nicthejack Posted June 20, 2017 Share Posted June 20, 2017 Hi All, I know this one seems to have been done to death on the forum but I am not sure what else to do. I have read all the posts that I can find on trying to get an internet connection on the BB. I have set, reset the different permutations with regards to RNDIS device, IPs, Drivers etc and get the same results. No internet. Ive tried on Windows 10, 8 and 7 and its the same. Ive tried deploying the payload to the different switches. Ive tried sharing the WiFi and Ethernet connections on the laptop. Okay, so I have updated the firmware to the latest. Storage and HID are fine. The payload is the simple ATTACKMODE RNDIS_ETHERNET. internet sharing is set on the laptop, IP address of BB is 172.16.64.1. IP address of windows side is 172.16.64.10 (have also tried 64). I have also tried disabling and enabling the lan devices as per some of the advice. I can Putty in both serial (arming mode) or SSL in on either the attack switches. When running ifconfig on the BB side, i get the expected 172.16.64.1 IP so all seems ok there. Ive set some LEDs to track the payload going through its motions but i get a red LED and no internet. Its the same for every configuration of the BB on all windows machines. This must be something so silly thats staring me in the face but for all the trees in the woods, i just cannot see it. Any help will be greatly appreciated. Link to comment Share on other sites More sharing options...
dbum Posted June 20, 2017 Share Posted June 20, 2017 So I just got my BB the other day. I just followed the directions on the Wiki and I could get out on my BB. Here is exactly what I did (differences of the wiki) Configure a payload.txt for ATTACKMODE RNDIS_ETHERNET - This was the only text in my payload.txt Boot Bash Bunny from RNDIS_ETHERNET configured payload on the host Windows PC - didn't get any lights Open Control Panel > Network Connections (Start > Run > "ncpa.cpl" > Enter) Identify Bash Bunny interface. Device name: "USB Ethernet/RNDIS Gadget" - Was Network 2 in my case - showed as IBM USB Remote NDIS Network Device Right-click Internet interface (e.g. Wi-Fi) and click Properties. - went to sharing on my wired Interface (DHCP - IPv6 disabled) From the Sharing tab, check "Allow other network users to connect through this computer's Internet connection", select the Bash Bunny from the Home networking connection list (e.g. Ethernet 2) and click OK. - I unchecked "Allow other network users to control or disable...." Right-click Bash Bunny interface (e.g. Ethenet 2) and click Properties. - I unchecked IPv6, don't know if that matters Select TCP/IPv4 and click Properties. Set the IP address to 172.16.64.64. Leave Subnet mask as 255.255.255.0 and click OK on both properties windows. Internet Connection Sharing is complete - Set mine to .64 address. I could ping 172.16.64.1 then. Here is info from my BB: root@bunny:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.16.64.64 0.0.0.0 UG 0 0 0 usb0 172.16.64.0 * 255.255.255.0 U 0 0 0 usb0 root@bunny:~# ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:520 (520.0 B) TX bytes:520 (520.0 B) usb0 Link encap:Ethernet HWaddr 5a:00:00:5a:5a:00 inet addr:172.16.64.1 Bcast:172.16.64.255 Mask:255.255.255.0 inet6 addr: fe80::5800:ff:fe5a:5a00/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:863 errors:0 dropped:0 overruns:0 frame:0 TX packets:72 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:152864 (149.2 KiB) TX bytes:13982 (13.6 KiB) root@bunny:~# cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 8.8.8.8 nameserver 8.8.4.4 Here are my settings in Windows: Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : IBM USB Remote NDIS Network Device Physical Address. . . . . . . . . : 00-11-22-33-44-55 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 172.16.64.64(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Enabled Don't know if any of this will help!!! Good luck! Link to comment Share on other sites More sharing options...
