Sign in to follow this  
Followers 0
LGee

misteriously behaving new bunny

11 posts in this topic

I have recently started playing around with my new bashbunny, and payloads. Can't figure out what I see when running my first basic payloads on Win7. Take this for example...:

Here is a payload I wrote, where I am trying to use ducky script commands and at the same time use the storage on the bunny, e.g. to store stuff on it later while running ducky commands.

Here is my payload for switch1:

#!/bin/bash
# Set LED Red while setting up attack
LED R
ATTACKMODE HID STORAGE
Q DELAY 10000
LED R G
Q GUI r
Q DELAY 2000
Q STRING cmd
Q DELAY 4000
Q ENTER
Q DELAY 5000
Q STRING e:
Q ENTER
Q DELAY 5000
Q STRING dir
Q ENTER
Q DELAY 2000
# Light turns green - trap is clean.
LED R G B

 

And this results in a single command given in GUI+r:

powershell .))gwmi win32?volume +f ælabel\ææBashBunnyæææ=.Name`æpayloads'switch2'd.cmdæ=

I have flashed the bunny to latest (1.3) firmware.

What am I doing wrong?

I can't seem to get my new bunny hopping. :(

 

 

0

Share this post


Link to post
Share on other sites

First question is what is the error you are getting?

Second one I have is can you submit that powershell line again but use the code formatting in the toolbar.  On my screen it looks jumbled up so can't really read some of it.

0

Share this post


Link to post
Share on other sites

sorry for the bad formatting. here it goes:

powershell .))gwmi win32?volume +f ælabel\ææBashBunnyæææ=.Namepayloads'switch2'd.cmdæ=

so, the error is, I am not getting any of the expected behavior per my ducky script above.

instead, when I insert the bunny with switch in pos. 1.,  I only get this powershell-like line in the Run window and an ENTER after. nothing else happens.

really cannot see where this line is coming from. not to mention why my actual commands are not executing...

 

BTW, I also struggle with the ATTACKMODE setting.

no matter what payload I use, and what ATTACKMODE I configure in payload.txt, I am always getting the bunny mounted as storage, no matter which setting the hardware switch is in.

I could not find any forum entry related to that, but please point me to one if this has been observed before.

 

0

Share this post


Link to post
Share on other sites

Do not know if you are using a different language keyboard but that is some wierd formatted text so will attempt to see if that is the issue.

One thing you are doing in your ducky script is your are assuming the ducky wiill be on drive e: when it may not be on every machine.  Your script will know but not the BashBunny.  This is the reason why the BB Ducky commands you see in most of the payloads are just enough to run a script that does the rest.  Now if you know on your test machine that drive is e: then you are all good for that test machine.

Next, your script still looks strangely formatted so I will redo the duck command for it at how it should probably look.

 

Q STRING "powershell -C \".((gwmi -class win32_volume -f {label='BashBunny'}).Name + 'payloads\\$SWITCH_POSITION\\d.cmd'\")"

Of course I do not have enough info to see what you are really accomplishing except running the file called d.cmd on the BB and then getting a dir of e: drive.

0

Share this post


Link to post
Share on other sites

Looks like a language issue. What language does your PC use? If it's US then you need to set your Bunny's language to US.

0

Share this post


Link to post
Share on other sites

I am using Norwegian keyboard conf. So, that explains the æææ's. But it does not explain why the powershell command shows up when I don't have any powershell commands in my script.

 

Also, I've  tried the bunny under linux, and ATTACKMODE seemed to work correctly, whereas when I tried to plug it in under Win7 (tried two different win machines) it always turns up as storage, accessible. No matter what switch position or payload I use.

 

 

0

Share this post


Link to post
Share on other sites

Well you clearly do have Powershell lines in your script lol. Looks like your firmware has broken so much it only wants to run one payload. You can try some "udisk" commands in the serial console, see if that helps (1 or 2 of those commands will probably wipe everything, but maybe it'll help you get back on your feet). E.g. "udisk reformat".

0

Share this post


Link to post
Share on other sites

If you have access to your Bash Bunny, the correct way to perform a factory reset is the following:

  1. Boot the device in ARMING mode
  2. Serial into the device and execute "udisk reformat". The storage partition will now be formatted and the device will reboot
  3. Serial into the device and execute "factory_reset_bunny". The Bash Bunny will reboot and be restored to firmware v1.0
  4. Download and upgrade your Bash Bunny to the latest firmware version

You should be ready to go after this.

1

Share this post


Link to post
Share on other sites
On 7/17/2017 at 9:56 PM, Sebkinne said:

If you have access to your Bash Bunny, the correct way to perform a factory reset is the following:

  1. Boot the device in ARMING mode
  2. Serial into the device and execute "udisk reformat". The storage partition will now be formatted and the device will reboot
  3. Serial into the device and execute "factory_reset_bunny". The Bash Bunny will reboot and be restored to firmware v1.0
  4. Download and upgrade your Bash Bunny to the latest firmware version

You should be ready to go after this.

Sebkinne,

I appreciate the vast wealth of knowledge that you guys posses and I appreciate the help that all of you guys give to guys like me.

I tried to factory reset my Bunny following your instructions above, I immediately got the "Police" LED patter and then it stopped blinking. I removed the Bunny and tried to reboot it. I get a green light for about 2 seconds then nothing. I think my bunny just died.

 

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.