History

Mohamed A. Baset d36f90f26c Update payload.txt		2019-07-11 19:33:28 -05:00
..
mmcbrute	Create mmcbrute.py	2019-05-30 00:31:56 -05:00
passlist.txt	Create passlist.txt	2019-05-30 00:07:30 -05:00
payload.txt	Update payload.txt	2019-07-11 19:33:28 -05:00
readme.md	Update readme.md	2019-05-30 00:54:11 -05:00
userlist.txt	Update userlist.txt	2019-06-01 02:03:17 -05:00

readme.md

SMBruteBunny

         / \
        / _ \
       | / \ |
       ||   || _______
       ||   || |\     \
       ||   || ||\     \
       ||   || || \    |
       ||   || ||  \__/
       ||   || ||   ||
        \\_/ \_/ \_//
       /   _     _   \
      /               \
      |    O     O    |
      |   \  ___  /   |
     /     \ \_/ /     \
    /  -----  |  --\    \
    |     \__/|\__/ \   |
    \       |_|_|       /
     \_____ S M B  ____/
           \     /
           |     |

------------------------------------------------
SMBruteBunny by: @SymbianSyMoh

Author: Mohamed A. Baset aka @SymbianSyMoh

Description

This payload exploits the inherited trust between USB pripherals and computers by setting up an RNDIS interface that works as a DHCP server and offer leases to the connected hosts then it can see the open SMB port which is 445 hence the bruteforcing process starts and once the password is found it will be entered to the lock screen via HID script and unlocking the target machine.

What to expect?

Once the password found it will be stored under the "loot" folder and will be entered automatically in the lock screen resulting in unlocking the targeted machine.

Setup

Copy the payload files to the desired Bash Bunny switch.
Switch to the switch which contains the payload
Plug the BashBunny in a locked computer, once the DHCP lease is being offered it will perform SMB bruteforce attack and once succeded it will fire HID script to enter the password and unlock the machine.

Credits

Corey Gilks for mmcbrute