Jump to content
Hak5 Forums
VincBreaker

Storage file filter rules

Recommended Posts

Hi there,

as other users already reported, payloads may get removed from the bunny since AV's can detect it when you are running in storage mode. One way to overcome this should be to simply not tell the target these payloads exist. It would be really nice if you could define your own filters to also hide other files the target shouldn't see in first place, like social engineering.

Is this feature possible or is there a risk the target may overwrite the files hidden?

VincBreaker

Share this post


Link to post
Share on other sites

One option would be to use the smb server in impacket:

python /tools/impacket/examples/smbserver.py e path_to_payloads &

where path_to_payloads is something like /root/udisk/payloads/$SWITCH_POSITION

 

This allows you to use the BB as a network device instead of mass storage, I like this better as you don't have to eject it when you're done too.

(see https://github.com/hak5/bashbunny-payloads/blob/master/payloads/library/credentials/DumpCreds/payload.txt)

Edited by unixnerd777
Add credit to DumpCreds payload

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×