Torrey
-
Posts
39 -
Joined
-
Last visited
-
Days Won
1
Posts posted by Torrey
-
-
33 minutes ago, b0N3z said:
So then what is the fork for?
The codename of this release was dinglehopper. A fork is a dinglehopper as mentioned in the Little Mermaid. I'd love to know why they chose that codename and the connection with the Little Mermaid.
- 1
-
36 minutes ago, b0N3z said:
I have my wifi dns set to google (8.8.8.8 and 8.8.4.4) along with the bash bunny also. both my home wifi routers are also set to that.
Isn't setting that on the BB a little redundant given it's part of the default configuration of usb0?
-
1 hour ago, NicholasAdamou said:
I downloaded the RNDIS driver for my mac, so now I have the RNDIS interface.
However, I do not have the USB 10/100 LAN interface on my mac, not sure if that is important or not.
Additionally, after turning on WiFi to RNDIS ICS on my mac and plugging in the BB. I am able to ssh into root@172.16.64.1, however, after running a ping request to google.com I get 100% packet loss.
Any ideas?
You're suppose to SSH into 172.16.64.1, this is also listed on the wiki under the Default Settings section.
USB 10/100 was an oversight when I created the instructions, this device is actually the Tetra that I occasionally use with ICS. It's not necessary for these instructions.
Give this a try:
- Unplug the BB
- Reboot the computer
- Turn off ICS
- Turn on ICS (sharing your wifi connection with the correct USB interface)
- Plug in the BB
- SSH into the BB
- Welcome to the interwebz?
Edit: Make sure to follow the directions for DHCP with a manual address as well. It's necessary for ICS to work.
-
6 minutes ago, Draxiom said:
Another missing piece for me that is in both of your instructions, but not present in my setup is the "USB 10/100 LAN" as a device to share the internet with; I only see the "RNDIS/Ethernet Gadget" in the list to check
sorry for the 'usb 10/100 lan' confusion, it's from the tetra. you might remember me mentioning that on irc yesterday.
-
You'll need to escape the special characters. Take a look at his example.
- 1
-
When it gets released he should hire the Pineapple Pen guy for promo.
I have a Pineapple....I have a Bash Bunny.....uggghhh Pineapple Bash Bunny Pen(testing)
- 1
-
I personally use VirtualBox and set my BB to switch 1 or 2 before adding to the USB settings in the VM. This way, while your VM is running it'll automatically connect to the VM instead of your host OS.
The steps would be...
- Start your VM
- Change BB to switch 1 or 2 with a simple payload
- Connect it to the computer
- Add the USB device to the list as shown above. Click OK
- Remove BB
- Insert BB again and now it'll be connected to the VM
Note: Changing the BB to arming mode will open it in the host OS, unless you had that to your VM USB settings too.
- 1
-
1 hour ago, graythang said:
I got it to work.
Short answer: use root@bunny:~# route add default gw 172.16.64.(octet assigned to your BB by the mac)
so for mine it was root@bunny:~# route add default gw 172.16.64.10
Long answer
I had the same problem described by HipCrime above. after scratching my head for a minute and rebooting the mac and trying all the suggestions in the post I finally went back to the basics (always do it by the numbers when your stumped).
So I connected up the BB opened a term on the mac and check ifconfig to see where the BB IP-addrs was set
next I check networking to see if it matched and to see what the other settings were (originally the DNS server was set to 172.16.64.1 , i set it to 8.8.8.8 to match what was in the BB /etc/resolv.conf).
Next I ssh into the BB using ssh root@172.16.64.1
in a separate shell on the mac I started tcpdump on the BB interface (in my case en10)
tcpdump -i en10
back in BB land I ran netstat -r to see the route table and watched the tcpdump action
looking in the tcpdump window I see ARPs for 172.16.64.64
and the route table on BB shows:
Which can't be right for ICS because ifconfig on the mac shows 172.16.64.10 as the interface and while I get why the OS X networking UI would show 172.16.64.1 as the router, I didn't get where the 172.16.64.64 in the BB route table came from. The BB's default route should point to the interface assigned to it in OS X (in my case the 172.16.64.10 ip). so a quick 'route add' later and the BB was up and connecting like a champ
hope this helps :)
Awesome you found a way to make it work. The reason why you see 172.16.64.64 is that it's defined in /etc/network/interfaces.d/usb0 on the BB.
