TMB Posted June 30, 2017 Share Posted June 30, 2017 I just bought a Bash Bunny, how can I develop my own attackmode module. Is it feasible to create a USB Monitor that takes screenshots at intervals? Quote Link to comment Share on other sites More sharing options...
b0N3z Posted July 1, 2017 Share Posted July 1, 2017 you could probably find a keyboard shortcut to take a screenshot at certain intervals. Quote Link to comment Share on other sites More sharing options...
digip Posted July 1, 2017 Share Posted July 1, 2017 Print screen button, saves a copy to clip board. You could in theory macro the process to open paint on windows, paste, and then save and exit, with the name based on the current time+date, so they store in order by time and day. This however would alert someone if they see it pop up on screen. However, you could use something like nircmd, but might set off anit-virus(it's a legit tool though), but you'd have to execute it against the system like so: "nircmd.exe savescreenshot screen1.png" while scripting the naming convention to match your needs. See http://www.nirsoft.net/utils/nircmd.html for the program. I don't own a bunny, so you'll have to test if that will work(for windows anyway). In linux, you can generally just do "import screenshot.png" but ImageMagick needs to be installed to make it work. Might be a default package on some linux distros, not 100% sure what ones install it by default though. If it's a gnome system, gnome-screenshot is probably installed and will do the same thing more or less, but read the help file for output. MAC systems, you can use screencapture but I think the default format is PDF. I don't own a mac, so google is your friend for help on this one, which is how I found it(and the above options) Quote Link to comment Share on other sites More sharing options...
TMB Posted July 4, 2017 Author Share Posted July 4, 2017 On 7/1/2017 at 11:15 AM, digip said: Print screen button, saves a copy to clip board. You could in theory macro the process to open paint on windows, paste, and then save and exit, with the name based on the current time+date, so they store in order by time and day. This however would alert someone if they see it pop up on screen. However, you could use something like nircmd, but might set off anit-virus(it's a legit tool though), but you'd have to execute it against the system like so: "nircmd.exe savescreenshot screen1.png" while scripting the naming convention to match your needs. See http://www.nirsoft.net/utils/nircmd.html for the program. I don't own a bunny, so you'll have to test if that will work(for windows anyway). In linux, you can generally just do "import screenshot.png" but ImageMagick needs to be installed to make it work. Might be a default package on some linux distros, not 100% sure what ones install it by default though. If it's a gnome system, gnome-screenshot is probably installed and will do the same thing more or less, but read the help file for output. MAC systems, you can use screencapture but I think the default format is PDF. I don't own a mac, so google is your friend for help on this one, which is how I found it(and the above options) I'm aware that you can take a screenshot via keyboards commands. It's a trivial task, but also easy to catch out. An emulated USB monitor, assuming it automatically installs via plug and play, would allow you to monitor a screen even while the device is in use. And possibly record continuous video or screenshots transparent to the user. Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted July 4, 2017 Share Posted July 4, 2017 (edited) PowerShell, baby. [Reflection.Assembly]::LoadWithPartialName("System.Drawing") function screenshot([Drawing.Rectangle]$bounds, $path) { $bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height $graphics = [Drawing.Graphics]::FromImage($bmp) $graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size) $bmp.Save($path) $graphics.Dispose() $bmp.Dispose() } $bounds = [Drawing.Rectangle]::FromLTRB(0, 0, 1000, 900) screenshot $bounds "C:\screenshot.png" https://stackoverflow.com/questions/2969321/how-can-i-do-a-screen-capture-in-windows-powershell *Edit* This one is quite nice too - https://gist.github.com/guitarrapc/9870497 Edited July 4, 2017 by haze1434 Quote Link to comment Share on other sites More sharing options...
TMB Posted July 4, 2017 Author Share Posted July 4, 2017 On 6/30/2017 at 5:20 PM, TMB said: I just bought a Bash Bunny, how can I develop my own attackmode module. Is it feasible to create a USB Monitor that takes screenshots at intervals? Let me give background to my original question. I have taken a screenshot using scripting via an HID attack and powershell. I'm not seeking responses regarding that, or on different ways to do that. A screenshot can be taken via HID, I have already established that and it's not a transparent attack. It cannot be done (starting the attack) whilst a person is using the machine, or while it's transitioning from locked to unlocked. Written HID attacks are very OS specific, you take screenshots differently on different OSes (and that's the easy part), saving the screenshot on the other hand is less trivial depending on the OS. As well, you cannot record video easily. NOW: Is it feasible to create a USB Display Adapter ATTACKMODE ? That is, you plug in the Bunny and it pretends to be a secondary display adapter. Benefits being, as a PnP adapter, you can record screenshots or record video of activity WHILST is computer is in use. Presumptuously, the Bunny could be installed whilst the machine is locked and visually record activity from when the user unlocks it, till it's removed. In the most basic form, the question is: how do you develop a custom ATTACKMODE module? Or, is that access only availble to Hak5? Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted July 4, 2017 Share Posted July 4, 2017 (edited) I am uncertain what your requirements are exactly, but I think the PowerShell linked above would do fine. Plug in Bunny Call PowerShell script - https://gist.github.com/guitarrapc/9870497 That PowerShell script takes a screenshot every # seconds and saves it to the Bunny / wherever Leave it running. Come back later and retrieve Bunny and screenshots. Profit. Not a machine that would recognise PowerShell? Just use another language. I think you're potentially over complicating things. Edited July 4, 2017 by haze1434 Quote Link to comment Share on other sites More sharing options...
digip Posted July 4, 2017 Share Posted July 4, 2017 (edited) Not sure how you plan to capture video. Unless there are built in OS hooks, which I know of none, although linux can probably apt-get something to work with, more than likely need a specific tool for recording video of the screen. Regardless of OS, nothing ships default that I know of to do this. You;d have to install a 3rd party tool, like VLC to screen cap, which might be installed on each OS, but that is something you'd have to scan a system for to use. As for hardware spoofing, sure you could spoof a hardware ID, but the bunny, as far as I know, has no hardware itself to do the recording. Sure you could probably script something to save to the bunny, but might be simpler to send a remote desktop session somewhere else, that can do the recording, which again, is specific to the OS on remote viewing. VLC can stream to disk(or to an IP and port as far as I know), but this requires a version of VLC on each OS of your victim. Possibly portable VLC(at least on windows) could be stored on the bunny and run from there, but I don't have one or know if they can work this way. Simply put, the bunny is not a GPU/screen recording hardware device, it's a linux(as far as I know) dongle that can be scripted to do whatever you tell it to do with respect to what the OS is you're attacking and would also require third party tools, or built in OS scripting to record video of a desktop. Screenshot like haze mentioned is about the only thing built in that I can see working without extra tools, but someone school me otherwise if that is not the case. Gnome desktop has screen recording but isn't always installed by default and there are a number of various tools for flavors of linux that can do this. If the bunny boots a whole system of linux, then in theory, it could hook into the victim machine and record it as a RDP session of some kind but would need to start an RDP viewing session in some manner against the target OS. Edited July 4, 2017 by digip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.