Jump to content

smb_exfiltrator


jef00
 Share

Recommended Posts

are you using a payload on switch 1 or 2? Or are you on switch 3 which is arming mode.   Need more details to help.  If your using smb_exfiltrator as the topic would suggest, are you using it on the correct system?  

Link to comment
Share on other sites

My guess is he flicked the switch while it was still in Arming mode (while still plugged in) and expected it to run the SMB_Exfiltrator payload.

You need to safely eject the Bunny, pull it out of it's USB and then flick the switch to whatever you put the payload on and then plug it back in.

Link to comment
Share on other sites

i think i got it my test machine windows 10 creators update build 15063 and the exploit use the port 445 that is why the exploit dont work. correct me if iam wrong
iam using the exploit in switch 2.  if iam correct the exploit must work on Windows 7 i wil test it on it on a vm 

Link to comment
Share on other sites

I keep hearing exploit.  Are you using a combination of quack commands and USB storage to exfiltrate files or are you trying to use something like MS17-010 (EternalBlue) for the BashBunny to hack into the victim to get the files?  The Creator Update didn't patch that.  It was patched way back in March in the autoupdates that Windows 10 does.  Other version of Windows were so blatantly vulnerable because they didn't do to the update in March because auto-updates not on or they didn't run Windows Updates since it was released.

Link to comment
Share on other sites

Ahh, okay.  The payload doesn't exploit a vulnerability.  It uses what is actually allowed.  I had to go look at the payload.  I usually look at other people's payloads once to see how they are doing things but normally build my own for stuff. (Yes everyone I have goodies I am keeping to myself.  It is same as what you are doing, it is just formatted differently to work with the delivery methods I am using.)  So, I had to go review the payload again to see what it is doing.

How the SMB exfil work is it uses extra tools.  Being you are new I am thinking that is where you are having the issue is adding the additional tools.  In this case, the exfil uses smbserver.py from the python impacket toolset.  Couple of people have made it easier to newbies to others who just don't want to deal with the intricacies to install by making them deb packages.  Here is a link to the forum thread where Seb has made them available to use.  I would get these, copy them to the tools folder off the root of the BB while it is in arming more, safely eject it like you do other USB drives and then reinsert it then check to see if the tools folder is empty.  If it is then you should be all cool.  Look at the status lights on the bunny too.  i think the require tool function that looks for impacket blinks an amber light if tools are not available.  Impacket is the one required for smb-exfil payload.

 

Link to comment
Share on other sites

@PoSHMagiC0de thank you for your answer and explaning i already did install the following pakages

before that i update my bb to the v1.3 firmware and then install de deb files as you mentioned. i also try it whitout the imactor but then i get a blinked red light but as i install impacket and then run the payload it hangs with the blue light. that indicates that the bb is receiving data right? but i wait about 15 minutes and still the light is blinked blue. can you test the payload for me in a windows 10 environment? so that i am sure i didn't mess up anything 

Edited by jef00
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...