Bash Bunny Backdoor on Linux!

No video

Bash Bunny Backdoor on Linux! - Hak5 2301

Рет қаралды 28,184

Күн бұрын

Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
-------------------------------
Shop: www.hakshop.com
Support: / threatwire
Subscribe: / hak5
Our Site: www.hak5.org
Contact Us: / hak5
Threat Wire RSS: shannonmorse.p...
Threat Wire iTunes: itunes.apple.c...
Help us with Translations! www.youtube.com...
------------------------------
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.

Пікірлер: 63

@bana2s 7 жыл бұрын

Minor trivia: "su" and "sudo" originally stood for "substitute user". They allow you to "become" any user, not just root. But it's usually used for root, a.k.a. "superuser", so that name stuck.

@daviddupoise6443 7 жыл бұрын

default [ALT]+[F2] is Krunner on KDE so it would usually run the script; unless the user has re-assigned that default key-stroke. The quick defeat would be to disble any kind of auto mount for all devices; which anyone who watches this channel should DEFINITELY do.

@sagittariusa2201 7 жыл бұрын

You are are the only guys on KZfaq who I have subscribed to and actually watch every week

@DasPuppy 7 жыл бұрын

After those AWESOME vlogs hak.5 feels so fresh again! You peeps look fab as sheet. Watcher since stage6 days.. LOVE YOU PEOPLE!!!

@Stjaernljus 7 жыл бұрын

At least you recorded it have seen many podcasters accidentally not recording at all or have the camera in timelapse mode.

@anteconfig5391 5 жыл бұрын

I love how at the end as Darren moves his arm he follow's the random sound around the room but he doesn't know it's coming from his watch. I just thought that was funny.

@rbledsaw3 7 жыл бұрын

I've checked and verified that Alt+F2 is a feature that runs on all major desktop environments and every minor one I looked into. Here's the compatible ones I've found so far: Gnome, KDE, Unity, Cinnamon, UDE, Lumina, EDE, Budgie, Razor-qt, Xfce, LXDE, Mate, LXQt, Enlightenment, and Pantheon. Now, in searching these, I have noticed that many of the minor ones have had bugs with Alt+F2 not working. But in essence, it would appear that Alt+F2 is a universal Linux GUI Shortcut.

@mingiasi 4 жыл бұрын

... that cheeky little double blink.

@Cevans3535 7 жыл бұрын

@Hak5 - If you have the 'xinput' package installed on your Linux machine, you can store the ID# of the user's keyboard in a variable with something like: `keyb=$(xinput list | grep 'AT Translated Set' | cut -f2 | cut -d'=' -f2)` From there it's as simple as `xinput disable $keyb` to disable the user's keyboard. To re-enable, simply `xinput enable $keyb` (which should really be tacked onto the disable command with a sleep timer since it's awful difficult to type in the enable command if the keyboard no longer works, lol)

@Cevans3535 7 жыл бұрын

@Hak5 - In case it wasn't clear, I was referring to the hypothetical ngyancat troll payload you mentioned.

@Cevans3535 7 жыл бұрын

@Hak5 - Actually, I made it even harder than it needed to be. Just realized you can refer to the device name itself. `xinput disable "AT Translated Set 2 keyboard"` works just fine.

@hak5 7 жыл бұрын

+Chris Evans love it! Will use in a Nyancat payload for sure ☺ ~Darren

@r3d0s0ft 7 жыл бұрын

@Hak5 As of Nyancat payload. I saw one before, that 'nyans' in the MBR, with PC Speaker music, lol

@PrymalInstynct 7 жыл бұрын

xterm is not the default terminal for GNOME, so the RUN extension works but you need to execute gnome-terminal to ensure that the the rest of the attack works.

@carlelg5001 7 жыл бұрын

I love that Darren uses uBlock origin.

@thesmiler6125 7 жыл бұрын

It can be done with aliases too, it's a bit more hidden as the path is not altered.

@username65585 7 жыл бұрын

I thought it you meant Pseudo Backdoor at the begining. Also, sudo stands for "substitute user do" not "super user do" because sudo allows you to execute commands as any user, not just the "super user."