That's why the BB wiki (under ICS sections) and this thread says to set the BB's IP manually to 172.16.64.64.
- 1
-
Simple forum search finds the answer.
-
The Pineapple uses opkg, so you would use these commands:
- opkg update
- opkg install etherwake
Etherwake's usage should be: etherwake [mac-address]
-
I added a quickly thrown together screen capture running through my instructions from the first post in this thread.
Video: https://www.dropbox.com/s/7e5vg0kteijwpsx/ Mac OS X - How to Share Your Internet Connection.mp4?dl=0
- 1
-
1 hour ago, yeppers said:
Also doing ls /dev/tty* or grepping dmesg has never shown anything related to the drive in osx. I end up using windows in fusion to putty to it serially. Then a min later osx host terminates the USB drive...
On Mac you'd do:
ls /dev/cu.*
It'll have usbmodem in the name. Once you've possibly figured out which one you'd use this command (change the device name to match yours):
screen /dev/cu.usbmodemch000001 115200
Press ENTER on the blank screen and you should be ready to log in.
-
3 hours ago, hipcrime said:
Got a bit further along, but still no DNS:
_____ _____ _____ _____ _____ _____ _____ _____ __ __
(\___/) | __ || _ || __|| | | | __ || | || | || | || | |
(='.'=) | __ -|| ||__ || | | __ -|| | || | | || | | ||_ _|
(")_(") |_____||__|__||_____||__|__| |_____||_____||_|___||_|___| |_|
Bash Bunny by Hak5 USB Attack/Automation PlatformLast login: Wed Dec 31 16:00:59 1969 from 172.16.64.64
root@bunny:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.16.64.64 0.0.0.0 UG 0 0 0 usb0
172.16.64.0 * 255.255.255.0 U 0 0 0 usb0
root@bunny:~# ping google.com
ping: unknown host google.comTurn off ICS, wait about a minute. Before you turn it back on use the drop down to choose which interface you want to share from (e.g. Wifi) and then enable it. Afterwards, reconnect your BB.
-
The reason for the delay seems to be that your BB doesn't have internet access. I had the slow response when I disabled the internet sharing. As far as using it as a payload it seems you'd have to add a delay to your script like @Dave-ee Jones mentioned.
-
I replied to your issue on github before I realized you had a thread here too. The server is up for me in under 1 second and I made a quick video capture. The only difference that comes to mind is that when I got ICS working on Mac I updated the installed packages on the BB.
-
The same thing happens to me, but only when using the USB extender cable that came with the Bunny. I hate sticking my arm behind the iMac, so I keep dealing with the occasional disconnection.
-
-
I have noticed that Mac can be temperamental when it comes to ICS, so if you ever connect the device and the network settings screen shot above doesn't fill out the subnet mask, router and DNS server then the sharing won't work. In that case, I switch to regular DHCP, apply it, then switch to DHCP with manual address.
Once you're on SSH, if the "route" command returns quickly, you'll know you're online. It should look like this when connected.
Keep plugging away though, you're super close from the sound of it. Maybe even reboot the Mac for good measure (I actually had to do this for the Tetra in the past).
-
Just for the sake of being thorough could you match up the SharingNetworkNumberStart to mine as well as just using ATTACKMODE ECM_ETHERNET by itself.
defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkNumberStart 172.16.64.10
The DHCP range for the Bash Bunny is 10-12, so in reality I could lower the end number as well, but at least matching up with the same start number should help you a lot. Let me know if it works.
