VincBreaker Posted April 23, 2017 Share Posted April 23, 2017 Hi there, as other users already reported, payloads may get removed from the bunny since AV's can detect it when you are running in storage mode. One way to overcome this should be to simply not tell the target these payloads exist. It would be really nice if you could define your own filters to also hide other files the target shouldn't see in first place, like social engineering. Is this feature possible or is there a risk the target may overwrite the files hidden? VincBreaker Quote Link to comment Share on other sites More sharing options...
unixnerd777 Posted July 3, 2017 Share Posted July 3, 2017 (edited) One option would be to use the smb server in impacket: python /tools/impacket/examples/smbserver.py e path_to_payloads & where path_to_payloads is something like /root/udisk/payloads/$SWITCH_POSITION This allows you to use the BB as a network device instead of mass storage, I like this better as you don't have to eject it when you're done too. (see https://github.com/hak5/bashbunny-payloads/blob/master/payloads/library/credentials/DumpCreds/payload.txt) Edited July 3, 2017 by unixnerd777 Add credit to DumpCreds payload Quote Link to comment Share on other sites More sharing options...
LowValueTarget Posted July 6, 2017 Share Posted July 6, 2017 Like Unixnerd777 said, use SMB, FTP, HTTP, or some other delivery device and forego the storage method. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.