[PAYLOAD] BunnyPicker (Win1oLockpicker)

[rf_bandit]

Basically Win10Lockpicker for the old P4wnP1, but working on the Bash Bunny on current Win10/Win11 systems.

 

https://github.com/rf-bandit/bashbunny-payloads/tree/BunnyPicker/payloads/library/credentials/BunnyPicker

[efexit]

the git hub link for John is no good in this, any clue where to get a legit package

[dark_pyrro]

Why isn't it any good?

[rf_bandit]

I just double checked and I'm not seeing the issue.

[efexit]

i've updated the sources.list then tried to git clone the link but it keeps giving 'unable to access' 'could not resolve host'

i was unaware of updating the sources.list.d until after the fact. any tips on how to restore the original sources.list or have the links so i can do it manually? factory reset doesnt reset it. thanks

[dark_pyrro]

You have to be more specific. Since you mention sources.list, I can't really see how that relates to cloning a GitHub repo. It seems to me that you're trying to install something on the Bunny using apt (probably gcc or git or both) and it's apt throwing back errors at you (which is totally normal when it comes to the Bunny since it's running Debian Jessie and that is a deprecated release, hence the errors since it's not maintained any longer).

In what way are you sure that factory reset doesn't work? By looking at the contents of the Bunny udisk (the storage device that mounts to the computer when you have set the Bunny in arming mode, or using ATTACKMODE STORAGE without a Micro SD card)? If so, that's no sign of if the Bunny was reset or not since the udisk is left untouched when doing a factory reset, i.e. all files and directories on the udisk is still there even though the Bunny (the OS and all the Hak5 specifics) have been reset.

[rf_bandit]

are you sharing the internet connection from your host?

[efexit]

i'm following these instructions from the initial setup here

bashbunny-payloads/payloads/library/credentials/BunnyPicker at BunnyPicker · rf-bandit/bashbunny-payloads · GitHub

 

[efexit]

4 hours ago, rf_bandit said:

are you sharing the internet connection from your host?

no but it does the apt update, so i figure its getting connection somehow

 

[efexit]

15 hours ago, dark_pyrro said:

You have to be more specific. Since you mention sources.list, I can't really see how that relates to cloning a GitHub repo. It seems to me that you're trying to install something on the Bunny using apt (probably gcc or git or both) and it's apt throwing back errors at you (which is totally normal when it comes to the Bunny since it's running Debian Jessie and that is a deprecated release, hence the errors since it's not maintained any longer).

In what way are you sure that factory reset doesn't work? By looking at the contents of the Bunny udisk (the storage device that mounts to the computer when you have set the Bunny in arming mode, or using ATTACKMODE STORAGE without a Micro SD card)? If so, that's no sign of if the Bunny was reset or not since the udisk is left untouched when doing a factory reset, i.e. all files and directories on the udisk is still there even though the Bunny (the OS and all the Hak5 specifics) have been reset.

i'm looking at /etc/apt/sources.list and the changes that were made are still there after doing the factory reset

[dark_pyrro]

If so, the factory reset hasn't been successful. Are you leaving it plugged to a power source the 4th time you've plugged it in during the reset procedure?

[efexit]

57 minutes ago, dark_pyrro said:

If so, the factory reset hasn't been successful. Are you leaving it plugged to a power source the 4th time you've plugged it in during the reset procedure?

yes and it goes through the police lights

 

[efexit]

58 minutes ago, dark_pyrro said:

If so, the factory reset hasn't been successful. Are you leaving it plugged to a power source the 4th time you've plugged it in during the reset procedure?

all the tools are deleted after the reset

[dark_pyrro]

44 minutes ago, efexit said:

yes and it goes through the police lights

For how long? Seconds or minutes?

[efexit]

1 hour ago, dark_pyrro said:

For how long? Seconds or minutes?

for a few minutes, maybe 4-5

[rf_bandit]

Y

On 6/9/2023 at 3:24 PM, efexit said:

no but it does the apt update, so i figure its getting connection somehow

 

Make sure the BB is connected to the internet, because it sounds like that's your problem.

[efexit]

7 hours ago, rf_bandit said:

 

Make sure the BB is connected to the internet, because it sounds like that's your problem.

yea its the connection to the internet. for some reason i cant get it to work. i've ran the Windows_NIC Sharing payload...it goes through the ps script but it gives an error "Test-Connection : Testing connection to computer '172.16.64.1' failed: Error due to lack of resources
At line:1 char:46
+ ...  15 ; while ($true) {If (Test-Connection 172.16.64.1 -count 1) {IEX ( ...
+                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (172.16.64.1:String) [Test-Connection], PingException
    + FullyQualifiedErrorId : TestConnectionException,Microsoft.PowerShell.Commands.TestConnectionCommand"

[dark_pyrro]

Well, I have some doubts about that payload in general, but that's another discussion.

Start with creating a simple payload that uses ATTACKMODE RNDIS_ETHERNET and attach the Bunny to the PC and verify that it shows up as a network device and hands out a DHCP lease to the PC from the 172.16.64.0/24 range.

[rf_bandit]

On 6/12/2023 at 6:29 PM, efexit said:

yea its the connection to the internet. for some reason i cant get it to work. i've ran the Windows_NIC Sharing payload...it goes through the ps script but it gives an error "Test-Connection : Testing connection to computer '172.16.64.1' failed: Error due to lack of resources
At line:1 char:46
+ ...  15 ; while ($true) {If (Test-Connection 172.16.64.1 -count 1) {IEX ( ...
+                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (172.16.64.1:String) [Test-Connection], PingException
    + FullyQualifiedErrorId : TestConnectionException,Microsoft.PowerShell.Commands.TestConnectionCommand"

Follow the Hak5 instructions https://docs.hak5.org/bash-bunny/internet-connectivity/sharing-an-internet-connection-from-windows

[GrandpaPickles]

Just dropping this here for posterity. Since this is an old post.

Im also new to the scene and i had the same self inflicted problem. You need to have a payload on one of the switches with the ATTACKMODE RNDIS_ETHERNET(for windows computers).

Connect the Bash Bunny to the computer in that mode, it will show up as a networkcard. Follow the instructions for setting up windows internet connection.

Here comes the goof i did to cause this. I then took out the BB and connected it in arming mode since thats the only way i could connect to it with my limited knowledge. I was also using Linux at the time but since the problem in this thread is using windows ill just about it in the windows environment. Instead SSH (Putty or something for windows) into the BB using its ip within the 172.16.64.0/24 range. Mine was 172.16.64.1. Then continue as you would in arming mode, with the exception that you now have a internet connection. apt update and everything else worked for me after this.