CharadeUR Posted July 3, 2021 Posted July 3, 2021 I confirmed that the pc is getting an IP address via the BB DHCP. But what I noticed is the RNDIS adapter gets created then for some reason falls out then gets created again. After the second device connected sound it is stable. I think that is why the nmap.log file says: Starting Nmap 6.47 ( http://nmap.org ) at 2019-07-10 12:05 PDT Nmap done: 1 IP address (0 hosts up) scanned in 1.24 seconds I assume I need to add some delay into the script file to make it wait for the second device connect sound. I'm just not getting that done successfully for some reason. Any help is appreciated.
chrizree Posted July 3, 2021 Posted July 3, 2021 You could try to set a delay in the RECON part perhaps and see what happens
Capt ahab Posted July 5, 2021 Posted July 5, 2021 Mine is getting hung up also. But it does complete the Nmap scan. then fails. Executing nmap... (even though the nmap_results.txt shows the scan was completed: Nmap done: 1 IP address (1 host up) scanned in 14.49 seconds Then I get the slow flashing Red LED. I am 6 months into self teaching. I have the Mark II Bash Bunny Any help is more than welcomed.
chrizree Posted July 5, 2021 Posted July 5, 2021 Follow the payload script code... slow flashing/blinking red LED = status FAIL, and that is used once in the payload in the EXPLOIT part. What does the log.txt file say?
Capt ahab Posted July 5, 2021 Posted July 5, 2021 PAYLOAD_DIR: /root/udisk/payloads/switch1 MSF_DIR: /tools/metasploit-framework LOOTDIR: /root/udisk/loot/Jackalope//WIN-F2S2 TARGET_IP: 172.1 TARGET_HOSTNAME: WIN-F2S2 Executing nmap... Starting Nmap 6.47 ( http://nmap.org ) at 2021-01-30 18:26 PST Nmap scan report for 172.1 Host is up (0.00049s latency). PORT STATE SERVICE 445/tcp filtered microsoft-ds MAC Address: 00:11:22 (Cimsys) Nmap done: 1 IP address (1 host up) scanned in 14.58 seconds
Capt ahab Posted July 5, 2021 Posted July 5, 2021 I have left the BB in the target box for 10 minutes. Not sure if that is too long or not long enough.... Sorry I am a rookie
Capt ahab Posted July 5, 2021 Posted July 5, 2021 I also. do not ever see the LED STAGE 2. Almost like it does not go into the exploit part of the payload
chrizree Posted July 5, 2021 Posted July 5, 2021 What about the Metasploit installation on the Bunny, is that up and running?
Capt ahab Posted July 5, 2021 Posted July 5, 2021 Yes, only question I have on that is , do I need to go in and chmod it to make it executable????
chrizree Posted July 5, 2021 Posted July 5, 2021 What firmware are you on? 1.6 is needed for Metasploit. You probably are, but need to ask just to be sure.
Capt ahab Posted July 5, 2021 Posted July 5, 2021 https://ibb.co/FYqJWYZ for the image of the previous question
Capt ahab Posted July 5, 2021 Posted July 5, 2021 https://ibb.co/FYqJWYZ for the image of the previous question
chrizree Posted July 5, 2021 Posted July 5, 2021 yeah, ok, I forgot that you had the Mk2... I would probably insert "dummy" log entries after each line in the payload, just to narrow down where it all fails. Well, not after each line, but each line in the section where it most likely fails.
Capt ahab Posted July 5, 2021 Posted July 5, 2021 4 minutes ago, chrizree said: yeah, ok, I forgot that you had the Mk2... I would probably insert "dummy" log entries after each line in the payload, just to narrow down where it all fails. Well, not after each line, but each line in the section where it most likely fails. Excuse my ignorance what is a dummy entry?
chrizree Posted July 5, 2021 Posted July 5, 2021 well, I could be a bit more clear about that... 🙂 what I mean is that you just add lines that writes to the log file, for example: echo "Payload executed line 81" >> $LOOTDIR/log.txt command on line 83 echo "Payload executed line 83" >> $LOOTDIR/log.txt command on line XX and so on...
Capt ahab Posted July 5, 2021 Posted July 5, 2021 So here are my results: PAYLOAD_DIR: /root/udisk/payloads/switch1 MSF_DIR: /tools/metasploit-framework LOOTDIR: /root/udisk/loot/Jackalope//WIN-F2S2 TARGET_IP: 172.1 TARGET_HOSTNAME: WIN-F2S2R9L8UOH Payload executed line 67 Payload executed line 92 Executing nmap...
Capt ahab Posted July 5, 2021 Posted July 5, 2021 I think I figured it out. Port 445 must be opened not filtered. Again I think...
chrizree Posted July 5, 2021 Posted July 5, 2021 yes, according to the payload it is expected that 445 should be open, that should produce a red fast blink though
Capt ahab Posted July 5, 2021 Posted July 5, 2021 I got it to work. had to open 445 manually. My only question is how would one bypass that? I am just testing out the BB on my Windows-10 pc.
chrizree Posted July 5, 2021 Posted July 5, 2021 Perhaps using the Bunny as a keyboard and set the port to open using Powershell (requires admin privs though and an unlocked machine)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.