@michaelpayne5272 7 жыл бұрын

Hey Darren and Shannon, love the show. I was wondering if you could explain the way that you use those little arcade buttons to switch camera angles. I just think it's pretty nifty and I'm curious as to how it works. Thanks!

@hexadcml 7 жыл бұрын

2301 YEASS

@jaredmeit6127 7 жыл бұрын

Will this work if the victim user is not logged in when you attach the Bash Bunny? I'm guessing it wouldn't because this all happens in their home directory. Is that correct?

@connormauk3210 7 жыл бұрын

I loved the xkcd joke!

@QTM1981 7 жыл бұрын

Evil Darren! :-OOOOO

@Raffles666 5 жыл бұрын

you guys ever do anything with sip and VoIP in general?

@orochiokada 7 жыл бұрын

I made something very similar a while ago. This is why I set up my sudoers file to do just a few things with no password.

@username65585 7 жыл бұрын

I don't have a mac to test this on but I think you can use AppleScript to execute bash. Like as follows do shell script "command"

@hwally777 7 жыл бұрын

Why no more Pineapple Nano videos?

@Onnesie 7 жыл бұрын

Quick question, can I still use a bash bunny to inject payloads while still using it as it's intended function...an Ethernet adaptor??

@stuntmouse9152 7 жыл бұрын

Darren looks so much odder with that top mustache I mean it's fine just odder than what use nerds and hackers already are

@tehtron 7 жыл бұрын

Darren doesnt use tabs key for auto complete. So frustrating

@pudelz 7 жыл бұрын

Is there a reason why the script doesn't check uname to determine which *nix it's on?

@pudelz 7 жыл бұрын

@Hak5 - Sorry if this a stupid question, I have a bash bunny but have yet play with it...

@Baigle1 7 жыл бұрын

*disables USB kernel module...* HCF *unplugs connectors from mobo after fire*

@Graftings 4 жыл бұрын

That sudo judo

@zizzu549 7 жыл бұрын

Why is the python server running? To grab the file? Can't you just broadcast the file with nc so everyone get the password and all are happy?

@koenvanderrijt5244 7 жыл бұрын

Sooo running a webserver saves me from (port 80) Bash Bunnies ;-) ?

@patrickben3924 7 жыл бұрын

how to make file that is a backdoor and wen we install it on somones computer we can control it from anywhere .. is that possible

@prometheus1144 7 жыл бұрын

patrick ben its called a rat

@Gamersls 7 жыл бұрын

patrick ben search for rats

@PolakeXD 6 жыл бұрын

😂 Don't worry.. I'm also not that huge MacOS fan too and only own an Apple Powerbook G4 15"

@Vlerden 7 жыл бұрын

Soooo.... no longer a surface fan?

@macpclinux1 7 жыл бұрын

wow that beard looks cool darren! keep it like this i think it's cool :D

@YeisenAchitel 5 жыл бұрын

alt f2 brings up a run box on kde too...

@cornalito 7 жыл бұрын

invsible terminal action? yes. switch to sh, theres no history in sh ;-) and do your stuff

@jeremymesloh1981 5 жыл бұрын

You can also just start the command with a leading space to stop bash from logging your commands :)

@leo-rq2ei 7 жыл бұрын

pgrep is pretty useful when using the &

@davidmccabe4 7 жыл бұрын

Just me or does Darren look a lot thinner??

@bana2s 7 жыл бұрын

This sandwich will be reported.

@hak5 7 жыл бұрын

+Jim Goltz :) ~Darren

@xelnagamex 7 жыл бұрын

Wow, I was having fun with this since 2011, and just now founded out that it's called "bash bunny". Why bash bunny?

@tedmosby9409 7 жыл бұрын

o yh touch snubs

@salnaggar 7 жыл бұрын

guys we need some hackRF one VIDEOS please!!!!!!

@Gamersls 7 жыл бұрын

Bluetooth exploit pls

@patrickben3924 7 жыл бұрын

@rcboy147 7 жыл бұрын

somethingcool.txt

@PosiP 6 жыл бұрын

Why is Apple products like kryptonite to real computer people?

@TwstedTV 3 жыл бұрын

so basically no ones computer is safe anymore after this. not even encrypted computer. I minus well go to work and leave my house doors and windows open and write my bank account personal info on the walls and leave all my id's at the dinning table. Since nothing is protected anymore.