Jump to content

Scriptmonkey_

Active Members
  • Posts

    17
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by Scriptmonkey_

  1. 1 hour ago, Jtyle6 said:

    Na, you just need a paper clip or a SIMcard eject tool to do it...

    Thanks, I was using a pin and it just kept missing it or slipping off 🙂 Wrote up the recovery guide into another thread but yeah, looks like firmware upgrade is basically scp firmware file to /root/ boot cycle it into arming mode and wait for LEDs to stop doing the hokey cokey.

  2. Well... snifflebiscuits.

    I believe I've done did broke it.

    Lost network connectivity as the file was transferring (not sure why, it was there, I wasn't touching it, just SCP stopped transferring the file and said connection reset by peer).

    Next boot, I can only assume it tried to take to the partial file that I'd uploaded and appears to have flashed that. All switch modes are unresponsive.

    I don't suppose there is a "Users Be Stupid, Factory Reset" magical on-off-switch-button combination in order to restore the firmware?

    Edit2: I've actually managed to recover this myself. I've taken the liberty of writing up the procedure I took in a forum post and deleted some of my posts from here as it was just cluttering up the place.

     

  3. On 10/11/2019 at 12:48 PM, Jtyle6 said:

    I'm getting on when downloading.

    
    {"error_message":"tool version not found"}

    On https://downloads.hak5.org/shark When downloading the helper tools.

    Can confirm I'm getting the same issue.

    Edit: Don't think I need to do it manually. Reviewing the binaries on the host I found /usr/bin/shark_framework which has some interesting lines in. Looks like if you copy the firmware file to /root/, have the switch in arming mode... it'll autodetect and apply the firmware.

    	#!/bin/bash
    	SWITCH_POSITION=$(/usr/bin/SWITCH)
    MODE="OFF"
    	UPGRADE_FILE=$(ls /root/upgrade-*.bin 2>/dev/null | tail -n1)
    	LOG="logger -t Shark [*]"
    LOG_ERR="logger -t Shark -p 3 [!]"
    	function upgrade_leds() {
            /usr/bin/LED OFF
            while true
            do
                    echo 1 > /sys/class/leds/shark:red:system/brightness
                    sleep 0.2
                    echo 0 > /sys/class/leds/shark:red:system/brightness
                    echo 1 > /sys/class/leds/shark:blue:system/brightness
                    sleep 0.2
                    echo 0 > /sys/class/leds/shark:blue:system/brightness
            done
    }
    	function execute_upgrade() {
            $LOG "Checking for firmware upgrade"
    	        [[ -f $UPGRADE_FILE ]] && {
                    $LOG "Firmware upgrade found"
                    upgrade_leds &
                    led_pid=$!
    	                cp $UPGRADE_FILE /tmp/upgrade.bin
                    rm $UPGRADE_FILE
    	                sleep 2 && kill $led_pid
    	                $LOG "Executing UPGRADE"
                    /usr/bin/LED B && echo "sysupgrade -n /tmp/upgrade.bin" | at now
    	                exit
            } || {
                    $LOG "No firmware upgrade found"
                    return 1
            }
    }
    <snipped>
    



    Giving it a shot now.

  4. On 20/04/2017 at 11:21 AM, chrisaw said:

    Does anyone have any additional advice to get this working?

    I have managed to get two different results:

     

    1.) Connected to BashBunny (network info populated in panel) which results in the Mac not being able to access the Internet (I assume routing is pointing towards the BashBunny instead of the WiFi router. As such - neither device gets Internet access.

    2.) Connected to BashBunny (network info NOT populated in panel - only manual IP) which results in the Mac being able to still access the Internet properly (yay!) but still no Internet connectivity for the BashBunny.

     

    In both configurations I can SSH to the BashBunny but neither provide it with an Internet connection which is a bit of a pain.

     

    I know I could likely get this working easily with a Ubuntu VM but I'd rather avoid that if possible since it adds additional faff needed to configure the BB for a pentest situation.

     

    Thanks!

    So I was in a similar situation.

    1. BashBunny info populated as per the OP screenshots - You're correct, the RNDIS Ethernet adapter comes above the wifi in the stack and OSX sets the BB as the default GW for the machine, no internet for anyone but you can ssh to the BB just fine.

    Correcting the derp with a route -n delete default gw 172.16.64.1 command and netstat -nr confirming the routing for IPv4 is correct at least, still does not restore the internet however for some unknown reason.

    What did fix it... hitting "assist me" in the network settings dialog and allowing it to configure the wifi network as an internet connection. That then reordered all my network adapters in the graphical listing of the network settings pane and now I can plug the BB in without losing internet on the host.

    However, despite following all the instructions in the OP and deleting the crazy route for the default gw to 172.16.64.64 on the BB and replacing it with a 172.16.64.10 (the ip of my mac) still doesn't give me network connectivity.

    No idea why the ip on the BB for its default route is 64.64 either.

    Would definitely appreciate any help trying to get this working, would like to update the OS.

  5. So managed to win a Bash Bunny as a prize in a CTF competition at a local conference over here and its day 1 of ownership. Have upgraded the firmware to version 1.3 and having a blast playing about with it over the serial console.

    I was thinking of porting a payload I use based on work I did with an old friend of mine called "Blinking Hell" (http://blog.scriptmonkey.eu/bsides-london-2013-blinking-hell-extracting-data-using-keyboard-lock-states/) which allows for export of data via the "lock" keystates. I'd say we got there first in 2011 using a teensy, but we didn't go public until 2013 :'( and it kinda just got left in the weeds other than our own private developments as we were using it in a very niche manner to suit our work. Any way bitter tears aside :) I'd like to port it over to the bunny.

    I've had a good root about using google and searching the forums and cannot see for the life of me how I can create ducky script to read the state of the various "lock" keys. I see people talking about it happening and asking "if it can" but no idea "how" to do it. I am assuming from reading the ducky script git pages its going to be some obscure command that isn't covered in the usual manual/howto.

    Cheers!

×
×
  • Create New...