nicthejack Posted June 20, 2017 Author Share Posted June 20, 2017 Thanks dbum, for taking the time to reply. Yeah, my settings exactly the same and have repeated it all again several times, no luck so far. Ive disabled I/Fs and then renabled... I can ping from SSH BB (172.16.64.1) to 172.16.64.64 and get a positive response. I can ping from windows to both .1 and same, get responses. obviously i am ssh ing via Putty. all settings as above the same. I did also set the IP of the BB on the windows side to .10 and then i do get a network showing up in the status. But with it set to .64 its shows in Windows Network Connections as an Unidentified network . However, its the same with .10 and .64 no internet. Seen a few similar posts and Windows 10 seems to be common. What version are you using? Link to comment Share on other sites More sharing options...
dbum Posted June 20, 2017 Share Posted June 20, 2017 I used windows 7 earlier when I walked through. I have a Win 10 tablet right here. I'll try it and get back with you in just a bit. Link to comment Share on other sites More sharing options...
nicthejack Posted June 20, 2017 Author Share Posted June 20, 2017 Ive tried on Win 7 with the same outcome. Ive just ran an nmap against .64 (first 200 ports) and got results. This has to be the Windows side. Link to comment Share on other sites More sharing options...
dbum Posted June 20, 2017 Share Posted June 20, 2017 Mine worked with Windows 10 (Surface Pro 4) Made payload.txt with: #!/bin/bash ATTACKMODE RNDIS_ETHERNET Plugged in / Selected yes for discoverable network (private) Let Drivers install Shared WiFi (With Ethernet 2 -- BB) Configured BB ip as 172.16.64.64/24 with no GW or DNS ssh'd into 172.16.64.1 with no problems. Are you turning on Serial mode as well as RNDIS at the same time? Have you tried it with only: #!/bin/bash ATTACKMODE RNDIS_ETHERNET in the payload? When you do turn on the serial mode, what does your route table look like on the BB? Can you post the output of "ifconfig" and "route" from the BB and the ipconfig from your PC? Link to comment Share on other sites More sharing options...
dbum Posted June 20, 2017 Share Posted June 20, 2017 I meant I also could reach the Internet as well from the BB when I ssh'd in from Win10. It almost seems like it is either a problem with the Internet Sharing in Windows or your default route on the BB. Do you get a line that looks like this? root@bunny:~# routeKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Ifacedefault 172.16.64.64 0.0.0.0 UG 0 0 0 usb0172.16.64.0 * 255.255.255.0 U 0 0 0 usb0 Link to comment Share on other sites More sharing options...
nicthejack Posted June 20, 2017 Author Share Posted June 20, 2017 Ok. So... One thing I noticed in your steps as opposed to mine is "Plugged in / Selected yes for discoverable network (private)" . That doesn't happen here. But I am guessing its because the drivers are already installed. I have tried a couple of times to reinstall them. I wonder is there a setting in Windows I am missing here. The fact that I can see the BB from windows when I ping it and the same from BB to .64 IP of the adapter on the Windows side. SSH is fine. Putty in ARM mode is ok. all of that side is fine. Network Connections (Windows) Sraring Windows BB Adapter status Connection-specific DNS Suffix: Description: IBM USB Remote NDIS Network Device Physical Address: 00-11-22-33-44-55 DHCP Enabled: No IPv4 Address: 172.16.64.64 IPv4 Subnet Mask: 255.255.255.0 IPv4 Default Gateway: IPv4 DNS Server: IPv4 WINS Server: NetBIOS over Tcpip Enabled: Yes PING From windows ping 172.16.64.1 Pinging 172.16.64.1 with 32 bytes of data: Reply from 172.16.64.1: bytes=32 time<1ms TTL=64 Reply from 172.16.64.1: bytes=32 time<1ms TTL=64 Reply from 172.16.64.1: bytes=32 time<1ms TTL=64 Reply from 172.16.64.1: bytes=32 time<1ms TTL=64 Ping statistics for 172.16.64.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Ifconfig from BB whilst SSHroot@bunny:~# ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:520 (520.0 B) TX bytes:520 (520.0 B) usb0 Link encap:Ethernet HWaddr 5a:00:00:5a:5a:00 inet addr:172.16.64.1 Bcast:172.16.64.255 Mask:255.255.255.0 inet6 addr: fe80::5800:ff:fe5a:5a00/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5308 errors:0 dropped:0 overruns:0 frame:0 TX packets:1021 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:812893 (793.8 KiB) TX bytes:144853 (141.4 KiB) Ping from BB SSH in.root@bunny:~# ping 172.16.64.64 PING 172.16.64.64 (172.16.64.64) 56(84) bytes of data. 64 bytes from 172.16.64.64: icmp_seq=1 ttl=128 time=0.714 ms 64 bytes from 172.16.64.64: icmp_seq=2 ttl=128 time=0.725 ms 64 bytes from 172.16.64.64: icmp_seq=3 ttl=128 time=0.725 ms 64 bytes from 172.16.64.64: icmp_seq=4 ttl=128 time=0.742 ms 64 bytes from 172.16.64.64: icmp_seq=5 ttl=128 time=0.728 ms ^C --- 172.16.64.64 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4005ms rtt min/avg/max/mdev = 0.714/0.726/0.742/0.035 msroot@bunny:~# Any insight or help will be greatly received. Link to comment Share on other sites More sharing options...
