- True or false? Locking your laptop protects your data? Is it good practice and should you lock your laptop when you're not at your desk? Well, let's see how good the security is on this Windows laptop. I'm gonna simply toggle a
switch on this Hak5 Bash Bunny, and notice as quickly as that, I've been able to log into this laptop. So I've logged in. What I'll do here is lock the laptop. Laptop has been locked. I'll toggle the switch
again, and there you go. I've been able to log in. Now, in that example, I don't need to know what the password
is of this laptop. The password was grabbed from the laptop using the Bash Bunny, even though the laptop was locked. Password was cracked
locally by the Bash Bunny. And in this case, keystrokes
was sent to the laptop by the Bash Bunny to
allow me to order log on. Now, in some cases you
may not get the password but there's another
attack that you can use. So let's log off this laptop, and what I'll do here
is unplug the Bash Bunny and then I'll put it to Position 1, the bottom position here,
and then I'll plug it in, and what this attack is
gonna do is it's going to grab passwords from the
laptop and store them locally so that I can take the Bash Bunny away and then crack the passwords offline. So I'll show you two types
of attacks in this video. First one is where I'm
grabbing the passwords from the laptop, locally
cracking them on the Bash Bunny, and then order logging on. Second type of attack is just
where I grab the passwords and I can do offline attack
to crack the passwords. ("Don't I" by Swif7) Now, before we continue, please consider subscribing
to my YouTube channel if you enjoy this kind of
ethical hacking content, please like this video, and click on the bell
to get notifications, that really does help me
with the YouTube algorithm. Okay, let's continue. Zebra, what are we doing? - [Zebra] Hacking. - [David] What type of
hacking are you doing? - [Zebra] Bash Bunny. - [David] You're going to use Bash Bunny to break into networks. - [Zebra] Mm-hmm. - [David] Are you a good or bad zebra? - [Zebra] Bad zebra. - [David] Why? Because you're a hacking zebra. - [Zebra] Yes. (David laughs loudly) - [David] Well done Zebra,
let's break some networks. Okay, so let's see what
we managed to capture. First thing you need to do is make sure that you set this to Position 3. I'll plug it into this
computer and there you go. I've got the Bash Bunny. Let's have a look under loot. Here's my DellXPS. Notice passwords. It's discovered three passwords. Those are the three
passwords of my three users. So it's discovered the user
peter has this password, 123456. David has password1. Jane has password qwerty. Now I purposely chose bad passwords because otherwise this
video would just end up being really, really long. You can use quickcreds, if you
wanna do an offline attack. So looking at Proxy-Auth-NTLMv2, I've got a hashed version of the password, and I could take that offline and do a brute-force attack against it. But if the users passwords
are in my dictionary, I can do a local attack
and log on to the computer. So under loot again,
here's my nmap_results. It found a device and then ran the attack because this port is open, tcp 445. It was as simple as that
to attack a computer that was locked and get access to the information on that
computer, I could log in, because Bash Bunny discovered
the passwords based on a dictionary attack. And again, I could use
quickcreds to grab the passwords, remove the drive and then do a brute-force
or another offline attack. Now the Bash Bunny from
Hak5 has a lot of options. I demonstrated the Rubber
Ducky in this video, showed you a different type of attack using the Rubber Ducky. The Bash Bunny has a lot more
options than the Rubber Ducky, including the fact that you can
have multiple payloads here. You can also create your own payloads but in this video, we'll show
you two very powerful payloads that you can download with the Bash Bunny. Okay, so the first thing you need to know are the Switch Positions. Position 3, closest to
where you plug the USB in. That's how you configure the Bash Bunny. And then you can switch to
Position 2 or Position 1, where you can load different payloads. So first thing I'll do is
set this to Position 3, which is Arming Mode,
allows me to configure this, update the firmware,
load different payloads. I've plugged that into
this Windows laptop. I'm gonna use Windows
for this demonstration because a lot of people use Windows. You can also use Linux or
macOS to configure this device. Okay, so it's picked up
the Rubber Ducky as disk D. This runs Linux, has
lots of powerful options, but I'm just gonna show
