Jump to content

IT bash automation


cy3rtch
 Share

Recommended Posts

I'm looking to see if there is a way to automate my login for windows with the bash bunny. The reason is that I am a sysadmin and I'm always putting my windows creds to gain access to the PC. I wanted to see how you can set up the bash bunny to do it for me.  I plug it in it type my creds and i'm in...... 

 

someone, please help

 

regards

cy3rtch

 

Link to comment
Share on other sites

You don't need a bash bunny for something simple like that, a Rubber Ducky would be just fine if all you need is keystrokes. You simply create a text file with the Duckyscript you want to be typed, encode the text file into a payload using duckencoder, and put it on the Ducky microsd or BashBunny. The difference with the Bash Bunny is it has multiple (well, two) attack modes so it can run two different payloads depending on the situation, and can bring its own exploits since it is really an entire small computer with an automated keyboard, while the Rubber Ducky is just an automated keyboard.

Keep in mind, if someone else got their hands on your Bash Bunny or Ducky, they could possibly decode the payload and then they would have your credentials. It would essentially be like carrying around a flash drive with a text file with your passwords and usernames (with a few more steps), so it may not be the best idea from a security standpoint.

Link to comment
Share on other sites

Thanks for the quick response. I don't have the the ruber ducky.. I have the bunny. If I lose it I can reset my password from any PC. I was trying to see how  I can do it with bash the bunny. Im a super noob at the scripting in the IT field thing. I am just now getting into powershell in a windows environment. And i think i can use the bunny to help a lot with my day-to-day operations at work. 

Link to comment
Share on other sites

1 hour ago, The Power Company said:

It would essentially be like carrying around a flash drive with a text file with your passwords and usernames (with a few more steps), so it may not be the best idea from a security standpoint.

That's exactly what it is.

3 minutes ago, cy3rtch said:

I am just now getting into powershell in a windows environment.

PoSH is useful in pretty much any Windows situation, as you can do anything in PoSH what you could do in the Windows GUI, and more, so I would recommend learning it. You can even create your own programs with it, including GUIs, so it's nothing to laugh at.

Link to comment
Share on other sites

7 minutes ago, Dave-ee Jones said:

It would essentially be like carrying around a flash drive with a text file with your passwords and usernames (with a few more steps), so it may not be the best idea from a security standpoint

 

I'm going to ask the SEC team at my job and ask them if I can use the Bash bunny and what I'm going to use it for. Explain it to them to see what they say. 

bash bunny is not only for hacking. I can use it in my normal day-to-day. 

*coping user profiles over to re-image PC's 

*install drivers 

*Automate windows updates  

 

 

Link to comment
Share on other sites

33 minutes ago, kbeflo said:

I'm pretty sure he meant POwer SHell

Ye!

7 minutes ago, barry99705 said:

Heh, you know, the blue dos prompt!  :lol:

Yes, very posh. :)

36 minutes ago, cy3rtch said:

I'm going to ask the SEC team at my job and ask them if I can use the Bash bunny and what I'm going to use it for. Explain it to them to see what they say. 

bash bunny is not only for hacking. I can use it in my normal day-to-day. 

*coping user profiles over to re-image PC's 

*install drivers 

*Automate windows updates  

Okay, it's up to you. But think of this - I could use the BB as a portable SMB storage device, but at the same time I could just plug it in to the computer (which is what you do anyway) and use it as USB storage. Using the BB makes it more interesting and involving for you, but at the same time there are better and easier solutions.

The Bash Bunny is nice for someone like a sysadmin to play with, but there are better options in terms of day-to-day use that don't include using a pentesting tool :)

That said, many people use the LAN Turtle as a personal VPN (which is almost what it was designed to do, but not always for the same purpose).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...