[Help idiots guide to use Rubberducky code to Basbunny]

Have you attempted a "helloworld" script to even know if your BB is set up to GermanNoobs point??? That is the first step...

[Bash Bunny keeps " shutting down"]

I only suggested that you SCP information off because it sounds like it has hanged randomly and we want to make sure we can get the file before that happens, granted it might happen when you scp it off..

changing the date can be done by:
date -s "2 OCT 2006 18:00:00"

Reading dmesg or the log file is for the most part easy, if you need help understanding something as you are looking google is your friend :) as most of it is documented. But let us know what the last couple of lines are for the set date... or if you don't set the date look at the last couple of lines in /var/log/messages right before the lines with all of the [0.000000]

[Bash Bunny keeps " shutting down"]

dmesg is something that you will need to ssh into the bunny to see... however, if its failing and you cant get into it, you might need to look at the logs located at /var/logs/messages. What I would do to see what is causing the bunny to fail is change the date to today, or something different than what its booted with, to identify different boots. Let if fail boot it back up scp the file off before it fails and read in notepad ++ or other text editor. Lots of steps but should point to what might be causing the issue.

[Bash Bunny keeps " shutting down"]

Does it happen seconds minutes after you plug it in? Does it happen under load? What are you running when it happens? Need more info to help

[Unable to connect to serial via putty]

On switch 2 remove STORAGE, save , and follow the instructions here http://wiki.bashbunny.com/#!./index.md#Sharing_an_Internet_Connection_with_the_Bash_Bunny_from_Windows to remote into it.

[Unable to connect via Serial (Windows 7)]

I should have included this post in my previous as it sounds like you might be having the same issue...

On 3/6/2017 at 7:56 PM, moumoutaru said:

@Cpt.Pickles 

1. Open Device Manager
2. Right click on CDC Serial under 'Other devices'
3. Left click 'Update Driver Software...'
4. Left click 'Browse my computer for driver software'
5. Left click 'Browse...' and select the drive letter of your BashBunny
6. Left click 'Next'.
7. Left click 'Install this driver software anyway' (If you get a Windows Security popup).
8. Click 'Close'
9. Profit

At this point you should see 'Gadget Serial (COM#)' under 'Ports (COM & LPT). Let me know if that helps. Cheers.

 

[i messed up my bash bunny please help recover it]

If the BB is running properly it will flash blue in switch position 3, not sure if you are asking about after the reinstall process though, that I do not know...never done it. if you can ssh into the device mount the file system, I'm assuming you are saying Windows is saying that its read only.
mount -o sync /dev/nandf /root/udisk
Do ls -la /root/udisk does it also show that it is read only? ... Just in case you need help reading the output... https://wiki.archlinux.org/index.php/File_permissions_and_attributes
Based on my device all files/folders(excluding "..") should have at least the following attributes, -rwxr-xr-x 

[Unable to connect via Serial (Windows 7)]

For me the BB shows as "USB Serial Device", in Win10. If you remove the BB do those COM ports disappear? 

[Overheating?]

Include SERIAL in your attack mode, ssh into the bunny and run the following to monitor temps:

while [ true ]; do
	echo "Zone 0: "`cat /sys/class/thermal/thermal_zone0/temp`
	echo "Zone 1: "`cat /sys/class/thermal/thermal_zone1/temp`
	printf "\n"
	sleep 10s
done

This will allow you to see if it is an actual overheating issue or if its another issue... Darren posted the following about the temp because many have reported warm/hot devices.

On 3/3/2017 at 4:01 PM, Darren Kitchen said:

The temperature isn't a problem, it was casing was designed to keep the board well within its thermal limits. It will run warm over time (Idling around 50C), but it isn't an issue as the CPU is rated to 125 C.

 

[Opening storage in Switch 1 and 2]

If you look at the default payload.txt in the two switches they have STORAGE listed as the ATTACKMODE as well as the Ethernet adapters for win/linuxosx. To test just remove STORAGE from the test payloads :) If you look there has been communication as to why the Ethernet is not working as intended for what sounds like most users... at this time.

