elsevero Posted April 15 Share Posted April 15 Hi there, I started playing with Bash Bunny, I would like to unlock a Windows PC, without knowing the password, for security measures I cannot reset the password. I have seen the Bunnypicker (Win10 Lockpicker for Bash Bunny) payload, listed on official GitHub repo. Has anyone worked with it? I have the following question as this person mentioned in the GitHub issue. I will list the questions here as well: 1. What does JtR means? 2. Where do I run the following commands? In Windows, on the Setup machine (a Windows where I setup the BashBunny USB stick) ? Based on what I have seen, the below commands can be run on a Windows Machine with Linux subsystem activated (WSL2). Am I missing something? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted April 16 Share Posted April 16 7 hours ago, elsevero said: What does JtR means? That can't be too difficult to do a Google search on. Especially since "John" is also mentioned in the payload readme/instructions plus the fact that the GitHub repo is linked in the instructions. So... JtR stands for "John the Ripper", it's a tool. https://github.com/openwall/john https://en.wikipedia.org/wiki/John_the_Ripper https://www.openwall.com/john/ 7 hours ago, elsevero said: Where do I run the following commands? You haven't included any commands in the post, but I guess that you are referring to the commands in the payload instructions. They should be executed on the Bunny itself (when it has been configured to be able to reach the internet). You will most likely run into a bunch of errors while running the apt commands since Jessie is EOL and the upstream package repos aren't maintained anymore. The payload itself is interesting as a concept, but nothing I would use that much since it's rather limited in the way that it is only able to try a limited amount of possible passwords. I would go with QuickCreds/Responder instead and do any "password restoring" on something more powerful than the Bunny. The Responder version that is used in the payload is also older than needed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.