nicthejack Posted June 20, 2017 Author Share Posted June 20, 2017 4 minutes ago, dbum said: I meant I also could reach the Internet as well from the BB when I ssh'd in from Win10. It almost seems like it is either a problem with the Internet Sharing in Windows or your default route on the BB. Do you get a line that looks like this? root@bunny:~# routeKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Ifacedefault 172.16.64.64 0.0.0.0 UG 0 0 0 usb0172.16.64.0 * 255.255.255.0 U 0 0 0 usb0 Link to comment Share on other sites More sharing options...
nicthejack Posted June 23, 2017 Author Share Posted June 23, 2017 Hi Guys. So i got Internet on the Bunny but big credit to dbum for his help. Thank you dbum. What fixed it: Basically I retraced all the steps from first playing to where I currently was and I realised that having been following some the suggestions on here the only thing I hadn't done was install impacket and responder. The reason I hadn't was because I didn't have internet on the BB to 'git them down.' . Therefore, I concentrated on fixing the internet problem rather than downloading, copying and installing the impacket and responder tools. so, what I did was... Download the 'deb' files of the tools to the local drive of the laptop from the links provided by Sebkinne in his post I then, in arming mode copied the deb files, one at a time into tools folder, unplugged, and then re inserted in arming mode again for auto installation. Repeated for next tool. Then checked and stripped my RNDIS payload in switch 2 to the basics... Set to switch 2, plugged in and BOOM!!! Internet, pinging to my hearts content. Ha! The installation of the tools was the only thing that I had not done so I can only assume this was the fix but of course, horses for courses and all that. For those of you struggling to get the internet if you have not installed them tools give it a try, you never know. If, not perhaps its something else. So, testing the nmapper. Thanks to dbum for helping out here. Due to the settings of the BB and the BB adapter on the windows end a couple of fixes needed to get it going. Basically, the problem was the adapter was manually set to 172.16.64.64 but the DHCP range on the BB side was .10-.12. It looks like what was happening was the nmapper payload is that $TARGET_IP is the IP that was given via DHCP as the BB most likely looks up it's DHCP tables (/etc/network/interfaces.d/usb0 ). As I had a static address in the BB Windows Interface (172.16.64.64) it obviously never would request a DHCP lease. So, taking dbums tip, I changed the Gateway of the BB to 172.16.64.10 and put my Windows interface back in DHCP mode (get IP automatically). The gateway edit is done to the usb0 file located /etc/network/interfaces.d/ and the relevant code section will look like this when done (in bold)... ----------- iface usb0 inet static address 172.16.64.1 netmask 255.255.255.0 gateway 172.16.64.10 dns-nameserver 8.8.8.8 dns-nameserver 8.8.4.4 ----------- From here Internet working, nmapper working and a very productive evening. A beer was in order! Observations: A couple of things I noticed. Even with internet working on the BB if I inspected the status of the adapter on the windows side, yes I had an IP but the status window showed it as No internet connection and No network connection, even though I had one. So, the proof has to be by pinging from SSH on the BB side. I think that perhaps the DHCP edits above should be made anyway to save messing about later. When testing some scripts on the newer firmware don't take it for granted it wil just work. read the change log, ask questions and make the necessary edits to the scripts as in some cases they will need that. For me, this is work in progress. Hope this helps some of you guys out and maybe Sebkinne or one of the other mods could combine this into the other threads on the subject? Link to comment Share on other sites More sharing options...
