trumpet7347

Just tried this and it helped me figure out that the file was DOS encoded, not Unix. Changed the encoding and everything works fine now. Thanks for the help!

Its ok @GermanNoob, thanks for the help, but unfortunatly I still get the same result. I have been doing some more testing and it defenetly seems to be something with my bunny_helpers.sh file. Here is the new payload I was trying out ATTACKMODE HID RNDIS_ETHERNET source bunny_helpers.sh QUACK DELAY 1000 QUACK STRING Testing Switch Position, Switch Position is $SWITCH_POSITION QUACK ENTER QUACK STRING Testing Target IP, IP is $TARGET_IP QUACK ENTER ATTACKMODE RNDIS_ETHERNET source bunny_helpers.sh echo "Target Ip is " >> /root/udisk/test.txt echo $TARGET_IP >> /root/udisk/test.txt sync Here I am trying to see if I can access the $TARGET_IP variable that is also located in the bunny helper file. Unfortunatly I can not, below is the output of the HID section. Testing Switch Position, Switch Position is Testing Target IP, IP is You can also see that I also just tried to see if it was some issue with using HID and Ethernet attacks together, so I made a seperate ATTACKMODE section just using ethernet, and just tried to echo the IP out to a file, which unfortunatly also failed. Here is the contents of the test.txt file Target Ip is So it looks like those variables just are not getting populate for some reason, and I am really not sure why.

That would actually print out "$SWITCH_POSITION" to the run command though wouldn't it, what I am wanting it for it to print out either "switch1" or "switch2" from the bunny_helpers.sh variable

I am having this issue as well, and the SWITCH_POSITION variable is just not working in any of the payloads I try. Here is an example payload.txt I have setup ATTACKMODE HID source bunny_helpers.sh QUACK GUI r QUACK DELAY 100 QUACK STRING Testing Switch Position, Switch Position is ${SWITCH_POSITION} And this is the output I get And this is the contents of the bunny_helper.sh that is present under payloads/library on the bunny itself #!/bin/bash ################################################################################ # Get target ip address and hostname from dhcp lease. # This is for the attack mode of ETHERNET specified. # Without ETHERNET specified, below environment variables will be empty. # # How this works? # 1) ATTACKMODE waits until: # a) target ip address is negotiated by dhcp # b) time out # 2) After ATTACKMODE, we can get target ip address and hostname. ################################################################################ leasefile="/var/lib/dhcp/dhcpd.leases" export TARGET_IP=$(cat $leasefile | grep ^lease | awk '{ print $2 }' | sort | uniq) export TARGET_HOSTNAME=$(cat $leasefile | grep hostname | awk '{print $2 }' \ | sort | uniq | tail -n1 | sed "s/^[ \t]*//" | sed 's/\"//g' | sed 's/;//') export HOST_IP=$(cat /etc/network/interfaces.d/usb0 | grep address | awk {'print $2'}) ################################################################################ # Get switch position # Taken from bash_bunny.sh ################################################################################ check_switch() { switch1=`cat /sys/class/gpio_sw/PA8/data` switch2=`cat /sys/class/gpio_sw/PL4/data` switch3=`cat /sys/class/gpio_sw/PL3/data` echo "--- switch1 = $switch1, switch2 = $switch2, switch3 = $switch3" if [ "x$switch1" = "x0" ] && [ "x$switch2" = "x1" ] && [ "x$switch3" = "x1" ]; then SWITCH_POSITION="switch1" elif [ "x$switch1" = "x1" ] && [ "x$switch2" = "x0" ] && [ "x$switch3" = "x1" ]; then SWITCH_POSITION="switch2" elif [ "x$switch1" = "x1" ] && [ "x$switch2" = "x1" ] && [ "x$switch3" = "x0" ]; then SWITCH_POSITION="switch3" else SWITCH_POSITION="invalid" fi } check_switch export SWITCH_POSITION Not really sure what I am doing wrong, and any help would be greatly appreciated.