-
If you follow the direction from the wiki for Internet Connection Sharing, you shouldn't have much of a problem connecting to the Bash Bunny using PuTTY. Here's my revised instructed derived from the wiki.
- Configure a payload.txt for ATTACKMODE RNDIS_ETHERNET
- Boot Bash Bunny from RNDIS_ETHERNET configured payload on the host Windows PC
- Open Control Panel > Network Connections (Start > Run > "ncpa.cpl" > Enter)
- Right-click Internet interface (e.g. Ethernet, Wi-Fi, ...) and click Properties
- From the Sharing tab, check "Allow other network users to connect through this computer's Internet connection" and click OK
- Right-click Bash Bunny interface (labeled something like "IBM USB Remote NDIS...") and click Properties
- Select TCP/IPv4 and click Properties
- Set the IP address to 172.16.64.64. Leave Subnet mask as 255.255.255.0 and click OK on both properties windows. Internet Connection Sharing is complete
Then using PuTTY, connect to 172.16.64.1.
User: root
Password: hak5bunny
Note: These instructions I worked out using Windows 8.1.
- 1
-
Getting the Bash Bunny to Work with Mac
Bash Bunny Payload:
Configure a payload.txt for ATTACKMODE ECM_ETHERNET
Internet Sharing Config:
Internet sharing is easy with the Sharing tab in system preferences. I selected sharing WiFi (or select how you're connected to the internet) with the RNDIS/Ethernet Gadget and then executed the following commands.
Commands:
defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkNumberStart 172.16.64.10
defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkNumberEnd 172.16.64.200
defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkMask 255.255.255.0
defaults read /Library/Preferences/SystemConfiguration/com.apple.nat (optional - use if you want to see if the above commands appended to the configuration)
Network Device Configuration:
Notes for the Hak5 Team:
It kind of stinks this wasn't more compatible with the Tetra/Nano configuration. You'd have to alter the SharingNetworkNumberStart and SharingNetworkNumberEnd values for the ICS to work again for the Pineapple.
Edit 1:
Today Mac decided to be a pain, so I had to reboot the computer for ICS to work again. I'm not sure why this happens or if there's an easy way to solve the problem, but this has happened in the past with the Tetra too. Also, I wrote a payload that checks the internet connection for me.
#!/bin/bash # # Title: ICS for Mac # Author: Torrey # Version: 1.0 # # Sets the attack mode to ECM_ETHERNET for Mac ICS, then tests the internet connection # # Red............Starting # White..........Connected to the internet # Purple.........Didn't connect to the internet # # Starting payload LED R # Set the attack mode ATTACKMODE ECM_ETHERNET # Are we connected to the internet? wget -q --spider http://google.com if [ $? -eq 0 ]; then LED R G B else LED R B fi
Edit 2:
I threw together a quick video running through the steps above for connecting the BB to the Mac ICS. It's a bit generic cause I didn't have much time, but maybe it'll help understand what's necessary for this to work.
Video: https://www.dropbox.com/s/7e5vg0kteijwpsx/ Mac OS X - How to Share Your Internet Connection.mp4?dl=0
- 2
-
Darren used 172.16.64.1 as the address to SSH into on the latest Hak5 episode.
-
If you're looking to target Windows there's a really good framework called Nishang that covers all phases of penetration testing.
https://github.com/samratashok/nishang
You'd need to put together the Ducky commands for running Powershell as administrator (although not required for every script) and storing the loot.
In the near future I may create an example payload for this and submit it to the Bash Bunny git.
- 1
-
As the title says, what's the original contents of /etc/network/interfaces?
I had forgotten to make a copy of the original before tweaking.
[Question] Would you find this tool useful?
in Bash Bunny
Posted · Edited by Torrey
Since I'm the only one that voted 'no', I'll admit it. I didn't think the idea brings enough value to spend time on it. There's already several ways to do what's being proposed, including a payload or two from the community.
On the other hand if you're getting a ton of support requests from people breaking their bunny or being generally confused on how to update it may be worth the time investment.