TeCHemically Posted March 9, 2017 Share Posted March 9, 2017 My bashbunny does not show a device in Win7 and the devmgr shows under "other devices" a "RNDIS" entry with the yellow exclamation symbol indicating driver failure. Trying to point it to the bunny as suggested for the similar problem for CDC Serial driver issues does not help. I followed the steps here as far as i could: http://wiki.bashbunny.com/?_escaped_fragment_=././index.md%23Sharing_an_Internet_Connection_with_the_Bash_Bunny_from_Windows#!././index.md%23Sharing_an_Internet_Connection_with_the_Bash_Bunny_from_Windows I've not had any success installing tools, connecting to internet, or anything else so far. It's been a pretty big let down for a first day. Any guidance is appreciated! Quote Link to comment Share on other sites More sharing options...
WatskeBart Posted March 9, 2017 Share Posted March 9, 2017 When the ATTACKMODE is set as STORAGE RNDIS_ETHERNET Windows will recognize it as a composite device. Try setting it to RNDIS_ETHERNET and it will work. Device installs with a IBM Corporation RNDIS driver. Darren Kitchen already posted something about this, search the forum for it. (i'm currently on mobile sorry) 1 Quote Link to comment Share on other sites More sharing options...
moumoutaru Posted March 9, 2017 Share Posted March 9, 2017 Hey @TeCHemically What switch did you have it set to? Try what @WatskeBart said and set one of the payloads to RNDIS_ETHERNET. You should be able to do this from arming mode or over serial. I haven't played with my bunny much yet so can't give you guidance on the internet sharing. This should give you a good start. Quote Link to comment Share on other sites More sharing options...
moumoutaru Posted March 9, 2017 Share Posted March 9, 2017 As a follow up you should be able to follow my instructions over here until step 4: Once you hit step 4 select 'Let me pick from a list of device drivers on my computer'. Scroll down and select `Microsoft Corporation`, select `Remote NDIS Compatible Device`, click next, Click Yes. Quote Link to comment Share on other sites More sharing options...
Cpt.Pickles Posted March 9, 2017 Share Posted March 9, 2017 I would read the following wiki, http://wiki.bashbunny.com/#!index.md, and watch the video Hak5 had prepared... it sounds like some steps are being skipped. Follow the others advice by removing STORAGE from the default switch 2 position in the payload, @Darren Kitchen thoughts on removing this from installs/github due to the worries/confusion. From here you can use the wiki to help you get the bunny online and updated. Next, flip the switch back position 3 take the files in tools_installer and paste it into switch one folder and let it run, note the code will probably find the files in the library folder first. Now your bash bunny should be ready to run the all the other payloads at the time of writing. Quote Link to comment Share on other sites More sharing options...
scm Posted May 16, 2017 Share Posted May 16, 2017 When plugging a bash bunny into a Windows 7 SP1 box - the device shows up as "IBM USB Remote NDIS Network Device" - however it does not collect creds (keeps blinking green) until the user clicks 'ok' to the new device being installed. Once 'ok' is clicked, and the device is removed and reinserted, the creds are quickly collected (LED goes solid green). Obviously this isnt very stealthy. Is there a way of getting it to work without the user having to click 'ok'? Is this normal btw? Apologies is this has been covered already. Quote Link to comment Share on other sites More sharing options...
bakedmuffinman Posted June 22, 2017 Share Posted June 22, 2017 @moumoutaru if you have to manually install the drivers how is the attack supposed to work? Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted June 22, 2017 Share Posted June 22, 2017 Your issue maybe similar to the issue i was having with my dual attack modes that Seb resolved with the 1.3 update. 1.3 implements the ability to change the speed the BB reports as to the host machine. In your ATTACKMODE line, after the other 2 parameters, add "RNDIS_SPEED_10000" and then see what happens when you plug in. The issue I was experiencing in 1.2 was when I used HID RNDIS_ETHERNET, drivers could not install for the HID because when the ethernet comes online, windows used the BB instead of its internet capable device. This is because by default the BB reports as 2GB. The speed line above has it report as a 10Mb ethernet. Why is this an issue? Windows 7 and 10 will use Windows update to look for drivers it does not have. Note: I notice on some machines this can delay your attack by sometimes up to a couple of minutes and limits your surface to machines that are online. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.