LucasReal1 Posted March 13 Share Posted March 13 Hi everyone, First of all, I am completly new here and I thank all your help. I have recently buy the Bush Bunny product and download the upgrades and execute the bunnyupdater app. After reading some manuals and watching some videos I ended up loading different payloads in both switch modes. For some reason, one I switch into one of those modes after loading any payload, in my windows computer, the powershell and terminal opens and close but aftter that nothing else happens and the loot folder that suppose to be with new content, is empty. I don't know if I am missing something else Appreciate all the help and support Quote Link to comment Share on other sites More sharing options...
LucasReal1 Posted March 13 Author Share Posted March 13 Btw, the payload that I am trying to use is in recon>--BB-ADV-Recon and the InfoGrabber but doesn't seem to create the folder with the summary of the information about my pc Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 13 Share Posted March 13 Is the target PC using some keyboard language/layout other than US? If so, specify DUCKY_LANG with the correct language in the payload (or config.txt). Try to execute relevant parts of the payload manually in order to catch errors that might show. The --B-ADV-Recon probably needs PowerShell to be started with the -ExecutionPolicy Bypass to even execute on most Windows systems. 1 Quote Link to comment Share on other sites More sharing options...
LucasReal1 Posted March 13 Author Share Posted March 13 11 minutes ago, dark_pyrro said: Is the target PC using some keyboard language/layout other than US? If so, specify DUCKY_LANG with the correct language in the payload (or config.txt). Try to execute relevant parts of the payload manually in order to catch errors that might show. The --B-ADV-Recon probably needs PowerShell to be started with the -ExecutionPolicy Bypass to even execute on most Windows systems. Thanks for your quick response Yes, after changing in the config.txt DUCKY_LANG us into es (I use spanish keyboard) and adding into the payload the -ExecutionPolicy Bypass between the rest of the parameters, it ended up finishing the script and creating everything in that folder So huge thank you! One last question: it is possible to make (when you change between different payloads in both switches mode) to not show the storage content of the usb? Quote Link to comment Share on other sites More sharing options...
Solution dark_pyrro Posted March 13 Solution Share Posted March 13 Not really sure about the exact scenario; if you need to access the Bunny (like in the two mentioned ones that executes PowerShell script files from the Bunny storage), it's difficult not to expose the Bunny internal storage. If you have a payload that doesn't depend on access to the Bunny storage at all, then you can just not use STORAGE as ATTACKMODE. For example, if you just need HID or some other ATTACKMODE. Quote Link to comment Share on other sites More sharing options...
LucasReal1 Posted March 13 Author Share Posted March 13 it makes sense I will be trying different payloads and scenarios thanks again Quote Link to comment Share on other sites More sharing options...
LucasReal1 Posted March 15 Author Share Posted March 15 I am having a different issues with the same payloads , this time in another computer. Again, all the commands are executing correctly,but at the end of every cmnd in the running window, powershell shows this: Cannot dot-source this command because it was defined in a different language mode. To invoke this command without importing its contents, omit the '.' operator At first, I though it has something to be with the language file again, but it was all good ("DUCKY_LANG es" was set in the config.txt file) and the language of the target is in the same as the text file Any ideas? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 15 Share Posted March 15 Did you rename any of the ps1 files on purpose? None of the previously mentioned payloads has any ps1 file called payload.ps1. That's perhaps not the root cause of the error, I just want to know the background. Quote Link to comment Share on other sites More sharing options...
LucasReal1 Posted March 15 Author Share Posted March 15 4 hours ago, dark_pyrro said: Did you rename any of the ps1 files on purpose? None of the previously mentioned payloads has any ps1 file called payload.ps1. That's perhaps not the root cause of the error, I just want to know the background. Not really, just in case I copy the same payload again as it was, and add again the line -ExecutionPolicy Bypass but seems that the error is the same Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 15 Share Posted March 15 Have you tried this on some other Windows machine? That error seems policy related and the result of a FullLanguage script executed in an environment/session only allowing ConstrainedLanguage. Quote Link to comment Share on other sites More sharing options...
LucasReal1 Posted March 15 Author Share Posted March 15 yes, this time is on another windows machine than the first that I got success, and it is happening with every payload looks like doesnt like the dot (.) character at some point, no clue tbh Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 15 Share Posted March 15 No, it's not "dot" related in that term/definition. Could be due to the fact that SRP (Software Restriction Policies), AppLocker or other forms of AWL (Application Whitelisting) is used on the system. Do you know if the Windows PC where it's not working has such restrictions/policies? You could run the following in a PowerShell window: $ExecutionContext.SessionState.LanguageMode If it returns anything else than "FullLanguage", it's restricted when it comes to PowerShell execution. Quote Link to comment Share on other sites More sharing options...
LucasReal1 Posted March 16 Author Share Posted March 16 Looks like the result is different than FulLanguage: This means that could be a certain Policy that is blocking the execution of certain codes? In this case, the alternative would be to use payloads that are not using powershell right? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 16 Share Posted March 16 Yes, since PowerShell is restricted in that case. You could probably use PowerShell, but with limitations that comes with running in ConstrainedLanguage mode. I've seen some information about it being possible to load stuff via module import, but not sure how that is restricted or if it has evolved over time so that it has been changed with even more limitations lately. Bottom line; you can't run scripts that require FullLanguage in an environment where it's limited to ConstrainedLanguage. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.