you some simple options to get started, show you how to run those
two very powerful scripts. The first thing you wanna
do is update the firmware. You can download that
from the Hak5 website. I'll put all these links below this video so that you can access them easily. But what I'm gonna do is download
the Rubber Ducky Updater, in my example for Windows 64-bit. As you can see there are
options for Linux and macOS. So I'll download this to
my Downloads directory. I've already downloaded it previously but for this demonstration,
I'll replace that. I'll show it in folder. Okay, so here it is. I'll extract that. And what I get is an executable file. Now on my BashBunny, I
already have that file. All you do basically is copy that and put it into the root of the BashBunny. So I'll replace that file. So again, on my D drive,
the BashBunny in the root, I've pasted that file. I'll double click on that. Only option available here
is to Update the Bash Bunny. So I'm gonna type 0, press Enter, and the software checks
whether it's up to date. As you can see, my software's
already up to date. What this also does, which is very nice, is copy payloads to the Bash Bunny. Now I've had problems with that, so I'll show you how you
can update that manually. Press Enter to exit that script. And all you need to do now
is Eject the BashBunny, make sure that you eject it safely, and then unplug it, plug it back in, and it'll auto update the software. The LEDs are really important, they tell you what are
the Bash Bunny is doing but as you can see here, mine booted up and I see the BashBunny directory again. On the Bash Bunny Wiki,
available on the Hak5 website, I'll link to that once again, you can see Position Indicators. You can see the directory structure. As an example, we wanna look at loot to see the hacked information. We can see default
information of the Bash Bunny, but notice here Green blinking
means it's booting up. Blue means it's Arming. Red blinking means that
we're in Recovery Mode or the Firmware is Flashing, and Blue, Red alternating
means don't unplug it. So there's a lot of other
information available on the Hak5 website. Again, I'm not gonna show
you that in a lot of detail, what I wanna show you
is that under payloads, you can specify a payload
for switch1 and switch2. Under library, they have
a whole bunch of payloads. Now, if this, for some
reason doesn't get updated by the Payload Updater, you can download all the
payloads from GitHub. So under payloads,
notice switch1, switch2, but library has a whole bunch
of payloads that you can use, and the two that I demonstrated
are payloads from here. So under credentials, we have
a whole bunch of payloads. I'm gonna select this one, and looking at the readme file, you can see that this uses ethernet to attempt a dictionary
attack against passwords, and that's exactly the payload that I ran. Okay, so the payload is here. All we need to do is copy this to the right switch and it
will attack per this payload. So this makes it really,
really easy for us. We don't have to write this. Someone's already done all the hard work. Under userlist, the default
user available is Administrator. I've added additional users here so that we can crack at those users. Under wordlist, here
are a bunch of passwords that could be used to try
and attack the device. The wordlist isn't very long. We're told in the readme file that there are great
wordlists available on GitHub. This is a famous wordlist. So you can download a whole
bunch of wordlists here if you want to. You can update this wordlist that comes with this attack, with your own passwords. Now, this attack does rely on additional software that you need to install on the Bash Bunny. So going back to the Hak5 website, you're gonna wanna download Metasploit. You need the Metasploit-framework
for this attack to work. Okay, so first thing I'm gonna
do is download Metasploit, that's gonna be saved to
tools on the BashBunny. So I'll save that file and
then I'll download gohttp, save it to the same
directory, save Responder, and save Impacket Now, as you can see here,
it says Virus detected. So what I'm gonna do, and this
is a problem using Windows as an example rather than Linux, it's I'm gonna go to
Virus & threat protection. And I'm gonna turn this off, and I'm gonna try and
download Responder again. Okay, so the files have been downloaded. They are stored in tools on the BashBunny. So what I'm gonna do now
is Eject the BashBunny. All I need to do is unplug it and then plug it back in again. But that'll take a while because it's gonna move
those files to Linux. But for a lot of these attacks,
