CharadeUR Posted July 3, 2021 Share Posted July 3, 2021 I confirmed that the pc is getting an IP address via the BB DHCP. But what I noticed is the RNDIS adapter gets created then for some reason falls out then gets created again. After the second device connected sound it is stable. I think that is why the nmap.log file says: Starting Nmap 6.47 ( http://nmap.org ) at 2019-07-10 12:05 PDT Nmap done: 1 IP address (0 hosts up) scanned in 1.24 seconds I assume I need to add some delay into the script file to make it wait for the second device connect sound. I'm just not getting that done successfully for some reason. Any help is appreciated. Link to comment Share on other sites More sharing options...
chrizree Posted July 3, 2021 Share Posted July 3, 2021 You could try to set a delay in the RECON part perhaps and see what happens Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 Mine is getting hung up also. But it does complete the Nmap scan. then fails. Executing nmap... (even though the nmap_results.txt shows the scan was completed: Nmap done: 1 IP address (1 host up) scanned in 14.49 seconds Then I get the slow flashing Red LED. I am 6 months into self teaching. I have the Mark II Bash Bunny Any help is more than welcomed. Link to comment Share on other sites More sharing options...
chrizree Posted July 5, 2021 Share Posted July 5, 2021 Follow the payload script code... slow flashing/blinking red LED = status FAIL, and that is used once in the payload in the EXPLOIT part. What does the log.txt file say? Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 PAYLOAD_DIR: /root/udisk/payloads/switch1 MSF_DIR: /tools/metasploit-framework LOOTDIR: /root/udisk/loot/Jackalope//WIN-F2S2 TARGET_IP: 172.1 TARGET_HOSTNAME: WIN-F2S2 Executing nmap... Starting Nmap 6.47 ( http://nmap.org ) at 2021-01-30 18:26 PST Nmap scan report for 172.1 Host is up (0.00049s latency). PORT STATE SERVICE 445/tcp filtered microsoft-ds MAC Address: 00:11:22 (Cimsys) Nmap done: 1 IP address (1 host up) scanned in 14.58 seconds Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 I have left the BB in the target box for 10 minutes. Not sure if that is too long or not long enough.... Sorry I am a rookie Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 I also. do not ever see the LED STAGE 2. Almost like it does not go into the exploit part of the payload Link to comment Share on other sites More sharing options...
chrizree Posted July 5, 2021 Share Posted July 5, 2021 What about the Metasploit installation on the Bunny, is that up and running? Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 Yes, only question I have on that is , do I need to go in and chmod it to make it executable???? Link to comment Share on other sites More sharing options...
chrizree Posted July 5, 2021 Share Posted July 5, 2021 What firmware are you on? 1.6 is needed for Metasploit. You probably are, but need to ask just to be sure. Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 https://ibb.co/FYqJWYZ for the image of the previous question Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 https://ibb.co/FYqJWYZ for the image of the previous question Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 Version 1.7_332 Link to comment Share on other sites More sharing options...
chrizree Posted July 5, 2021 Share Posted July 5, 2021 yeah, ok, I forgot that you had the Mk2... I would probably insert "dummy" log entries after each line in the payload, just to narrow down where it all fails. Well, not after each line, but each line in the section where it most likely fails. Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 4 minutes ago, chrizree said: yeah, ok, I forgot that you had the Mk2... I would probably insert "dummy" log entries after each line in the payload, just to narrow down where it all fails. Well, not after each line, but each line in the section where it most likely fails. Excuse my ignorance what is a dummy entry? Link to comment Share on other sites More sharing options...
chrizree Posted July 5, 2021 Share Posted July 5, 2021 well, I could be a bit more clear about that... 🙂 what I mean is that you just add lines that writes to the log file, for example: echo "Payload executed line 81" >> $LOOTDIR/log.txt command on line 83 echo "Payload executed line 83" >> $LOOTDIR/log.txt command on line XX and so on... Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 trying this out now... Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 So here are my results: PAYLOAD_DIR: /root/udisk/payloads/switch1 MSF_DIR: /tools/metasploit-framework LOOTDIR: /root/udisk/loot/Jackalope//WIN-F2S2 TARGET_IP: 172.1 TARGET_HOSTNAME: WIN-F2S2R9L8UOH Payload executed line 67 Payload executed line 92 Executing nmap... Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 I think I figured it out. Port 445 must be opened not filtered. Again I think... Link to comment Share on other sites More sharing options...
chrizree Posted July 5, 2021 Share Posted July 5, 2021 yes, according to the payload it is expected that 445 should be open, that should produce a red fast blink though Link to comment Share on other sites More sharing options...
Capt ahab Posted July 5, 2021 Share Posted July 5, 2021 I got it to work. had to open 445 manually. My only question is how would one bypass that? I am just testing out the BB on my Windows-10 pc. Link to comment Share on other sites More sharing options...
chrizree Posted July 5, 2021 Share Posted July 5, 2021 Perhaps using the Bunny as a keyboard and set the port to open using Powershell (requires admin privs though and an unlocked machine) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.