CloudCY Posted January 8, 2020 Posted January 8, 2020 Hello all, This is my first ever post to the forum, but I hope it will prove to be more than helpful! Right, on to the point: I am currently working on an assignment where the target machine (Windows 7) is logged in with a user that is very limited. I cannot even call the Run Command dialog. Win+R keyboard combination is from an actual keyboard is not working either. The Windows Menu is empty and any commands typed in the lower part of the "Type to search.." bar do not execute. As a result GUI r and RUN WIN commands are a no go. Is there any other way to execute a payload/application that is stored on my $SWITCH_POSITION folder if I can not invoke the Run Command dialog? Regards, CloudCY
PoSHMagiC0de Posted January 8, 2020 Posted January 8, 2020 Can you run your payload manually from that machine? If not, the BB is not magic. If you can, that is your path to execution. The same manual path you took will be the automated path. Like if you have the ability to open file explorer then file explorer will be your path.
CloudCY Posted January 8, 2020 Author Posted January 8, 2020 Thank you very much for your reply. If the machine is logged in with another user (that is not locked down) the payload can be executed fine; but by default the machine auto logs in with the locked down user. I was able to get a Meterpreter session from a remote machine and execute the payload through the execute command of the session using the psexec_psh payload. Would it be possible to do something similar with the BB then?
kuyaya Posted January 9, 2020 Posted January 9, 2020 Is think what PoshMagiC0de means is like: can you manage to run the payload by hand on the victim computer? Like if you can open the explorer, then you could also make a way to execute the program via the explorer. Like you could make Win+e and then go to the BB somehow, idk... Another way maybe: if you just press the windows key, and then type "cmd" you should be able to open the cmd. I hope cmd isn't banned as well. With cmd you could also easily locate the BashBunny and execute the application/payload then. There is theoretically no need of the run dialog. It is just a faster way to execute commands, but it does not have any more privileges or something.
CloudCY Posted January 10, 2020 Author Posted January 10, 2020 Dear bunnylover, Thanks for your reply. Unfortunately when I press the Windows key and type cmd (or any other command for that matter) nothing is being found. It looks like the user is pretty locked down. I was able to launch cmd.exe through an app (through the Open File option) that was running on the victim machine, but I can a message saying that The command prompt has been disabled by the administrator. So it looks like there is no winning this assignment then.... (Not through physical means anyway...) Any ideas you guys could provide, I would be more than happy to test them out. Regards, CloudCY
PoSHMagiC0de Posted January 10, 2020 Posted January 10, 2020 Exactly. Anything you cannot do by hand on that machine cannot be magically done by the BB on the machine. Now, if you can remotely hit it with a domain account to run commands then there is a chance you may be able to do it with impacket from the bunny using the psexec module or wmiexec module. Issue you are going to run into in 2020 is two fold though. One, last year we had issued getting the latest impacket installed that supports SMB3. I was going to try it again a different way but then issue 2 comes up....python 2 is deprecated and I do not know if Hak5 has plans to drop python2 also and update to python 3.x. Kali has and has been asking for help to get all their python2 tools updated to python3 and those that have not have been withheld from their repo. @Darren Kitchen @Foxtrot Any plans on deprecating python2 on the BB in the near future for python3 in another firmware update?
Foxtrot Posted March 2, 2020 Posted March 2, 2020 On 1/10/2020 at 10:15 PM, PoSHMagiC0de said: @Darren Kitchen @Foxtrot Any plans on deprecating python2 on the BB in the near future for python3 in another firmware update? It is in the works, we want to be confident that the transition is as painless as possible for users before releasing a 1.7 update with python3, (Same for the other products also). Some popular tools will be left behind if they aren't updated, unfortunately, as I'm sure you're aware.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.