Jump to content

Recommended Posts

Posted

First off, thank you for creating such a remarkable device!  I haven't stopped playing with this since it arrived yesterday afternoon.  :)

 

I have a USB keylogger from KeeLog.com and I either forgot the password or else there is something wrong with the unit.  It's been a few years since I last played with it so I don't know what its issue is wrt the keyboard sequence.  The way it works is that it passes though your keyboard to the host computer while logging the input.  If you simultaneously press the secret keys, it will register the keylogger as a storage device.

 

By default the secret keyboard sequence is KBS.  Now these keys need to be pressed simultaneously and not one after the other.  Therefore "QUACK STRING KBS" wont' work.  I copied a snippit of the Ducky script for my purposes to being able to send raw keyboard sequences.  Here is a script I named "K" to send these raw sequences:

 

#!/usr/bin/env python

import sys

def hidg_write(elements):
	values = bytearray(elements)
	not_hold = bytearray([0, 0, 0, 0, 0, 0, 0, 0])

	hidg = open("/dev/hidg0", "wb")
	hidg.write(values)
	hidg.write(not_hold)
	hidg.close()


elements = sys.argv[1:]
elements = [int(i, 16) for i in elements]
hidg_write(elements)

 

I then created the following NodeJS application to return every keyboard combination/  The output is a valid payload.txt.  The "Combinatorics.bigCombination" returns a sequence that doesn't repeat.  Therefore there would only be a entry for "KBS" and not for "SBK" or "KSB", etc.

 

var Combinatorics = require('js-combinatorics');

console.log("source bunny_helpers.sh");
console.log("ATTACKMODE HID");
console.log("LED R");
console.log("QUACK DELAY 5000");
console.log("LED B 200");
var cmb, a;
cmb = Combinatorics.bigCombination(["04", "05", "06", "07", "08", "09", "0a", "0b", "0c", "0d", "0e", "0f", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "1a", "1b", "1c", "1d"], 3);
while(a = cmb.next()) {
	console.log("K 00 00 " + a.join(" ") + " 00 00 00");
	console.log("Q DELAY 500");
	console.log("Q ENTER");
}
console.log("LED G");

 

Connected to my keylogger, powered up the BashBunny to my attack switch, opened up a text editor to collect all of the key sequences... and while it went through each combination and correctly typed it into my editor... it didn't unlock the keylogger.  :(

 

While I'll continue with inserting additional delays, random keys, etc... I'm throwing this out here in hopes that someone may be able to see why this won't open up my keylogger.

 

Thanks!

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...