Jump to content

Windows 7 "was unable to install your CDC Serial"


ChaoticSecurity

Recommended Posts

It almost looks like the same issue with Windows 10 not liking two attackmodes (ATTACKMODE STORAGE RNDIS_ETHERNET). Do you mind changing the payload in switch1 to just ATTACKMODE SERIAL? If the driver loads you can then ssh into the device and make changes by mounting the file path. Also in device manager what is the driver that is attempting to be loaded it should still show I believe. I will not be able to test with you as I do not have a Win7 host but this might confirm my suspicion.

Link to comment
Share on other sites

Ok, updated the payload.txt in switch1 as follows:

2017-03-06_11-19-21.jpg

Detached the device and changed the switch from arming mode to switch1 then plugged it back in ... got the following error:

2017-03-06_11-18-17.jpg

Then opened the device manager and took this shot:

2017-03-06_11-20-03.jpg

Here is another panel from device manager ... I've clicked on "Driver Details":

2017-03-06_11-25-14.jpg

 

Link to comment
Share on other sites

Yep, your right ... I must have got my screenshots mixed up ... I walked through the steps again ... same results, except the VID/PID now shows the results you described:

20170306-130740.jpg

So all the screenshots in my previous post are valid, including the Device Driver screenshot, except for the Hardware IDs screenshot which is corrected above.

I thought I'd try updating the device driver manually by clicking on the update driver button, but got similar results:

20170306-131235.jpg

 

Link to comment
Share on other sites

I might be reaching the limits of what I can help with, as this might be a Win7 item... But I think Win10 only displays one hardware ID when loading serial, I will double check and report back later. I know this is not the identified issue but have you attempted switch2 or just RNDIS_ETHERNET in the payload? If RNDIS driver loads properly, attempt to ssh via methods described on the wiki for validation. Just trying to narrow down the scope of the issue. 

I hope someone else with Win7 can identify possible differences in the screenshots you have to a working configuration.

Link to comment
Share on other sites

@Cpt.Pickles 

  1. Open Device Manager
  2. Right click on CDC Serial under 'Other devices'
  3. Left click 'Update Driver Software...'
  4. Left click 'Browse my computer for driver software'
  5. Left click 'Browse...' and select the drive letter of your BashBunny
  6. Left click 'Next'.
  7. Left click 'Install this driver software anyway' (If you get a Windows Security popup).
  8. Click 'Close'
  9. Profit

At this point you should see 'Gadget Serial (COM#)' under 'Ports (COM & LPT). Let me know if that helps. Cheers.

  • Like 1
  • Upvote 1
Link to comment
Share on other sites

My Windows 7 box does not accept the missing driver signature.  I might be able to bypass this by fudging with DEP, but why?  Is there a serial driver that doesn't kak on the signature?  I'm trying to imagine if hacking from Serial makes sense given that for some boxes like mine at least the driver won't load just be setting the switch...

Link to comment
Share on other sites

  • 2 weeks later...

I was able to install this driver.

ATTACKMODE SERIAL

  1. Open Device Manager
  2. Right click on CDC Serial under 'Other devices'
  3. Left click 'Update Driver Software...'
  4. search on computer for driver ...
  5. Choose from a list...
  6. in the list pick : Linux Developer Community / Gadget serial (should be present if you have already connected to your bashBunny in arming mode)
  7. profit

 

  • Upvote 1
Link to comment
Share on other sites

  • 4 months later...
On 3/6/2017 at 9:06 AM, Cpt.Pickles said:

It almost looks like the same issue with Windows 10 not liking two attackmodes (ATTACKMODE STORAGE RNDIS_ETHERNET). 

Windows 10 can handle 2 attack modes.  I use HID RNDIS_ETHERNET all the time, I just append on RNDIS_SPEED_10000 so Windows 10 uses the REAL network connection to the internet to use Windows update to get the new drivers.  May have to do the same with your combo to get drivers.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...