Jump to content

Bash Bunny Screen Logger


TMB
 Share

Recommended Posts

you could probably find a keyboard shortcut to take a screenshot at certain intervals.

Link to comment
Share on other sites

Print screen button, saves a copy to clip board. You could in theory macro the process to open paint on windows, paste, and then save and exit, with the name based on the current time+date, so they store in order by time and day. This however would alert someone if they see it pop up on screen.

However, you could use something like nircmd, but might set off anit-virus(it's a legit tool though), but you'd have to execute it against the system like so:

"nircmd.exe savescreenshot screen1.png" while scripting the naming convention to match your needs. See http://www.nirsoft.net/utils/nircmd.html for the program.

I don't own a bunny, so you'll have to test if that will work(for windows anyway). In linux, you can generally just do "import screenshot.png" but ImageMagick needs to be installed to make it work. Might be a default package on some linux distros, not 100% sure what ones install it by default though. If it's a gnome system, gnome-screenshot is probably installed and will do the same thing more or less, but read the help file for output.

MAC systems, you can use screencapture but I think the default format is PDF. I don't own a mac, so google is your friend for help on this one, which is how I found it(and the above options)

 

 

Link to comment
Share on other sites

On 7/1/2017 at 11:15 AM, digip said:

Print screen button, saves a copy to clip board. You could in theory macro the process to open paint on windows, paste, and then save and exit, with the name based on the current time+date, so they store in order by time and day. This however would alert someone if they see it pop up on screen.

However, you could use something like nircmd, but might set off anit-virus(it's a legit tool though), but you'd have to execute it against the system like so:

"nircmd.exe savescreenshot screen1.png" while scripting the naming convention to match your needs. See http://www.nirsoft.net/utils/nircmd.html for the program.

I don't own a bunny, so you'll have to test if that will work(for windows anyway). In linux, you can generally just do "import screenshot.png" but ImageMagick needs to be installed to make it work. Might be a default package on some linux distros, not 100% sure what ones install it by default though. If it's a gnome system, gnome-screenshot is probably installed and will do the same thing more or less, but read the help file for output.

MAC systems, you can use screencapture but I think the default format is PDF. I don't own a mac, so google is your friend for help on this one, which is how I found it(and the above options)

 

 

I'm aware that you can take a screenshot via keyboards commands. It's a trivial task, but also easy to catch out. An emulated USB monitor, assuming it automatically installs via plug and play, would allow you to monitor a screen even while the device is in use. And possibly record continuous video or screenshots transparent to the user.

Link to comment
Share on other sites

  PowerShell, baby.

[Reflection.Assembly]::LoadWithPartialName("System.Drawing")
function screenshot([Drawing.Rectangle]$bounds, $path) {
   $bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height
   $graphics = [Drawing.Graphics]::FromImage($bmp)

   $graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)

   $bmp.Save($path)

   $graphics.Dispose()
   $bmp.Dispose()
}

$bounds = [Drawing.Rectangle]::FromLTRB(0, 0, 1000, 900)
screenshot $bounds "C:\screenshot.png"

 

https://stackoverflow.com/questions/2969321/how-can-i-do-a-screen-capture-in-windows-powershell

 

*Edit*

This one is quite nice too - https://gist.github.com/guitarrapc/9870497

Edited by haze1434
Link to comment
Share on other sites

On 6/30/2017 at 5:20 PM, TMB said:

I just bought a Bash Bunny, how can I develop my own attackmode module. Is it feasible to create a USB Monitor that takes screenshots at intervals?

Let me give background to my original question.

I have taken a screenshot using scripting via an HID attack and powershell. I'm not seeking responses regarding that, or on different ways to do that. A screenshot can be taken via HID, I have already established that and it's not a transparent attack. It cannot be done (starting the attack) whilst a person is using the machine, or while it's transitioning from locked to unlocked. Written HID attacks are very OS specific, you take screenshots differently on different OSes (and that's the easy part), saving the screenshot on the other hand is less trivial depending on the OS. As well, you cannot record video easily.

NOW:

Is it feasible to create a USB Display Adapter ATTACKMODE ? That is, you plug in the Bunny and it pretends to be a secondary display adapter. Benefits being, as a PnP adapter, you can record screenshots or record video of activity WHILST is computer is in use. Presumptuously, the Bunny could be installed whilst the machine is locked and visually record activity from when the user unlocks it, till it's removed.

In the most basic form, the question is: how do you develop a custom ATTACKMODE module? Or, is that access only availble to Hak5?

Link to comment
Share on other sites

I am uncertain what your requirements are exactly, but I think the PowerShell linked above would do fine.

  1. Plug in Bunny
  2. Call PowerShell script - https://gist.github.com/guitarrapc/9870497
  3. That PowerShell script takes a screenshot every # seconds and saves it to the Bunny / wherever
  4. Leave it running.
  5. Come back later and retrieve Bunny and screenshots.
  6. Profit.

 

Not a machine that would recognise PowerShell? Just use another language.

I think you're potentially over complicating things.

Edited by haze1434
Link to comment
Share on other sites

Not sure how you plan to capture video. Unless there are built in OS hooks, which I know of none, although linux can probably apt-get something to work with, more than likely need a specific tool for recording video of the screen. Regardless of OS,  nothing ships default that I know of to do this. You;d have to install a 3rd party tool, like  VLC to screen cap, which might be installed on each OS, but that is something you'd have to scan a system for to use. As for hardware spoofing, sure you could spoof a hardware ID, but the bunny, as far as I know, has no hardware itself to do the recording. Sure you could probably script something to save to the bunny, but might be simpler to send a remote desktop session somewhere else, that can do the recording, which again, is specific to the OS on remote viewing. VLC can stream to disk(or to an IP and port as far as I know), but this requires a version of VLC on each OS of your victim. Possibly portable VLC(at least on windows) could be stored on the bunny and run from there, but I don't have one or know if they can work this way. Simply put, the bunny is not a GPU/screen recording hardware device, it's a linux(as far as I know) dongle that can be scripted to do whatever you tell it to do with respect to what the OS is you're attacking and would also require third party tools, or built in OS scripting to record video of a desktop. Screenshot like haze mentioned is about the only thing built in that I can see working without extra tools, but someone school me otherwise if that is not the case. Gnome desktop has screen recording but isn't always installed by default and there are a number of various tools for flavors of linux that can do this. If the bunny boots a whole system of linux, then in theory, it could hook into the victim machine and record it as a RDP session of some kind but would need to start an RDP viewing session in some manner against the target OS.

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...