smb_exfiltrator

[jef00]

so i got my bashbunny i update it to v1.3 but the bash bunny did not stop blinking blue can you guys confirm it please thanks!!

Jeff

[b0N3z]

are you using a payload on switch 1 or 2? Or are you on switch 3 which is arming mode.   Need more details to help.  If your using smb_exfiltrator as the topic would suggest, are you using it on the correct system?  

[Dave-ee Jones]

My guess is he flicked the switch while it was still in Arming mode (while still plugged in) and expected it to run the SMB_Exfiltrator payload.

You need to safely eject the Bunny, pull it out of it's USB and then flick the switch to whatever you put the payload on and then plug it back in.

[jef00]

i think i got it my test machine windows 10 creators update build 15063 and the exploit use the port 445 that is why the exploit dont work. correct me if iam wrong
iam using the exploit in switch 2.  if iam correct the exploit must work on Windows 7 i wil test it on it on a vm 

[PoSHMagiC0de]

I keep hearing exploit.  Are you using a combination of quack commands and USB storage to exfiltrate files or are you trying to use something like MS17-010 (EternalBlue) for the BashBunny to hack into the victim to get the files?  The Creator Update didn't patch that.  It was patched way back in March in the autoupdates that Windows 10 does.  Other version of Windows were so blatantly vulnerable because they didn't do to the update in March because auto-updates not on or they didn't run Windows Updates since it was released.

[jef00]

it is my bad i mean the smb_exfiltrator payload also me test system was fully up to date so the payload doesn't work anyway right? im feeling like a noob! i  am sorry guys @PoSHMagiC0de

[PoSHMagiC0de]

Ahh, okay.  The payload doesn't exploit a vulnerability.  It uses what is actually allowed.  I had to go look at the payload.  I usually look at other people's payloads once to see how they are doing things but normally build my own for stuff. (Yes everyone I have goodies I am keeping to myself.  It is same as what you are doing, it is just formatted differently to work with the delivery methods I am using.)  So, I had to go review the payload again to see what it is doing.

How the SMB exfil work is it uses extra tools.  Being you are new I am thinking that is where you are having the issue is adding the additional tools.  In this case, the exfil uses smbserver.py from the python impacket toolset.  Couple of people have made it easier to newbies to others who just don't want to deal with the intricacies to install by making them deb packages.  Here is a link to the forum thread where Seb has made them available to use.  I would get these, copy them to the tools folder off the root of the BB while it is in arming more, safely eject it like you do other USB drives and then reinsert it then check to see if the tools folder is empty.  If it is then you should be all cool.  Look at the status lights on the bunny too.  i think the require tool function that looks for impacket blinks an amber light if tools are not available.  Impacket is the one required for smb-exfil payload.

 

[jef00]

@PoSHMagiC0de thank you for your answer and explaning i already did install the following pakages

• Impacket
• Responder
• Gohttp

before that i update my bb to the v1.3 firmware and then install de deb files as you mentioned. i also try it whitout the imactor but then i get a blinked red light but as i install impacket and then run the payload it hangs with the blue light. that indicates that the bb is receiving data right? but i wait about 15 minutes and still the light is blinked blue. can you test the payload for me in a windows 10 environment? so that i am sure i didn't mess up anything 

Edited May 23, 2017 by jef00