Jump to content
Ev!c70r

Bunny never saves anything in the loot folder.

Recommended Posts

It's probably something really simple but my bunny almost never saves anything to the loot folder. It creates the directories within the loot folder, but no matter what payload I use, nothing. It doesn't even save log files. 

 

With multiple reflashes of the base firmware (the three times unplugged method) and even after the 1.1 update I still can't get my bb to save any logs or files that it creates. 

I've tested this on a Mac and a win10 box. 

I'm also gonna say that I have installed the tool kit but I'm not sure how to update the Ducky script on the new firmware and since the .deb file hasn't been released yet and I don't want to tinker with anything "under the hood"

Could the lack of an updated ? platform be the issue?

I had the same issue on the 1.0 update even though the Ducky update script installed fine. 

Or am I missing a chmod somewhere? 

Edited by Ev!c70r

Share this post


Link to post
Share on other sites

Update: I ssh'ed in to the bunny on my Linux box and did a reformat_udisk, reinstalled the latest master folder from the Hak5 git and still have the same issue. 

 

i ran Jackrabbit on my Win10 box. There was some red text in the power shell. I couldn't catch much of it, but something about not allowing an empty command after the pipe. 

 

im going to test a few more payloads

Share this post


Link to post
Share on other sites

Did you rename your bash bunny? I had this issue also the scripts say "BashBunny" and mine was named "BASH BUNNY". So either rename yours to "BashBunny" or change the scripts.

Share this post


Link to post
Share on other sites

It's BashBunny 

 

I haven't changed it and I just double checked. 

 

I'm starting to think this may be strictly an issue with a non updated Ducky platform after upgrading. 

 

I ran Info grabber and it saved the text. However a lot of the more in-depth creds did not copy over like windows users and passwords. It did grab the associated SSID's and passwords for them though. 

Edited by Ev!c70r

Share this post


Link to post
Share on other sites
On 4/7/2017 at 11:16 AM, Ev!c70r said:

It's probably something really simple but my bunny almost never saves anything to the loot folder. It creates the directories within the loot folder, but no matter what payload I use, nothing. It doesn't even save log files. 

 

With multiple reflashes of the base firmware (the three times unplugged method) and even after the 1.1 update I still can't get my bb to save any logs or files that it creates. 

I've tested this on a Mac and a win10 box. 

I'm also gonna say that I have installed the tool kit but I'm not sure how to update the Ducky script on the new firmware and since the .deb file hasn't been released yet and I don't want to tinker with anything "under the hood"

Could the lack of an updated ? platform be the issue?

I had the same issue on the 1.0 update even though the Ducky update script installed fine. 

Or am I missing a chmod somewhere? 

I am having similar issues with credential payloads. Details are here:

I have identified what is broken; but don't know how to get it fixed.

Share this post


Link to post
Share on other sites

So, any powershell commands that end in a .txt are failing it looks like. firmware 1.4 may resolve this; that is the main problem. Also, any powershell command that is broken up in multiple lines with a pipe at the end od the line is causing an error in parsing and injecting. It looks like version 1.4 may resolve this as well. However, now that my commands are running, i still get no files written to the USB loot folder. I've no idea why this is failing. PasswordGrabber works in writing txt files to the loot folder; but no other payload seems to be able to. Tried basically every credential payload and blackbackup as well. It appears to run; but i get nothing written to the USB part. The only thing the bashbunny had going for it was the ability to write to a local USB partition for exfil and cred dump; and that is effectively broken.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...