RooTShell Posted May 18, 2017 Posted May 18, 2017 Hi, guys. Just got my Bash Bunny in the mail today. 1) I updated it to the 1.3 firmware. 2) Installed all tools according to this post 3) Downloaded all payloads from the GitHub projects into my payloads/library folder. --------------------------------------------------------------------------------------------------- I want to use the WindowsMeterpreterStaged payload so I copied it to the switch1 folder. I also created a meterpreter exe and updated it to my server. I edited the sc.txt file and changed http://127.0.0.1/update.exe to the correct url that points to my server and also uploaded it to my server. I also edited windows-staged-meterpreter.txt and changed http://127.0.0.1/sc.txt with the correct url to the sc.txt file I just uploaded to my server. After all this I disconnected my Bash Bunny, activated switch1 and inserted it again in my computer. After a few seconds I get a red led. Looking at the readme file for this payload it says Red = Failed to load dependencies I logged into my serial console and /root/debuglog.txt reads: Unable to load dwindows-staged-meterpreter.txt Looking at the payload.txt of WindowsMeterpreterStaged we have the following lines of code: source bunny_helpers.sh if [ -f "/root/udisk/payloads/${SWITCH_POSITION}/ducky.txt" ]; then QUACK ${SWITCH_POSITION}/windows-staged-meterpreter.txt LED G else LED R echo "Unable to load dwindows-staged-meterpreter.txt" >> /root/debuglog.txt exit 1 fi This makes me believe that /root/udisk/payloads/${SWITCH_POSITION}/ducky.txt is not found. The WindowsMeterpreterStaged payload doesn't come with a ducky.txt file as you can see in the github page https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/remote_access/WindowsMeterpreterStaged Also the payload refers to file bunny_helpers.sh Where's this file located? I can't find it in the Bash Bunny's GitHub page either :/ What am I doing wrong? Can anyone help me with this? Thanks in advance!
Dave-ee Jones Posted May 18, 2017 Posted May 18, 2017 This is a duplicate of this post here: I posted an answer on that forum post, you should read it :)
RooTShell Posted May 19, 2017 Author Posted May 19, 2017 It's actually not a duplicate of the post you referred. They refer to different payloads. Also, as I stated above, the ducky.txt does not exist, not even in the github page of the WindowsMeterpreterStaged payload... Thanks for your reply though.
Dave-ee Jones Posted May 19, 2017 Posted May 19, 2017 28 minutes ago, RooTShell said: It's actually not a duplicate of the post you referred. They refer to different payloads. Also, as I stated above, the ducky.txt does not exist, not even in the github page of the WindowsMeterpreterStaged payload... Thanks for your reply though. Actually, if you read the content, it is EXACTLY the same. Read the code he posted. Don't be so quick to rub it off.
RooTShell Posted May 19, 2017 Author Posted May 19, 2017 Just tried your suggestion of removing the brackets around $SWITCH_POSITION and changing the path to the ducky.txt to its full path... It didn't work... It still outputs "Unable to load dwindows-staged-meterpreter.txt" in /root/debuglog.txt As mentioned before the ducky.txt is not in my Bash Bunny payload folder neither in the payload github page.
Dave-ee Jones Posted May 20, 2017 Posted May 20, 2017 Are you reading what it the if statement is doing? It is saying: If Ducky.txt exists Start windows-staged-meterpreter.txt It's not even running the file it checked. Which of those files can you see next to the payload.txt?
RooTShell Posted May 20, 2017 Author Posted May 20, 2017 Of course I read what the if statement is doing. I'm a programmer for 30+ years. And this is why I stated in the first post that I found the if statement odd because ducky.txt doesn't exist in the payload folder, only windows-staged-meterpreter.txt. And this is why I stated that this is not a dupe of the post you mentioned because in this case ducky.txt simply doesn't exist... Last night I rewrote the entire WindowsMeterpreterStaged payload from scratch and finally got it to work. The github version is completely broken...
Dave-ee Jones Posted May 20, 2017 Posted May 20, 2017 Yeah, I don't think it's the only one. I've also looked at the code of some payloads and some of them are definitely broken. So you aren't the only one with this kind of problem :)
PoSHMagiC0de Posted May 20, 2017 Posted May 20, 2017 I looked through that payload. Yeah. It assumes there is a ducky.txt when there isn't and it doesn't even use it. It is also doing manual UAC bypass versus running the downloader in an already elevated command prompt. For a meterpreter shell I find it easier just to use the web delivery method of metasploit and use Powershell for stager's language. Possible for it to be just a 2 quacker. One to bypassUAC the regular keyboard way and then second in the cmd shell to run the Powershell command to launch meterpreter stager.
jammy96 Posted March 7, 2019 Posted March 7, 2019 On 5/20/2017 at 6:44 PM, RooTShell said: Of course I read what the if statement is doing. I'm a programmer for 30+ years. And this is why I stated in the first post that I found the if statement odd because ducky.txt doesn't exist in the payload folder, only windows-staged-meterpreter.txt. And this is why I stated that this is not a dupe of the post you mentioned because in this case ducky.txt simply doesn't exist... Last night I rewrote the entire WindowsMeterpreterStaged payload from scratch and finally got it to work. The github version is completely broken... I also currently need to be working on this payload. Been trying so many times and still failing. Can you share with me the correct version of yours?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.