bash Bunny
    • Signal Owl
    • USB Rubber Ducky
    • Packet Squirrel
    • LAN Turtle
    • Screen Crab
    • Shark Jack
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 56 results

  1. Guys I just got my BB and I updated it to the latest firmware and I downloaded all the payloads but none of them works (more specifically they create an empty folder in "loots" with the name of the payload )... I assumed it was because I didn't have any tools.... so I downloaded all of the tools from the " hak5 forums" ... and in order for the tools to install I should unplug and plug my BB in arming mode again) but every time I open my " tools " folder in my BB it's empty ( despite I downloaded them several times) ...what is the problem?.... what should I do? PS ( I'm working with windows 10)
  2. Guys I downloaded all the 3 tools in the forum but I don't know if they are installed or not and by the way non of the payloads are working
  3. Harllen Dias

    Tools

    boa tarde, estou com dificuldades para instalar as ferramentas o meu Bash bunny, copiei os arquivos .deb para tools mas não instala quando conecto em modo armamento os arquivos ainda estão lá, o Firmware v1.3 esta instalado. desculpe pelo ingles
  4. Hello I am thinking of buying a smash rabbit and I want to find out a way to ssh into it. I heard that if I want to SSH into the rabbit I have to "waste" a payload for the bunny to emulate RNIDS_ETHER. Is this correct? Or is there some other way for it to emulate a usb-to-ethernet adapter upon boot without having to use a payload? I dunno, stick something in the .profile? Thanks!
  5. deck_bsd

    QuickCreds

    Hi everybody, I just flashed my bash bunny to the new 1.3 version of the firmware. I would like to test the QuickCreds payload on my windows 10 Enterprise. It seems to be stuck in yellow mode (LED ATTACK) forever. Responder is correctly installed into the tools folder. In loot/QuickCreds i have a good folder name but nothing into it. I m doing something wrong ? i have noticed some few thins like, in the payload , it is using the -P option but responder.py doesn 't have it, i erased it, but nothing change. Any ideas ? The thing is, before i just change the LED color , when i tried QuickCreds, after the setup light it was directly the blinking green ligh (i didn't get the yellow one, that's why i would like to test it). After i modified those LED instruction (juste the LED i promes) , the payload always stay in yellow mode. Thanks in advance for your support :-)
  6. When I connect the Bash Bunny with ATTACKMODE RNDIS_ETHERNET it sets itself as a default network interface, which is desired in most cases. However, I would like it to show up as a secondary interface as part of my payload requires actual internet. Since the Bash Bunny doesn't have internet itself, it can't provide internet to the windows box. It would be nice if I could configure the Bash Bunny to show up as a non-default interface. It is possible to change the metric in powershell, so if my payload uses powershell, I can do this to change it: Get-NetAdapter | Where-Object -FilterScript {$_.LinkSpeed -Eq "2 Gbps"} | Set-NetIPInterface -InterfaceMetric 100
  7. Need help on what exactly does "mount -o sync /dev/nandf /root/udisk" do? do I run it as a payload with attackmode serial? or while in side of putty?
  8. I just recently received my Bash Bunny and was struggling to install the tools. I decided to mess around with the install.sh and ended up causing the Bash Bunny to become stuck. I removed the Bash Bunny and cannot get it to do anything now. When plugged in the green LED goes of for about 2 seconds then goes off... Nothing happens after that and changing the switch does nothing different. I have no clue on what I can do... thanks for any responses.
  9. Hello, I've been playing with a small circuit for my Bunny... I've put three USB connectors on a small board, 1 for the Bunny, 1 for the Target PC, and a switched one for a small battery bank (I use a cylinder type). I have just run power from the battery bank connector to the Bunny and did not hook up power from the Target at all. With this setup, I can run attacks on USB 2 only devices; and, more importantly pre-boot the Bunny before the attack... Flip switch, wait for Bunny to boot, then plug into Target... I don't use the Bunny for keyboard injection, btw - I still prefer my Rubber Ducky for that. This kind of setup could easily be added to the base Bunny, or as an alternative hardware version - with a single usb jack on the back to accept the battery bank connector. A more sophisticated circuit could be setup to detect if power was available at the Target and allow the battery bank to be removed. Pre-boot Bunny, plug into Target, pull and palm battery. The only complication is that it would be a lot of torque on the Bunny's main connector if the battery had to be left connected for a USB 2 Target...
  10. Nick Kwiecien

