cy3rtch Posted January 23, 2018 Share Posted January 23, 2018 I'm looking to see if there is a way to automate my login for windows with the bash bunny. The reason is that I am a sysadmin and I'm always putting my windows creds to gain access to the PC. I wanted to see how you can set up the bash bunny to do it for me. I plug it in it type my creds and i'm in...... someone, please help regards cy3rtch Quote Link to comment Share on other sites More sharing options...
The Power Company Posted January 23, 2018 Share Posted January 23, 2018 You don't need a bash bunny for something simple like that, a Rubber Ducky would be just fine if all you need is keystrokes. You simply create a text file with the Duckyscript you want to be typed, encode the text file into a payload using duckencoder, and put it on the Ducky microsd or BashBunny. The difference with the Bash Bunny is it has multiple (well, two) attack modes so it can run two different payloads depending on the situation, and can bring its own exploits since it is really an entire small computer with an automated keyboard, while the Rubber Ducky is just an automated keyboard. Keep in mind, if someone else got their hands on your Bash Bunny or Ducky, they could possibly decode the payload and then they would have your credentials. It would essentially be like carrying around a flash drive with a text file with your passwords and usernames (with a few more steps), so it may not be the best idea from a security standpoint. Quote Link to comment Share on other sites More sharing options...
cy3rtch Posted January 23, 2018 Author Share Posted January 23, 2018 Thanks for the quick response. I don't have the the ruber ducky.. I have the bunny. If I lose it I can reset my password from any PC. I was trying to see how I can do it with bash the bunny. Im a super noob at the scripting in the IT field thing. I am just now getting into powershell in a windows environment. And i think i can use the bunny to help a lot with my day-to-day operations at work. Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted January 23, 2018 Share Posted January 23, 2018 1 hour ago, The Power Company said: It would essentially be like carrying around a flash drive with a text file with your passwords and usernames (with a few more steps), so it may not be the best idea from a security standpoint. That's exactly what it is. 3 minutes ago, cy3rtch said: I am just now getting into powershell in a windows environment. PoSH is useful in pretty much any Windows situation, as you can do anything in PoSH what you could do in the Windows GUI, and more, so I would recommend learning it. You can even create your own programs with it, including GUIs, so it's nothing to laugh at. Quote Link to comment Share on other sites More sharing options...
cy3rtch Posted January 23, 2018 Author Share Posted January 23, 2018 thank you. can you send me the link to what Posh is? I want to make sure I got the correct PoSh Regards cy3rtch Quote Link to comment Share on other sites More sharing options...
cy3rtch Posted January 23, 2018 Author Share Posted January 23, 2018 7 minutes ago, Dave-ee Jones said: It would essentially be like carrying around a flash drive with a text file with your passwords and usernames (with a few more steps), so it may not be the best idea from a security standpoint I'm going to ask the SEC team at my job and ask them if I can use the Bash bunny and what I'm going to use it for. Explain it to them to see what they say. bash bunny is not only for hacking. I can use it in my normal day-to-day. *coping user profiles over to re-image PC's *install drivers *Automate windows updates Quote Link to comment Share on other sites More sharing options...
kleo Posted January 23, 2018 Share Posted January 23, 2018 6 minutes ago, cy3rtch said: thank you. can you send me the link to what Posh is? I'm pretty sure he meant POwer SHell Quote Link to comment Share on other sites More sharing options...
barry99705 Posted January 23, 2018 Share Posted January 23, 2018 26 minutes ago, kbeflo said: I'm pretty sure he meant POwer SHell Heh, you know, the blue dos prompt! Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted January 23, 2018 Share Posted January 23, 2018 33 minutes ago, kbeflo said: I'm pretty sure he meant POwer SHell Ye! 7 minutes ago, barry99705 said: Heh, you know, the blue dos prompt! Yes, very posh. :) 36 minutes ago, cy3rtch said: I'm going to ask the SEC team at my job and ask them if I can use the Bash bunny and what I'm going to use it for. Explain it to them to see what they say. bash bunny is not only for hacking. I can use it in my normal day-to-day. *coping user profiles over to re-image PC's *install drivers *Automate windows updates Okay, it's up to you. But think of this - I could use the BB as a portable SMB storage device, but at the same time I could just plug it in to the computer (which is what you do anyway) and use it as USB storage. Using the BB makes it more interesting and involving for you, but at the same time there are better and easier solutions. The Bash Bunny is nice for someone like a sysadmin to play with, but there are better options in terms of day-to-day use that don't include using a pentesting tool :) That said, many people use the LAN Turtle as a personal VPN (which is almost what it was designed to do, but not always for the same purpose). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.