A_SarcasticGuy Posted March 12, 2017 Share Posted March 12, 2017 Hello there! I was trying to combine the smbserver.py script from impacket and a ducky script to connect to the smb server automatically (the same script as is used for the rubber ducky apart from it connects to the IP of the Bunny) and pipe the result from the script to a file, which means the windows hashes will be saved in that file and saved to the Bunny, ready for cracking (I think?). However, whenever I try to run it, the Bunny seems to get caught up after running the server and I am assuming this is because the keyboard is still captured by the server, and if I were to add a: QUACK CTRL C after the server has run, it will stop the server (I assume). I used the following code to make sure that it wasn't an issue with my ducky script or anything else in the bunny script: #Run SMB Server and then connect to it in windows with the terminal output saved to a .txt LED B #HID is used to ensure that the ducky script can run (even though only a delay is included here) ATTACKMODE HID RNDIS_ETHERNET source bunny_helpers.sh #File path of the script, piping to file O.txt of same folder /pentest/impacket/examples/smbserver.py tmp /tmp/ >> O.txt #Potential QUACK CTRL C, if it doesn't stop the server QUACK DELAY 500 #Check to make sure that the script continues after running the server LED R #The keyword parsed is always included at the start of the server, which would allow a check to be performed to ensure that the server is #running if grep parsed O.txt then LED R G B else LED R fi And the LED always remains blue, which assured me that it was getting caught at the running of the server. I even added a DELAY 500 to make sure it wasn't just that the grep was being performed before the file was populated. So, I was wondering if anyone has any idea of how to fix this issue? Whether it be use another script that will free the keyboard after running or use a stager payload of some sorts? Or maybe I am just being quite naive and missing something obvious! Any help would be greatly appreciated! Yours Sincerely. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.