    NTLMv2

    So I've successfully dumped NTLMv2 hashes from a locked PC and I am stuck on what you can do with them from there. With the new security updates regarding token based filtering trying to pass the hash or remote login without being a SID 500 is almost useless and unless you have access to a descent size GPU cluster trying to crack NTLMv2 will also be a challenge. If someone can enlighten me on some ways to gain a foothold with those hashes im all ears
  11. really confused on how to setup quick creds on the bash bunny...Found different steps to take but no tutorials or documentation on the configuration and setup. Also another thing I was thinking about is what if I am out on an engagement and said company has 2 step verification. Does this attack still work?
  12. Hi everyone, Just had a quick question to everyone. How good are you about unmounting and ejecting your bunny? I've heard a lot about doing so when leaving arming mode, but is it still recommended when you run some sort of actual storage payload? I feel like that really gets in the way when it comes to a lot of payloads.
  13. Hi everyone, Don't mean to bother this time around, but this time I really have a weird issue. It appears that the storage partition of my bunny has become corrupted in some way. For one, I have had files become corrupted individually, specifically those gotten from the USB exfiltration payload. The bunny also appears read only to my linux machine, and even worse is the fact that deleted files are coming back to my bunny. Yes, you read that right. Is the Bash Bunny using some CoW filesystem or something? I've tried to add and test a new payload, and I copy the payload.txt and the readme.md, over the old payload.txt (without a readme file), and it works. However, as soon as I plug it back in, the only payload there is the old one, and the readme is gone as well. Has anyone dealt with anything like this? Should I format it in windows? Forcing a reset hasn't worked for me yet.
  14. I just got my Bash Bunny yesterday and have had nothing but issues. After trying quick creds and a few other payloads, and having none of them work (responder is located in /tools/responder) I've given up. Forcing a reset hasn't worked so far either. In addjtion, editing the payload.txt doesn't actually save. I'll save the file, and the plug in the bunny again, and the file will revert to what it was before the save. Has anyone else had this issue?
  15. I have som problem with my Bash Bunny. who can I change my keyboard language
  16. So a new extension I wrote to avoid to have to escape special characters for complex powershells. This extension takes a text file containing the powershell command. Example: RUNPOWER switch1/pstxt.txt inside the pstxt.txt file : Set-WinUserLanguageList -LanguageList en-US -force; Basically it takes the contents of the text file and encodes it to a base64 string and passes it to powershell as an encoded command. (also works as obfuscation of the attack code) https://github.com/elkentaro/bashbunny-payloads/blob/master/library/extensions/runpower.sh @elkentaro
  17. Is it only me? I have noticed when I attempt to run the bb.sh on my home-brew mac OS X it just stays stuck in: Step 3 of 3: Select Bash Bunny Interface Please connect the Bash Bunny to this computer. Any one else has seen this?
  18. how does the bash bunny gain execution access in mass storage attack mode (in windows)? will it always work when windows autorun is disabled? i would love to get a detailed explanation of how it works
  19. Apparently I've tried to update to 1.1 incorrectly. It has a solid green on startup then it turns blank. After three times it goes into recovery mode I am assuming. Then once there it blinks red for a while. Then it turns blank again. I've waited ten minutes tried to replug it in assuming something went wrong it it was done. But it never blinks or goes solid green or blue after the red blinking. But just now It was blinking red then started to alternate red to blue. Now it's blank again, I will wait another fifteen minutes before I try anything else. What exactly is going on? I am assuming it's either trying to recover then flash. I moved the upgrade contents to the root file system. I don't know exactly what went wrong. Easier way to understand the problem: Plug In > Solid Green > Blank LED ........ Ten minutes has passed.... Replug In > Solid Green > Blank LED ....... Ten minutes has passed.... Replug In > Solid Green Blank LED ...... Ten minutes has passed.... Replug In > Blinking Red > Couple of Minutes Passed > Blinking Red . Blinking Blue . Blinking Red > Couple of Minutes Passed > Blinking Red > Couple of Minutes Passed > BLANK LED!!!! Ten minutes has passed... Replug In > Solid Green > Blank LED Every time it tries to recover then it will try to boot three times and try to recover again. It will never fully boot up nor will Kali recognize the file system or that it's plugged in.
  20. Basically up until the 1.1 release update the ducky commands were working perfectly. But now the only language which it can use is US (which is a problem as i live in UK). I have tried everything and looked everywhere on the forums but no luck. As I said it worked before the update so there probably is an easy fix, but any help would be appreciated....
  21. need help installing the newest update.
  22. So, I've made a payload to upgrade the bash bunny to allow for switching on the fly. I'm not posting it yet, because it seems that the PRs are piling up and don't want it lost in the shuffle. i currently have it so that it runs the payload on the switch you switch it to, but feel it could eventually be used to register commands to the script. Would anyone find this useful? Any ideas on other uses detecting the switches could do?
  23. I have tried to run the bb.sh and it wont read the bash bunny, it opens up as a usb storage device even after letting it reset itself. no matter whether the switch is in arm, payload 1 or 2 it only seems to read as a usb storage device. I have let it reset itself twice and every time its the same thing. when i run the bb.sh it gets to the insert bash bunny and once i insert it the bb is green then flashes blue continuously and shows up as storage but the bb.sh script just keeps waiting for it to be inserted. any help would be much appreciated as i haven't ever been able to get it set up since i received it and i am lost as how to fix this. thanks.
  24. Hi, When I am trying to install the tools_installer payload the bash the green led is plain solid and windows 10 can seem to be able to install the driver for ATTACKMODE SERIAL I guess ? Did anyone manage to solve this ? I can connect to it via SSH (Serial) when in arming mode so I am not sure what is going on. I did try the automatic driver search function and google around a bit for a generic driver but I am still a bit stuck. Can anyone help ? / Albert
  25. So I started to work on the Bash Bunny to be able to handle non-US keyboard layout attacks for ATTACKMODE HID. To enable the SET_LANGUAGE option you need to add a [LanguageDescription].json under /root/tools/language. I used the default "us.json" as a working template. (you wanna back it up and copy it and not work of the original file) Here is an example of Japanese keyboard layout description file: (i.e.:ja.json , however you can make it ja_win.json for specific environments.) ---ja.json (created under /root/tools/languages/ )--- { "__comment": "All numbers here are in hex format and 0x is ignored.", "__comment": " ", "__comment": "This list is in ascending order of 3rd byte (HID Usage ID).", "__comment": " See section 10 Keyboard/Keypad Page (0x07)", "__comment": " of document USB HID Usage Tables Version 1.12.", "__comment": " ", "__comment": "Definition of these 3 bytes can be found", "__comment": " in section B.1 Protocol 1 (Keyboard)", "__comment": " of document Device Class Definition for HID Version 1.11", "__comment": " - byte 1: Modifier keys", "__comment": " - byte 2: Reserved", "__comment": " - byte 3: Keycode 1", "__comment": " ", "__comment": "Both documents can be obtained from link here", "__comment": " http://www.usb.org/developers/hidpage/", "__comment": " ", "__comment": "A = LeftShift + a, { = LeftShift + [", "__comment": " ", "CTRL": "01,00,00", "CONTROL": "01,00,00", "SHIFT": "02,00,00", "ALT": "04,00,00", "GUI": "08,00,00", "WINDOWS": "08,00,00", "CTRL-ALT": "05,00,00", "CTRL-SHIFT": "03,00,00", "ALT-SHIFT": "06,00,00", "__comment": "Below 