Jump to content

Is it just me-or are almost all the bash bunny scripts useless for Windows 10?


Recommended Posts

I've run over a dozen of Hak5's github scripts on Windows 10-it seems the only ones that work are ones that require only an HID and enter a string of text, or the prank folder. Anything that actually deals with pentest or other attacks, ironically, have no real use. In fact, just about every one that requires a loot folder that I've tried, save the nmapper, has come up empty. This is pretty annoying-I picked this up mostly for the robust library available, and I work almost exclusively with windows machines. It seems to me that outside of the occasional computer that is still running Windows 7, I picked up a very expensive toy to write on notepads really fast. 

Ones I've tried that worked:

nmapper

notepad_fun

single-character-quack

 

Ones I've tried that have yielded absolutely nothing of value:

passwordgrabber

DumpCreds

QuickCreds

WiPassDump

WifiGrabber

WifiPass

WindowsCookies

Browserdata

simple-usb-extractor

usb_exfiltrator 

Link to post
Share on other sites

You need to modify the delays and add delays.  Take a payload you want to run, make it painfully slow, and verify each step.  Then when it works, start to speed it up until it no longer works.  99% of these payloads are too aggressive and never work for me out of the box.  I always have to slow them down a bit.  If you search around in this section of the forums or even the rubber ducky part, you'll see me say that a bunch of times.

  • Upvote 1
Link to post
Share on other sites

@Bob123so I went ahead and added a painful amount of delays and still got nothing. Perhaps I'm not getting the hang of the Bunny Script? For example, this is what I used for the usb exfiltrator: 

GET SWITCH_POSITION
LED ATTACK
ATTACKMODE HID STORAGE
RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"
Q DELAY 10000
Q DELAY 10000
Q DELAY 10000
Q DELAY 10000
Q DELAY 10000
LED FINISH

 

Link to post
Share on other sites

Ok I really hope your take away from my helpful hint wasn't to only do what you did above.  There are several payloads that you mentioned didn't work.  Several of those use ducky script or have many commands tight together which is why I mentioned adding some delays between the commands.  You do understand that what you did above will do absolutely nothing right?  Did you see the part where I said verify the code works?  USB exfiltrator by itself copies only pdfs and works just fine.  Do you have pdfs in your documents folder?  Did you try doing an xcopy from your bb to see if you could even copy those pdfs to your bb?  Comment out or delete the hidden commands in the files and watch what powershell does.  Are you getting errors?  You could also remove the whole caps lock blinking.  I usually do.  Makes it a bit more stealthy.  

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...