DavidDoherty Posted September 14, 2017 Share Posted September 14, 2017 Hi Folks I, along with quite a few other people, am having zero success getting the bunny to do anything useful. I'm sorry to say it but could the device be not quite ready for market yet? My situation is that I have tried every payload (yes, every payload) on my windows 10 laptop and none of them write anything to the loot folder - other than creating a subfolder in the loot folder, for example if i run the PrivEscChecker payload I get the folder PrivEscChecker created in the loot folder but nothing else. I can see from the forums that some people are able to snag some stuff but I also see a shed load of people who, like myself, get nothing but hours of frustration. I am very happy to blame myself here and put it all down to user error but that would suggest that perhaps the bunny should be a little more user friendly? For the developers of the bunny can I suggest a few improvements for the next release? please indicate the switch positions on the actual device (A - 1 - 2) would be a great help when trying to work out which position the slider is in. A reset script which can be run from the USB mass storage which resets the bunny to factory settings, updates to the latest firmware and installs the latest tools. Debug - please please please can we have some debug capability? The LED's are just not enough if things are going spectacularly wrong. Easier language change ability. I know all we need to do now is change the DUCK_LANG line in the config.txt file - but this does not always work (for some very strange reason). I know I am sounding like a script kiddie who just wants it all to be EASY but that's not the case at all. If I can be confident the bunny works I can then focus my time on writing scripts, rather than hunting down why I cannot get it online or why the loot folder is empty. Writing scripts if the fun bit, not wrestling with the OS/device Winge over. I am off to prepare for my OSCP exam Kind regards David Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted September 14, 2017 Share Posted September 14, 2017 Yeah, a lot of people are having issues using their bunny. From what I can see from your post things are working inside the bunny as far as creating folders and stuff. It just looks like payloads are returning nothing, etc. When it comes to Win10, a lot of payloads may not work. It is because of the added security with MS recent updates to Win10. I have been busy lately with work so have not had time to test other folks payloads on a Win10 machine to see if there are changes or if they are not going to work anymore. The best test I can say for you to see if the BB works is write a simple payload with HID and STORAGE. Have the BB type out a command to copy a file you know exists to the BB USB drive. Or if you prefer, have it just arm itself and see if you can see the drive under your list of USB drives and see if you can copy to and from it. You can try to have the Bunny do it next using Quack commands in the payload.txt if the manual way works. Never use someone else's payload as a test of a functioning Bunny. It was written by that person and will work for them under their situation which may not be everyone's situation. Example, Mr. Robot. Awesome payload. Works great on Windows 7. Will not do a thing on Win10. Not the payload creator's fault. Win10 is just secured against mimikatz type attacks in recent updates. Another example. Everyone loves fodhelper now for Win10. Did you know there is the eventviewer bypass too. Some virus scanners see the attempt as malicious now so might be stopped. Won't be home until fodhelper falls into the same boat. Those that got the update if it happens it will not work for them anymore, for those that don't they will think everything is fine and others are trippin. Also if the system is set to always prompt on UAC and has secured desktop then both of the bypasses will not work on those systems. I can only safely say if you want to use existing payloads as tests, use them on a Win7 machine since that is the time period they were conceived and mostly geared towards unless they specify in their payload otherwise. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.