you need that software. So as an example, for the
attack that I demonstrated at the beginning of this video, you need the Metasploit-framework, but for the others, you need
some of the other software. So I've simply downloaded all those tools. Okay, so at the moment, it's
still installing the software, the LED is actually purple at the moment. You just need a white for
that process to complete. Okay, so there you go. That process has now completed. As you can see under tools, the tools have been moved from
this directory into Linux, so they'll now be available
to be used by attacks. Okay, so under payloads, I put two attacks in the payloads directory. Under switch2, and that's
the one that I demonstrated, I have a userlist of various users. So peter, david and jane, as an example, are the user accounts
that I'm gonna attack. And I know that because when
I looked at the computer, I could see the various
accounts on that computer. Wordlist is a list of passwords. Again, you can use SecLists or Rockyou or another wordlist to try and break the passwords on a device. As mentioned, if that doesn't work, the attack that I've put into switch1, basically snags all the passwords. So snags credentials from
locked and unlocked machines. So quickcreds is a way
to just grab passwords and then you can do an
offline brute-force attack or dictionary attack. But going back to switch2,
here's the payload, this is the actual script
that someone else has written. We can simply use this from the library of scripts
available from Hak5. These are the passwords that it discovered and rather than trying
to rerun the attack, it can simply use this file to try and log on to the machine again. The readme file tells us that this attack is for
Windows at the moment, it uses ethernet to
attempt dictionary attacks against passwords. When the password is discovered,
it's stored in a file for future use as demonstrated. The password may be used
to unlock the machine by manually selecting a user and placing focus on the password field and then it auto logs on, we do that by switching the position of the switches which I demonstrated. Okay, so let's delete these files and start the attack from
the beginning to the end. I've updated my Bash Bunny,
I've uploaded the tools to the Debian installation. So under payloads, library, I'm gonna try and snag credentials. I'm gonna go to this directory
and I'm simply gonna copy all of these files to switch2. That's the attack that we
wanna run when the switch is in Position 2 on the Bash Bunny. So just to double-check,
that there are our users, by default it's only Administrator, but I've added these additional users. Wordlist, there's the passwords. There's the payload that's gonna run, and there's the readme file once again. On switch1, I'll delete these two files, go to library, go to
credentials, go to quickcreds and I'll copy those two files to switch1. And what I'm gonna do is
delete all of the files under loot, to show you the
attack from the beginning. So I've deleted all the files and let's run the full attack once again. So just to reiterate,
under payloads, switch1, I've got an attack. Switch2, I've got my attack. It hasn't discovered the passwords for the Dell XPS laptop yet,
but let's run the attack again and I'll show you how it
discovers those passwords. First thing I need to do
is Eject the Bash Bunny. Make sure that you Eject it
properly from your computer. Okay, so attack is ready to be launched. Okay, so here's my Dell laptop. I'll start it up. I'll plug this in, and
I'll set the Bash Bunny to Switch 2. This will try and snag
all the credentials. So I'll plug that in. You can see it's green at the moment. Now it goes to purple, that means that it's starting to attack. You can see it's flashing now. Just have to wait a while
for this to complete. Okay, so after a while it goes green, that means that it's successfully
attacked this computer. So again, all I need to
do is toggle this to say, Position 1, and then back to Position 2 and I can log in to the computer. Do that again. So I'll lock the computer. Okay, incorrect password, I
need to put it in this position. So I'll toggle this and there you go. Log back in. Okay, so the Bash Bunny
is really powerful. These are just two examples of
attacks using the Bash Bunny. It's got its own scripting language. You can write your own attacks, but here are two really powerful attacks that you can deploy using the Bash Bunny. I'm David Bombal, hope
you enjoyed this video. If you did, please like it. Please subscribe to my YouTube channel and click on the bell
to get notifications. ("Don't I" by Swif7)
