Search the Community
Showing results for tags 'exfiltration'.
Found 10 results
-
Hello Guys! I've just received my Bash Bunny and need some Help. I've updated it already and want to use the Document Exfiltration. Can someone explain it step by step, what I've to do? I want to exfiltrate PDFs and .docx from a computer and/or from a USB stick plugged in a computer. Is this possible? Please HELP
-
After seeing the new [ PAYLOAD ] video, I thought to myself: "hmm... Wouldn't a tool that automatically reconstructs all data be handy?", so I created one. Please note it's not 100% stable and could use more work. I just want to know the community's opinion. I am new here, but I have contributed to hak5's bash bunny payloads in the past. Pull requests are more than welcomed! I have already submitted it to https://hak5.org/payload, so I'm hoping it will get featured. Github link: https://github.com/Prodicode/qr-data-reconstruct Demo video:
-
I posted this in a seperate HAK5 forum room. How do you think is the best way to deploy this code? I tested it on a Windows 10 machine. It writes all SSID and Credentials to a temp file, then emails it to the attacker.
-
Hey guys.. Can someone help me out with this cmdlet error ? I've flashed my duck with no probs.. No spelling error from the scripts. When i keyed this manually with win+r key... STRING powershell ".((gwmi win32_volume -f 'label=''_''').Name+'d.cmd')" It created a folder inside of slurp but with no files exfiltrated.. And whenever i tried to run the inject with twin duck(1).. I got this error popped out instead. Did i missed something here ? Thank you.
-
Kindly post a tutorial for Concealed exfiltration attacks with bash bunny for Android devices?? -
Hello, After doing some reading on the SMB Exfiltration, would it be possible to create the same kind of payload but for an Android phone? Say for someone to connect the BB to an Android phone and copy over a certain file.
-
Hello, first of all sorry if this is the wrong place to post this... I'm a super newbie but I have an exfiltration attack I need to carry out and was hiping you could help out. I don't particularly feel comfortable in betting on a period of time alone with the target computer so I'd rather socially engineer it. I plan to do this by offering to transfer peace offering files off of my USB (likely to be either a rubber ducky or a bash bunny) whilst the payload does its thing. The main problem I'm having is in the size of the files I plan to exfiltrate they are upwards of 10mb and t -
Ducky/Bash Bunny Exfiltration, OwnCloud, Raspberry pi.
BrainEater posted a topic in USB Rubber Ducky
So just a simple question, I have the means to do the below but just need a proof of concept. I want to run an OwnCloud server on a raspberry pie so I can access all of my files on the cloud for anywhere (as you do), but was also wondering if you're able to send file to OwnCloud from powershell. I know you can send files and email with powershell but can an OwnCloud server receive them? If anyone has any idea of the actual command involved to send a file to an OwnCloud server from powershell could you please post that as well? Thanks for all the help. -
Hello, In the recent episodes Darren showed how to use the USB rubber duck to exfiltrate specified files from a victims computer when they are logged in. I am wondering if there is any way of doing this when no one is logged in? and the computer is at the login screen. thanks!
-
This is a cross post of sorts: https://forums.hak5.org/index.php?/topic/31831-super-devious-exfiltration/?hl=logger I'm making the contention that if a keylogger had enough memory, that it could log a binary file (base64 or hex encoded first) and exfiltrate it without the network or needing a Flashdrive/Firewire (other)connection.Be it document, db etc... It is a bit of inception, the binary to base64 script would need to be written to the computer first, then pipe the target binary (document/db...) through that script. That script could pause, or wait for the keylogger to say "go", and then