haztheforce Posted August 9, 2018 Share Posted August 9, 2018 Hi Guys, Had the Bash Bunny for a while now and just cannot get ICS working either. I read this post and have exactly the same issue, but I have gone through all the steps without any success. (Yep even installing the tools!) I too feel like I may have missed something silly, but still unable to determine what. (Maybe my Windows is the issue) Logically I am thinking ROUTE, however other posters show it looks ok with the same settings. Hmmmmm.... Putty no issues using only one entry in payload in switch 2: ATTACKMODE RNDIS_ETHERNET Last login: Wed Aug 8 17:23:30 2018 from 172.16.64.10 However, no Internet. root@bunny:~# ping google.com ping: unknown host google.com root@bunny:~# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. From 172.16.64.1 icmp_seq=1 Destination Host Unreachable Pings from BB, ping 172.16.64.1 PING 172.16.64.1 (172.16.64.1) 56(84) bytes of data. --- 172.16.64.1 ping statistics --- 29 packets transmitted, 29 received, 0% packet loss, time 27996ms ping 172.16.64.10 PING 172.16.64.10 (172.16.64.10) 56(84) bytes of data. 64 bytes from 172.16.64.10: icmp_seq=1 ttl=128 time=0.374 ms --- 172.16.64.10 ping statistics --- 18 packets transmitted, 18 received, 0% packet loss, time 16992ms rtt min/avg/max/mdev = 0.275/0.346/0.374/0.024 ms Pings from Windows C:\Users\root>ping 172.16.64.10 Pinging 172.16.64.10 with 32 bytes of data: Reply from 172.16.64.10: bytes=32 time<1ms TTL=128 Reply from 172.16.64.10: bytes=32 time<1ms TTL=128 Reply from 172.16.64.10: bytes=32 time<1ms TTL=128 Reply from 172.16.64.10: bytes=32 time<1ms TTL=128 Ping statistics for 172.16.64.10: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\root>ping 172.16.64.1 Pinging 172.16.64.1 with 32 bytes of data: Reply from 172.16.64.1: bytes=32 time<1ms TTL=64 Reply from 172.16.64.1: bytes=32 time<1ms TTL=64 Reply from 172.16.64.1: bytes=32 time<1ms TTL=64 Reply from 172.16.64.1: bytes=32 time<1ms TTL=64 Ping statistics for 172.16.64.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms BB Setup ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:427 errors:0 dropped:0 overruns:0 frame:0 TX packets:427 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:40220 (39.2 KiB) TX bytes:40220 (39.2 KiB) usb0 Link encap:Ethernet HWaddr 5a:00:00:5a:5a:00 inet addr:172.16.64.1 Bcast:172.16.64.255 Mask:255.255.255.0 inet6 addr: fe80::5800:ff:fe5a:5a00/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5475 errors:0 dropped:0 overruns:0 frame:0 TX packets:1727 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1046905 (1022.3 KiB) TX bytes:243427 (237.7 KiB) root@bunny:/etc/network/interfaces.d# cat usb0 allow-hotplug usb0 auto usb0 iface usb0 inet static address 172.16.64.1 netmask 255.255.255.0 gateway 172.16.64.10 (changed as per nicthejack comments) dns-nameserver 8.8.8.8 dns-nameserver 8.8.4.4 root@bunny:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.16.64.64 0.0.0.0 UG 0 0 0 usb0 172.16.64.0 * 255.255.255.0 U 0 0 0 usb0 Windows Setup Ethernet adapter Local Area Connection - BB: Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 172.16.64.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 172.16.64.1 Wireless LAN adapter Wi-Fi (Shared with Ethernet above): Connection-specific DNS Suffix . : home IPv4 Address. . . . . . . . . . . : 192.168.0.234 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 I suspect its either my windows 8.1 box or routing table. Link to comment Share on other sites More sharing options...
