Jump to content

fusionjj

Members
  • Content Count

    5
  • Joined

  • Last visited

About fusionjj

  • Rank
    Newbie
  1. Sorry for reposting this, I didn't see this subforum earlier.
  2. I am quite new to the Bash Bunny and programming in general - I am literally a n00b, so any feedback or advice would be helpful. I am trying to create a payload that can potentially increase the number of switches which may be useful in particular environments such as when you don't have direct access to your own computer, specifically without using STORAGE. The way it works is the following: In the UDISK directory \payloads\, by default there are only two switches; with Nswitch, you can potentially have any number of switches (restricted by the storage of course); so in addition to the above directories, you can also create: Now switch1 is the Nswitch controller - the Nswitch can be changed in two ways, depending on whether you have a lockscreen or not. It is also able to detect the state of the lockscreen (which may be useful in other applications where you can set up two different attacks depending on the state) If there is no lockscreen - then the Bash Bunny will run a HTTP server, and you can set the switch number from http:\\172.16.64.1 directly. If there is a lockscreen - then the Bash Bunny will simply increase the value of N incrementally by 1, i.e each time you plug in the device N:=N+1. This also works if you don't have direct access to a computer, you can simply change the switch by repeatedly plugging it into a USB Power Bank (although this may take some time to reach switch6 as you would have to wait for the Bunny to boot up and the LEDs to flash and repeat this 6 times which isn't ideal in every situation) #!/bin/bash LED SETUP ATTACKMODE HID RNDIS_ETHERNET GET TARGET_IP GET HOST_IP GET SWITCH_POSITION cd /root/udisk/payloads/$SWITCH_POSITION if [ -z "${TARGET_IP}" ]; then LED FAIL2 exit 1 fi if [ ! -f Nswitch.txt ]; then echo 0 > Nswitch.txt fi LED STAGE1 #Detecting lockscreen tcpdump -l -i usb0 'icmp and icmp[icmptype]=icmp-echo' -vv > ping & # Windows OS specific, can change to RUN OSX or RUN UNITY RUN WIN ping $HOST_IP -n 1 sleep 1 if grep "ICMP" ping > /dev/null then echo 1 > lockscreen # Unlocked LED G DOUBLE #Try Captive portal to overcome some restrictions? python -m SimpleHTTPServer 80 & while ! nc -z localhost 80; do sleep 0.2; done else echo 0 > lockscreen # Locked LED R DOUBLE N=0; for i in `cat Nswitch.txt`; do N=$((1 + $i)); done; echo $N > Nswitch.txt fi cp /root/udisk/payloads/switch$N /root/udisk/payloads/switch1 with <form name=”web_form” id=”web_form” method=”post” action=”post.php”> <p><label>Nswitch:</label><input type=”number” name=”N” id=”N” /></p> <input type="submit" value="Ammend"> </form> and <?php $N = $_POST[‘N’]; $fp = fopen(”Nswitch.txt”, “a”); $savestring = $N; fwrite($savestring); fclose($fp); ?> It still isn't complete yet but I have been able to detect the lockscreen state successfully. I did have some issues with the web server at first but this has been mostly resolved, I just need to finish off the code. Before I do, I thought I would get some advice from the Hak5 community on whether this payload would even be useful to other people, and how I could optimize the code or make it better.  I should mention, that once you set the switch number N it will automatically copy the files of the directory from \payloads\switchN to the other switch (i.e switch 2 in the example above) and once you unplug the Bunny, change the switch and replug it, it will run the payload from switch N on switch 2.
  3. I should mention, that once you set the switch number N it will automatically copy the files of the directory from \payloads\switchN to the other switch (i.e switch 2 in the example above) and once you unplug the Bunny, change the switch and replug it, it will run the payload from switch N on switch 2.
  4. I am quite new to the Bash Bunny and programming in general - I am literally a n00b, so any feedback or advice would be helpful. I am trying to create a payload that can potentially increase the number of switches which may be useful in particular environments such as when you don't have direct access to your own computer, specifically without using STORAGE. The way it works is the following: In the UDISK directory \payloads\, by default there are only two switches; with Nswitch, you can potentially have any number of switches (restricted by the storage of course); so in addition to the above directories, you can also create: Now switch1 is the Nswitch controller - the Nswitch can be changed in two ways, depending on whether you have a lockscreen or not. It is also able to detect the state of the lockscreen (which may be useful in other applications where you can set up two different attacks depending on the state) If there is no lockscreen - then the Bash Bunny will run a HTTP server, and you can set the switch number from http:\\172.16.64.1 directly. If there is a lockscreen - then the Bash Bunny will simply increase the value of N incrementally by 1, i.e each time you plug in the device N:=N+1. This also works if you don't have direct access to a computer, you can simply change the switch by repeatedly plugging it into a USB Power Bank (although this may take some time to reach switch6 as you would have to wait for the Bunny to boot up and the LEDs to flash and repeat this 6 times which isn't ideal in every situation) #!/bin/bash LED SETUP ATTACKMODE HID RNDIS_ETHERNET GET TARGET_IP GET HOST_IP GET SWITCH_POSITION cd /root/udisk/payloads/$SWITCH_POSITION if [ -z "${TARGET_IP}" ]; then LED FAIL2 exit 1 fi if [ ! -f Nswitch.txt ]; then echo 0 > Nswitch.txt fi LED STAGE1 #Detecting lockscreen tcpdump -l -i usb0 'icmp and icmp[icmptype]=icmp-echo' -vv > ping & # Windows OS specific, can change to RUN OSX or RUN UNITY RUN WIN ping $HOST_IP -n 1 sleep 1 if grep "ICMP" ping > /dev/null then echo 1 > lockscreen # Unlocked LED G DOUBLE #Try Captive portal to overcome some restrictions? python -m SimpleHTTPServer 80 & while ! nc -z localhost 80; do sleep 0.2; done else echo 0 > lockscreen # Locked LED R DOUBLE N=0; for i in `cat Nswitch.txt`; do N=$((1 + $i)); done; echo $N > Nswitch.txt fi cp /root/udisk/payloads/switch$N /root/udisk/payloads/switch1 with <form name=”web_form” id=”web_form” method=”post” action=”post.php”> <p><label>Nswitch:</label><input type=”number” name=”N” id=”N” /></p> <input type="submit" value="Ammend"> </form> and <?php $N = $_POST[‘N’]; $fp = fopen(”Nswitch.txt”, “a”); $savestring = $N; fwrite($savestring); fclose($fp); ?> It still isn't complete yet but I have been able to detect the lockscreen state successfully. I did have some issues with the web server at first but this has been mostly resolved, I just need to finish off the code. Before I do, I thought I would get some advice from the Hak5 community on whether this payload would even be useful to other people, and how I could optimize the code or make it better.
×
×
  • Create New...