[RNDIS driver fails to install Windows 7]

I would read the following wiki, http://wiki.bashbunny.com/#!index.md, and watch the video Hak5 had prepared... it sounds like some steps are being skipped. Follow the others advice by removing STORAGE from the default switch 2 position in the payload, @Darren Kitchen thoughts on removing this from installs/github due to the worries/confusion. From here you can use the wiki to help you get the bunny online and updated. Next, flip the switch back position 3 take the files in tools_installer and paste it into switch one folder and let it run, note the code will probably find the files in the library folder first. Now your bash bunny should be ready to run the all the other payloads at the time of writing. 

[Windows 10 Support]

Nice find, just know that if you are building attacks based off of that you will run into issues when you go to attack. However, they do sell these devices as more than just an attack surface ;)

[Proper command for ATTACKMODE custom VID and PID]

Good catch, can confirm this is the case... it also looks like the wiki should remove VIP/PID from the Bunny script portion as supplying something like the following does not work as they are not able to be used alone.
 

LED B
ATTACKMODE HID VID_0X03EB PID_0X2015
#Do something 
#Try to change vid pid.
VID_0X045E
PID_0X0007
LED G

Unless I reading the wiki wrong.

[Combo Attack Mode - Net/Storage/Serial]

On 3/4/2017 at 5:25 PM, Darren Kitchen said:

The default switch2 payload recognizes as storage but not Ethernet on Windows. Same thing with Mac. Go figure - it works on my development Linux box. The issue has to do with composite devices and Windows ability to recognize RNDIS as one.

When combining attack modes the Bash Bunny registers as a composite device. Windows doesn't recognize RNDIS_ETHERNET as a composite device by default. Drivers could be installed, but that defeats the purpose in many instances. Alone ATTACKMODE RNDIS_ETHERNET works without drivers on Windows hosts. Thankfully the ATTACKMODE command can be run subsequently to change the state to other modes later on in payloads conditionally.

As for the USB disk - when the payload executes it can access the storage from /root/udisk. At the moment this gets unmounted from the Linux side when payload execution completes. So if you terminal in and ls /root/udisk you won't see anything. 

 

This should answer some of your issues you are having. At the moment it looks like we are not able to combine RNDIS_ETHERNET with another attack mode. Sounds like you will have to perform each attack mode as needed and switch when you need another attack vector.

[Windows 7 "was unable to install your CDC Serial"]

@moumoutaru Thanks but I am not the one having an issue, ChaoticSecurity is, hope that was all that was needed however. 
I was also mistaken, I do have two hardware IDs listed. 

[Windows 7 "was unable to install your CDC Serial"]

I might be reaching the limits of what I can help with, as this might be a Win7 item... But I think Win10 only displays one hardware ID when loading serial, I will double check and report back later. I know this is not the identified issue but have you attempted switch2 or just RNDIS_ETHERNET in the payload? If RNDIS driver loads properly, attempt to ssh via methods described on the wiki for validation. Just trying to narrow down the scope of the issue. 

I hope someone else with Win7 can identify possible differences in the screenshots you have to a working configuration.

[Windows 7 "was unable to install your CDC Serial"]

it looks like its loading the wrong VIP/PID combo... was the switch moved? That is the VID/PID I would expect from Switch position 3
0xF000/0xFF11 <-- is the expected VID/PID combo...

[Windows 7 "was unable to install your CDC Serial"]

It almost looks like the same issue with Windows 10 not liking two attackmodes (ATTACKMODE STORAGE RNDIS_ETHERNET). Do you mind changing the payload in switch1 to just ATTACKMODE SERIAL? If the driver loads you can then ssh into the device and make changes by mounting the file path. Also in device manager what is the driver that is attempting to be loaded it should still show I believe. I will not be able to test with you as I do not have a Win7 host but this might confirm my suspicion.

[Bunny chimes but no drive displays in arm mode]

57 minutes ago, super-6-1 said:

This is going to be basic but make sure it's set to arm mode (switch 3) and it should work. 

Attempt to SSH into the device, through serial and tweak the payload for switch two for serial and storage(same attackmode as switch 3). If you get in you will have to mount the drive shown in the thread "Install tools"
mount -o sync /dev/nandf /root/udisk
from here find the the switch folder and change the ATTACKMODE to ATTACKMODE STORAGE SERIAL.

If this does not work you can attempt to use switch two(default windows switch) the network portion should fail, but storage should be available... at least mine worked this way in current Win10 builds. It has been identified that  ATTACKMODE RNDIS_ETHERNET STORAGE doesn't work in other threads on the BB forum.