illwill Posted March 13, 2017 Share Posted March 13, 2017 (edited) Violation of CoC Edited October 8, 2017 by illwill Violation of CoC 1 Quote Link to comment Share on other sites More sharing options...
trumoo Posted March 15, 2017 Share Posted March 15, 2017 Thanks! URL to script is wrong in first post, you typo'd it with wificreds instead of chromecreds. Question, can you please make a version that stores the powershell script locally for extraction on devices that are offline at the time of capture? Cheers! Quote Link to comment Share on other sites More sharing options...
Haxew Posted March 15, 2017 Share Posted March 15, 2017 Just a thought: you should put "sync" above "LED R B 200" If you change the LED before syncing the filesystem, someone might yank the bunny too early and corrupt the file. Quote Link to comment Share on other sites More sharing options...
trumoo Posted March 15, 2017 Share Posted March 15, 2017 unsure if this is working for me. the script opens a powershell window, which stays open and reads; Quote Windows PowerShell Copyright (C) 2016 Microsoft Corporation. All rights reserved. PS C:\Users\RoM> $Bunny = (gwmi win32_volume -f 'label=''BashBunny''' | Select-Object -ExpandProperty DriveLetter) PS C:\Users\RoM> PS C:\Users\RoM> and then the bunny blinks purple endlessly. is this a bug when there is no saved passwords in chrome or a syntax error in the script? Quote Link to comment Share on other sites More sharing options...
LowValueTarget Posted March 15, 2017 Share Posted March 15, 2017 Good stuff! Suggestion, throw in RNDIS_ETHERNET as well, spin up a simple python web server `python -m SimpleHTTPServer 80` on the BB and serve the powershell via the bunny instead of the internet. Self-contained, more easily updated. Then you can use the payload for many other purposes with ease. Quote Link to comment Share on other sites More sharing options...
illwill Posted March 16, 2017 Author Share Posted March 16, 2017 (edited) Violation of CoC Edited October 8, 2017 by illwill Violation of CoC Quote Link to comment Share on other sites More sharing options...
theonewhoknocks Posted March 16, 2017 Share Posted March 16, 2017 5 hours ago, illwill said: i saw some people testing that but took about 10 seconds for python to spinup a server Might be a good problem for pre-booting with battery to solve Quote Link to comment Share on other sites More sharing options...
LowValueTarget Posted March 16, 2017 Share Posted March 16, 2017 6 hours ago, illwill said: i saw some people testing that but took about 10 seconds for python to spinup a server It took less than a second for me. If you wanted to spin up a full featured web server, it may take that long. Quote Link to comment Share on other sites More sharing options...
Tamanbir Posted September 9, 2017 Share Posted September 9, 2017 my many creds payloads are not working! for instance when i plug the bash bunny, for browser creds it shows green light and then red light starts blinking, also it make a folder in loot but there is nothing inside it. i tries quick creds and mr.robot also nothing is working please help! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.