5 key combinations are for Mac OSX", "__comment": "Example: (COMMAND-OPTION SHIFT t) to open terminal", "COMMAND": "08,00,00", "COMMAND-CTRL": "09,00,00", "COMMAND-CTRL-SHIFT": "0B,00,00", "COMMAND-OPTION": "0C,00,00", "COMMAND-OPTION-SHIFT": "0E,00,00", "a": "00,00,04", "A": "02,00,04", "b": "00,00,05", "B": "02,00,05", "c": "00,00,06", "C": "02,00,06", "d": "00,00,07", "D": "02,00,07", "e": "00,00,08", "E": "02,00,08", "f": "00,00,09", "F": "02,00,09", "g": "00,00,0a", "G": "02,00,0a", "h": "00,00,0b", "H": "02,00,0b", "i": "00,00,0c", "I": "02,00,0c", "j": "00,00,0d", "J": "02,00,0d", "k": "00,00,0e", "K": "02,00,0e", "l": "00,00,0f", "L": "02,00,0f", "m": "00,00,10", "M": "02,00,10", "n": "00,00,11", "N": "02,00,11", "o": "00,00,12", "O": "02,00,12", "p": "00,00,13", "P": "02,00,13", "q": "00,00,14", "Q": "02,00,14", "r": "00,00,15", "R": "02,00,15", "s": "00,00,16", "S": "02,00,16", "t": "00,00,17", "T": "02,00,17", "u": "00,00,18", "U": "02,00,18", "v": "00,00,19", "V": "02,00,19", "w": "00,00,1a", "W": "02,00,1a", "x": "00,00,1b", "X": "02,00,1b", "y": "00,00,1c", "Y": "02,00,1c", "z": "00,00,1d", "Z": "02,00,1d", "1": "00,00,1e", "!": "02,00,1e", "2": "00,00,1f", "\"": "02,00,1f", "#": "02,00,20", "4": "00,00,21", "$": "02,00,21", "5": "00,00,22", "%": "02,00,22", "6": "00,00,23", "&": "02,00,23", "7": "00,00,24", "'": "02,00,24", "8": "00,00,25", "(": "02,00,25", "9": "00,00,26", ")": "02,00,26", "0": "00,00,27", "ENTER": "00,00,28", "ESC": "00,00,29", "ESCAPE": "00,00,29", "BACKSPACE": "00,00,2a", "TAB": "00,00,2b", "ALT-TAB": "04,00,2b", "SPACE": "00,00,2c", " ": "00,00,2c", "-": "00,00,2d", "=": "02,00,2d", "^": "00,00,2e", "~": "02,00,2e", "@": "00,00,2f", "`": "02,00,2f", "[": "00,00,30", "{": "02,00,30", "]": "00,00,32", "}": "02,00,32", ";": "00,00,33", "+": "02,00,33", ":": "00,00,34", "*": "02,00,34", ",": "00,00,36", "<": "02,00,36", ".": "00,00,37", ">": "02,00,37", "\/": "00,00,38", "?": "02,00,38", "CAPSLOCK": "00,00,39", "F1": "00,00,3a", "F2": "00,00,3b", "F3": "00,00,3c", "F4": "00,00,3d", "F5": "00,00,3e", "F6": "00,00,3f", "F7": "00,00,40", "F8": "00,00,41", "F9": "00,00,42", "F10": "00,00,43", "F11": "00,00,44", "F12": "00,00,45", "PRINTSCREEN":"00,00,46", "SCROLLLOCK": "00,00,47", "PAUSE": "00,00,48", "BREAK": "00,00,48", "INSERT": "00,00,49", "HOME": "00,00,4a", "PAGEUP": "00,00,4b", "DELETE": "00,00,4c", "DEL": "00,00,4c", "END": "00,00,4d", "PAGEDOWN": "00,00,4e", "RIGHTARROW": "00,00,4f", "RIGHT": "00,00,4f", "LEFTARROW": "00,00,50", "LEFT": "00,00,50", "DOWNARROW": "00,00,51", "DOWN": "00,00,51", "UPARROW": "00,00,52", "UP": "00,00,52", "NUMLOCK": "00,00,53", "MENU": "00,00,65”, "APP": "00,00,65", "\\": "00,00,87", "_": "02,00,87", "\\": "00,00,89", "|": "02,00,89" } There are still some caveats I need to work out, somehow I can't get " ¥,| "(USB HID Keycode 87) and " ¥_ "(USB HID Keycode 89) to work but the rest seems fine. (I suspect that this is due to the fact these keys do not exist on a regular 101-US keyboard and there are no modifier combinations to trigger it neither, which is gonna be problematic since they are used as a backslash in file paths. But I'll work some more to figure it out.) Workaround for Windows: For Windows you can use powershell to set the layout to a US keyboard by using "New-WinUserLanguageList en-US", which installs a US-keyboard layout then issue a "Set-WinUserLanguageList -LanguageList en-US" to set the default layout to a US keyboard , its a bit slower but if you have the time, this way is easier, you do need to reset the settings with issuing another Set-WinUserLanguageList -LanguageList [WHATEVERLANGUAGE] it was, otherwise the compromise will be detected. ----sample payload.txt--- #!/bin/bash ATTACKMODE HID VID 0x45E PID 0x07B3 Q SET_LANGUAGE ja Q DELAY 5000 Q STRING starting with ja language option Q ENTER Q switch1/quack.txt Q ENTER Q DELAY 200 Q ENTER STRING done LED R ---quack.txt( to test basic and special characters.)--- STRING quacking DELAY 2000 ENTER DELAY 750 STRING abcdefghijklmnop DELAY 500 ENTER STRING ABCDEFGHIJKLMNOP DELAY 500 ENTER STRING 1234567890-^\ DELAY 500 ENTER STRING !"#$%&'()0=~| DELAY 500 ENTER STRING @[;:],./ DELAY 500 ENTER STRING `{+*}<>? DELAY 500 ENTER
×
×
  • Create New...