Jump to content
Sl0thy2406

WiPassDump

Recommended Posts

Hi Guys,

Just trying to get my head around the payloads and the like.

I have just testing the WiPassDump on a fresh windows 7 laptop and I plug the bunny in, and up pops the Set Network Location window.

Am I doing something wrong or should the bunny be a little less conspicuous

 

Share this post


Link to post
Share on other sites

Is your switch position in the correct place?  This payload shouldn't install a network adapter, which is why I ask, and that is what it sounds like it's doing...

ATTACKMODE HID STORAGE

From my experience, some of these payloads don't seem to be 100% and will require you to dink around a bit to get them to work.  This was one of them for me.  I couldn't get it to work and had to rewrite it before I got anywhere.

Share this post


Link to post
Share on other sites

@larsc3poyes I was in switch position 2, so it was loading a different payload, my bad! 

It also took me a while to realise that the wrong keyboard was being set. Now to write some code to pull the keyboard info first and set it automatically. 

 

Thanks

 

Share this post


Link to post
Share on other sites

Same here I had to rewrite this one.

Works now in Win 10 & 7

 

here is my version based on samdeg555 's

(BTW : no need of a.cmd anymore)

 

payload.txt

Edited by Kel
removed useless parts

Share this post


Link to post
Share on other sites

Sorry I got to start somewhere.  I too have tried this payload from the github then just copying yours Kel.  It completes but the folder is empty.  What am I doing wrong?

Also my keyboard is a US or EN layout...what's the two letter for that?  Is it just EN or US?  I'm not sure if that's causing it or if there is something messed up with my powershell.  Any help would be great.  Thanks.

Share this post


Link to post
Share on other sites

Hi Bob,

yeah, for you  it'll be :

Q SET_LANGUAGE us

(or gb if you are from Great Britain)

 

  • Silly question, do you use it on a computer that has some WIFI capabilities ?
  • Whatsoever, what is the result of this command : netsh wlan export profile key=clear in a command prompt ?

 

 

 

Edited by Kel
orthography / spelling / grammar

Share this post


Link to post
Share on other sites
3 hours ago, Bob123 said:

Sorry I got to start somewhere.  I too have tried this payload from the github then just copying yours Kel.  It completes but the folder is empty.  What am I doing wrong?

Also my keyboard is a US or EN layout...what's the two letter for that?  Is it just EN or US?  I'm not sure if that's causing it or if there is something messed up with my powershell.  Any help would be great.  Thanks.

Hey there. You may need to change the name in the script

Q STRING 'cd (gwmi win32_volume -f "'"Label='BASH BUNNY'"'").Name'

My bash bunny is named "BASH BUNNY" So, you may have to change the name to whatever the name is when you put it in arming mode.

Share this post


Link to post
Share on other sites

Hey guys and thanks for getting back with me.  Looks like US is the way to go.  It amazes me though how one person's script can work on their machine but not on others.  I don't do a lot in powershell but it's strange how it would be slightly different for everyone. 

The string in the script is:  'cd (gwmi win32_volume -f "'"Label='BashBunny'"'").Name'

But mine had to be: 'cd (gwmi win32_volume -Filter "Label='BashBunny'").Name’

I have no idea why -f and -Filter are different...they appear to be the same to me yet -f didn't work and the Label """"" had too many """"" which again must work on someone's powershell but not mine.  Overall with the few mods the script will work...mine is loosing focus for some reason, not sure if it's due to the storage loading up too or what but I can physically see things happening...but it's still not completing.  And looking at the script I see no reason why it shouldn't.

Kel, yes you would want to use this on a laptop or some machine with wifi.  netsh wlan export profile key=clear  grabs whatever is stored on your machine for SSID's and makes an XML file of each one with it's password shown in clear text.  It's not clean but it does work.  Having taken this laptop pretty much everywhere I travel for work, I get on a lot of wifi networks and Windows keeps track of them.  This script simply grabs them all and shoves them in a folder.

 

Share this post


Link to post
Share on other sites

Yay I got it to work.  My line above was incorrect.  I did need the "'" thingy because the duck / bunny was typing...not me.  Human's don't need the starting ' and ending ' and because I didn't realize that it would fail on the Label part because of another ' which made sense after using my brain. 

What's puzzling though is the amount of delay's I had to put in the code.  I understand these are mostly just POC's but the way these are sold to the audience...these should be quick and covert.  I basically had to put a delay after every line to get it to execute properly.  Granted my laptop is no slouch...it definitely makes you realize that ALL computers are different and will behave differently when things are plugged into them.

Share this post


Link to post
Share on other sites
On 3/31/2017 at 1:09 PM, Kel said:

Hi Bob,

yeah, for you  it'll be :

Q SET_LANGUAGE us

 

 

I added the above and the payload finally worked for me!  Thanks for this.

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...