Bricked?

[mELLoMaN]

Did some testing with the OooohThatsHandy payload which worked fine, but had some issues. Installed the right language, got some loot and so on. Then installed some tools from the forum (impacket, gohttp, etc.). Then I tried to delete the loot from the usb drive but one file I couldn't delete. Using the serial console I tried to locate that file, but it wasn't there...

So I went on and modified the script and did a new run, but now it didn't work anymore. All the periods were gone during execution, some "GUI r" line got split apart during execution, as if the keyboard was wrong, but the rest was ok, it isn't a locale problem. Then I factory reset the bunny, but after that all the files were still on it and it wasn't reset at all...

 

So now my question, did I already brick it the first day?? It is running FW 1.7

Thanks

[dark_pyrro]

Just because the files on the storage part (that gets mounted to the target in arming mode) is still there, doesn't mean that the factory reset was unsuccessful. The udisk (the part that gets mounted to the target in arming mode) is left untouched on a reset. For how long did it flash red/blue during the reset process? For minutes or just some seconds?

[mELLoMaN]

It flashed for minutes. What I'm more concerned about, is that it doesn't write periods anymore since I installed the said tools and breaks lines where it shouldn't...

[dark_pyrro]

I don't think any of those tools available should affect the Bunny typing things. Did you install the tools after the factory reset or just before the reset? What OS does the target have? Have you tried several different target computers? Are you using internal storage or a Micro SD card? You could try to format the internal udisk storage if you have files that you can't seem to be able to remove. Use the "udisk reformat" command to start from scratch when it comes to the udisk.

[mELLoMaN]

I did some testing where it worked, then installed the tools and tested another payload. Thats when it stopped working. Then I did the reset and it still doesn't work. The targets are Windows 10, and both aren't working. I'm using the internal storage. I'll try the reformat, maybe it helps...

Thanks

[mELLoMaN]

ok...no....sorry...doesn't work on a surface with windows 10, but works on a workstation with windows 10...
at least the commands work, but it didn't copy anything to the internal storage...

[mELLoMaN]

can't I delete or edit posts?
It also doesn't work on the workstation, but the output is different...

 

Quote

powershell -W Hidden bel=''BashBunny'''").Name); robocopy $en /W:1 /R:1 /NP /MT /XDDATA" "$env:USERPROFILE\AppData"

powershell -W Hiddlabel=''BashBOOK $destination\loot\copy $env:TEMP\LOOK $destination\loot\

powershell -W Hidden -c \$out-File $env:TEMP\LOOK\CheckForUnquoted.txt $env:TEMP\LOOK\CheckForUnquoted.txt

cmd /minimized /DNSCache.txt & dsregcmd /status > re >EMTEMP%\LOOK\Shares.txt net share > %TEMP%\LOOK\Shares.txt net share > %TEMP%\LOOK\Shares.txt

cmd /minimized /c mkdiile * key=clear > %T5TMP%p%\LOOK\UserGroupsPrivs.txt > %TEMP%\LOOK\UserGroupsPrivs.txt

That's from the workstation...

> re >EMTEMP%\LOOK\
> %T5TMP%p%\LOOK\
> %TEMP%\LOOK\

[dark_pyrro]

I think you have made too few posts yet to be able to edit or delete. If I remember it correctly you need to make 5-6 posts before you can start uploading pictures, edit and such.

OK, I've seen similar but only on Windows 11 (and sometimes on Ubuntu). I.e. that it messes up the chars entered by the Bunny (or leave some out).

[mELLoMaN]

Is there a solution to that problem? Or do I have to live with it working on some systems and not on others?

[dark_pyrro]

I have never experienced it on Windows 10, so that's a bit odd.