Jump to content

Storage file filter rules


VincBreaker

Recommended Posts

Hi there,

as other users already reported, payloads may get removed from the bunny since AV's can detect it when you are running in storage mode. One way to overcome this should be to simply not tell the target these payloads exist. It would be really nice if you could define your own filters to also hide other files the target shouldn't see in first place, like social engineering.

Is this feature possible or is there a risk the target may overwrite the files hidden?

VincBreaker

Link to comment
Share on other sites

  • 2 months later...

One option would be to use the smb server in impacket:

python /tools/impacket/examples/smbserver.py e path_to_payloads &

where path_to_payloads is something like /root/udisk/payloads/$SWITCH_POSITION

 

This allows you to use the BB as a network device instead of mass storage, I like this better as you don't have to eject it when you're done too.

(see https://github.com/hak5/bashbunny-payloads/blob/master/payloads/library/credentials/DumpCreds/payload.txt)

Edited by unixnerd777
Add credit to DumpCreds payload
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...