haztheforce Posted August 10, 2018 Share Posted August 10, 2018 Tried on a 2nd wifi adapter, same issue. Also had a mad idea and tried bridged, that just stops the wifi from internet also, removed that, rebooted router tried once more ICS method, but no matter what this will not get an internet connection. Very strange and very frustrating as with all the posts i read show it can be bunny or windows specific issue but for now I can only blame myself ! Also, I had issues on my kali linux box, but will save that for another thread. Link to comment Share on other sites More sharing options...
haztheforce Posted August 10, 2018 Share Posted August 10, 2018 Fired up windows 10 in lab, same issue. Exactly the same. hmmmmmm. Link to comment Share on other sites More sharing options...
haztheforce Posted August 10, 2018 Share Posted August 10, 2018 right, so i fixed it. Had to make my default gateway on windows nic my router gateway and then when windows warns about using it on different network segment, click ok. Whoops :) I feel so stupid now. Link to comment Share on other sites More sharing options...
haztheforce Posted August 10, 2018 Share Posted August 10, 2018 IPv4 Address. . . . . . . . . . . : 172.16.64.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . 192.168.0.1 DNS - 172.16.64.10 The above just didn't look right and the windows warning was throwing me off the right track. Since its not mentioned in the instructions and everyone leaves their GW out of their ports (its internal IP, not sure why everyone hides it) This was not so obvious for me. All well, hope it helps someone and saves hours of messing around. Link to comment Share on other sites More sharing options...
killbot6 Posted November 7, 2020 Share Posted November 7, 2020 On 8/10/2018 at 3:57 PM, haztheforce said: IPv4 Address. . . . . . . . . . . : 172.16.64.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . 192.168.0.1 DNS - 172.16.64.10 The above just didn't look right and the windows warning was throwing me off the right track. Since its not mentioned in the instructions and everyone leaves their GW out of their ports (its internal IP, not sure why everyone hides it) This was not so obvious for me. All well, hope it helps someone and saves hours of messing around. This hasn't worked for me. I can not get this thing online. Ideas? Anytime I attempt to "share my network" via my network card it put the bunny as a "unidentified network" and won't allow an ssh. If I disconnect the bunny from being shared, I can connect via ssh but the bunny has not network connection. BTW, this is on windows 10. Link to comment Share on other sites More sharing options...
chrizree Posted November 15, 2020 Share Posted November 15, 2020 I just went through the steps in the Hak5 documentation web page (linked below) about allowing internet connection sharing and it all worked without any problems. I tried it on a fairly recent install of Windows 10 Home (2004, fully updated) that has never been touched before by the Bunny. One thing to pay special attention to in the article is step 5 as it might be misinterpreted as step 4 has been recently read. It's easy to let the brain jump to conclusions when heading over from step 4 to step 5. First (in step 4) you read "Identify Bash Bunny interface" and then in step 5 it's easy to just read "Right-click interface" and forget the part saying "Internet" making you click the Bunny interface. This is crucial though. My guess is that many right click on the RNDIS interface representing the Bunny instead of the adapter that offers internet connectivity. You shouldn't right click in the Bunny interface in step 5 but the interface on the computer that normally is used for internet access. In the sharing drop down list, the Bunny interface (such as "Ethernet 2") should be selected as said in the step by step instruction. I didn't install any tools on the Bunny, or such, that has been mentioned in some post in this thread. I just followed the article and it works. https://docs.hak5.org/hc/en-us/articles/360010554193-Sharing-an-Internet-connection-from-Windows Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.