Jump to content

Recommended Posts

Posted (edited)

HI Guys, 

This topic is not about a problem in bash bunny or something more than discussing future ideas to make the bash bunny more malicious.

1. What about installing Metasploit framework on the bunny and automatically launch it with aux/browser_autopwn with a proper payload and combining this scenario with captive_portal bunny payload, plug the bunny to a locked machine, the machine automatically launch the captive_portal which in fact is the browser_autopwn aux module link and take over the machine and the best part is "MACHINE IS LOCKED"!

2. If time is not relevant because this requires time, then we can NMAP the $Target_IP, Get all the opened ports, Pass it to metasploit for auto pwning per service/opened port. 

Just an ideas, Let me hear yours and Happy Bash Bunning....

Edited by Mohamed A. Baset
refreshing the thread
Posted (edited)

Could be!

FIrst i want to be sure if the Captive portals fires automatically even if devices are locked or not? This is for scenario #1, For the second scenario it doesn't matter!

Edited by Mohamed A. Baset
Posted
4 minutes ago, Just_a_User said:

Another idea would be evilgrade - although Im not sure if this would be too obvious to the user if you plugged this in and update messages started to appear. But would perhaps be more effective once the bashbunny is combined to the wifi pineapple.

https://github.com/infobyte/evilgrade

Interesting!
If captive portals fires automatically in the background on a locked machine then there will be unlimited forms of exploitation, I just want to be sure

Posted

Okay, as per @Sebkinne's clarification that the captive portals won't be able to open the web browser automatically while the machine is locked, What about combining both Samy Kamkar's PoisonTab and metasploit aux/browser_autopwn script (if the Bash Bunny will be able to hold metasploit run and steady) or running pre-plugging it in (the idea of the battery + bash bunny) to exploit the opened browser in the background which of course doing some ajaxed requests or any background activity (the idea of PoisonTab)?!!  :D

Posted
1 hour ago, Mohamed A. Baset said:

Okay, as per @Sebkinne's clarification that the captive portals won't be able to open the web browser automatically while the machine is locked, What about combining both Samy Kamkar's PoisonTab and metasploit aux/browser_autopwn script (if the Bash Bunny will be able to hold metasploit run and steady) or running pre-plugging it in (the idea of the battery + bash bunny) to exploit the opened browser in the background which of course doing some ajaxed requests or any background activity (the idea of PoisonTab)?!!  :D

I should clarify again, sorry. The portal most likely pops up, but you cannot interact with it. You could execute Javascript, download a file, etc, but no other interaction. 

I thought the question was if it popped up visibly when locked. This also depends on OS. 

Posted
11 hours ago, Sebkinne said:

I should clarify again, sorry. The portal most likely pops up, but you cannot interact with it. You could execute Javascript, download a file, etc, but no other interaction. 

I thought the question was if it popped up visibly when locked. This also depends on OS. 

Of course i know that captive portals won't show or popup on top of the lock screen :D but since it pops up in the background and the executed page is controlled by the Bash Bunny attacker then the first scenario mentioned in the original post is possible on one condition (if the bash bunny will be able to run Metasploit) then our captive portal url will be the final url of aux/browser_autopwn metasploit module which will exploit the machine's browser (default if found old) silently.

What do you think?

Posted

some improvements ideas for V2:

- rechargeable battery for instant attacks (already asked on another post) + rtc clock

- microsd reader

- wifi chip

 

  • Upvote 1
Posted

UPDATE: Future Bash Bunny 2.0 and Remote bluetooth controller, Plug it into a locked victim machine, once come back, in a glimpse send a command to act as a duck to implant reverse shell or add admin user, send another command to act as unknown device. Boom done.

Many ideas here for sure!

Wish you guys be more creative than me :D

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...