mikachu Posted August 7, 2023 Share Posted August 7, 2023 I have been trying to find a way to secure my payload texts. This is mainly for the chance the usb is lost that the files can't be accessed by any person finding it. I have been some research and havent found any methods that would work for my situation. So far my best option is that the text file is a hidden file, but that is not a bulletproof solution. Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 8, 2023 Share Posted August 8, 2023 I'd bet my money on the fact that you won't find a bulletproof solution. It also depends on the one that finds it (or the one that gets it in the end). If it's a non tech person, it wouldn't understand what it is anyway. If it's a tech person (that's really interested in diving deeper into what it is), then it will be more difficult to hide things. But it all depends on if someone have the time to do the digging even if you're skilled enough to do it. I would probably do some changes under the hood of the Bunny to make it a bit more stealth, but that would limit the flexibility of the Bunny and also jeopardize the possibility to get further help or support. Or, use the USB Rubber Ducky (that has the HIDE_PAYLOAD command and is generally more "stealth" than the Bunny), but it all depends on what attack features that are needed. Link to comment Share on other sites More sharing options...
NoExecute Posted August 9, 2023 Share Posted August 9, 2023 Depends on OS. In Windows you can use encrypted usb storage, on Linux, use a LUKS partioned usb key. For more advanced option, use GPG encryption with a smartcard GPG key 🙂 That should protect you a bit 😉 (if you're trying to protect your dev USB key and files, NOT the Bunny /O.MG itself) Ahh, if it's protecting the bunny if it's lost, sorry no idea, other than, use it, and take it with you. Write the payload to use servers you can afford to burn (one-time-use), and prepare to loose the Bunny / o.mg cable if not a permitted test. But, you really shuldn't run unpermitted tests anyway, so what's the problem ? 😄 /NX Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 9, 2023 Share Posted August 9, 2023 How is the Bunny going to get access to the payloads? Link to comment Share on other sites More sharing options...
sploders101 Posted August 15, 2023 Share Posted August 15, 2023 This is purely a high-level concept, and likely not something that could be done today, but I've been thinking about turning my Bash Bunny (arriving Friday) into a password manager, and I'd really like to keep those safe, so I was thinking that since the MKII has a bluetooth radio, you could potentially write a program that pairs with an app for decryption by phone. It would come online, ask your phone to decrypt or provide a payload, store it in RAM (using a tmpfs), and execute from there. Then, the moment it's turned off, it would disappear. Does anyone see any technical challenges with this other than the phone app? If you wanted to protect loot, that should be pretty trivial using gpg and a public/private keypair, with the public key being on the Bunny. Link to comment Share on other sites More sharing options...
quentin_lamamy Posted August 17, 2023 Share Posted August 17, 2023 The best idea i have for you at the moment is to create a generic payload that download from an anonymous link like we transfer or whatever the real payload, store it on the BB storage, open a terminal on the host, unmount the bb and mount it. After your attack use the host terminal to delete your payload. If you set your dl link to one time use there will remain nothing "public" of your malicious payload This idea need to be tested, not sure for the mount unmount @dark_pyrro When unmount -> mount it is the same for the bb than remove it -> plug it in Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 17, 2023 Share Posted August 17, 2023 15 minutes ago, quentin_lamamy said: When unmount -> mount it is does the same for the bb than remove it -> plugin You have to elaborate on that. I have no idea what that means. Is it a question or something else? Link to comment Share on other sites More sharing options...
quentin_lamamy Posted August 17, 2023 Share Posted August 17, 2023 2 hours ago, dark_pyrro said: When unmount -> mount it is does the same for the bb than remove it -> plugin My bad, typing too fast, and my english not as good as i want ^^ If in command line bb is unmounted and mounted does it trigger the run of the payload like if you unplug the bb and plug it again ? Link to comment Share on other sites More sharing options...
dark_pyrro Posted August 18, 2023 Share Posted August 18, 2023 that won't happen to my knowledge, either you do it using umount/mount or udisk unmount/udisk mount not sure though if you mean that the unmount/mount should be executed from the target or on the Bunny itself and, assuming you mean mount operations of the udisk (either internal nandf or Micro SD card if present) Link to comment Share on other sites More sharing options...
quentin_lamamy Posted August 18, 2023 Share Posted August 18, 2023 6 hours ago, dark_pyrro said: that won't happen to my knowledge, either you do it using umount/mount or udisk unmount/udisk mount not sure though if you mean that the unmount/mount should be executed from the target or on the Bunny itself and, assuming you mean mount operations of the udisk (either internal nandf or Micro SD card if present) whatever the way, the goal is to trigger payload run after downloading the new one Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.