Jump to content

Run on Battery for instant attacks?


Problex

Recommended Posts

Having played with the Bash Bunny, I can say that the boot-up time is SERIOUSLY impressive. 

 

It's also worth considering that when you specify "ATTACKMODE RNDIS_ETHERNET", and the like, "ATTACKMODE" is kept as an executable on the BB itself, and IIRC is just a bash script itself. Part of what it does when you select one of the ETHERNET modes is create an authoritative DHCP server, register as the specified device, and wait to ensure the target successfully takes out a lease. I'll attempt to verify what happens if the statement times out (Can't remember if the payload errors, or if it just times out no-worries-mate-I-got-ya-style and keeps going). In situations like this, there may be some additional care to be taken. 

 

However, if you could start a payload on the BB using a battery, and if there were some directive like "WAIT_FOR_INSERT"... You might be able to offload the startup of a larger attack/server/payload/db/whathaveyou. Definitely interested to see what you come up with. Who knows, might be a selling feature in BB2.0 :)

 

 

  • Upvote 1
Link to comment
Share on other sites

Wow. That's some innovative thinking. I take it your idea is about "priming" the Bash Bunny with juice to boot so that when it's finally inserted into the target - it's already alive and kicking - ready to take names... 

Yeah - that seems pretty wicked. I could imagine a USB Y cable and a payload which monitors "dmesg" before launching. 

  • Upvote 1
Link to comment
Share on other sites

17 minutes ago, incendiarySolution said:

Sounds like a good use for a supercap or a microlipo.

And a small USB Micro charge/run socket would also be helpful.

I'm still waiting for my Bunnies to arrive; does anyone know how hackable the hardware is?

Link to comment
Share on other sites

Having the device already booted up was what I was getting at, just as Darren said.

@incendiarySolution yes a small lipo like the ones you get in the micro quadcopters would be enough to just power it up when your getting close to the target pc.

Maybe even attach the bash bunny to the quadcopter for ranged attacks!

Link to comment
Share on other sites

How big (thick) is the board itself?  If it's thin enough, it might be able to attach to say an e-cigarette battery.  With some creative soldering, a box mod could be converted into a stealth bunny.  I originally had the idea to do this with a pi0 with poison tap, but the bunny seems like an excellent candidate as well.

Link to comment
Share on other sites

I've been reading a few manufacturer's data sheets and it seems that this could be done very easily with a USB keylogger style box with a USB plug on one end, a USB socket on the other and a battery pack input. Depending on how you wired the battery connection, you could have it charged from the host you're attacking, but you may hit the USB current supply limit (without drivers) so using an external power pack (such as a Juice) may make more sense.

Link to comment
Share on other sites

This was one of my first thoughts.

I was thinking just a coin cell battery to boot it, then plug in/attack.  Doesn't need to run it for long.

 

But for v2.0, how about a usb port out the back for battery, wifi, ethernet, etc?  And the battery could/should be pass through.

Link to comment
Share on other sites

To use the battery as a failover device, and charge it when not in use, you just need a couple of diode and resister. A voltage regulator is also a good idea.

The only concern I'd have with a small battery is finding one which can provide the required power but if it's possible to find one which could be built in without making the case bigger, it would allow the Bunny to be used in plenty of other attack scenarios. 

Link to comment
Share on other sites

I had this exact thought about running off a battery.. I coin it the Energizer Bunny!

 

I had also thought that maybe there were some sort of Scripts that could run in standalone, post-exfiltration. Things like running hashes against smaller wordlists or something to speed up credential hacking. Don't really know if the BB is powerful enough for that but it's worth looking into. 

Edited by whizdumb
  • Upvote 2
Link to comment
Share on other sites

18 hours ago, CuppaTea said:

To use the battery as a failover device, and charge it when not in use, you just need a couple of diode and resister. A voltage regulator is also a good idea.

The only concern I'd have with a small battery is finding one which can provide the required power but if it's possible to find one which could be built in without making the case bigger, it would allow the Bunny to be used in plenty of other attack scenarios. 

Not if lipo.  They need special charging.  Plenty of chips out there that do it.

Link to comment
Share on other sites

great minds think alike :D I justed posted on yt. Wish I had several of them lol :)

Quote
dude! could we possibly solder sometype of battery that holds its charge for like 5 minutes as to have the thing pre-booted when we connect it? hmmmmmmmmmm I wish I had a disposable as I would make that shit a possibility.

 

Link to comment
Share on other sites

I'm making a usb splitter cable, bunny plugs into the female side.  One male side has wires 2 and 3 (data, white and green) to plug into target, another male side has wires 1 and 4 (power, red and black) going to my Anker battery.  Clumsy but workable, idea could also be adapted for other external battery types....

Link to comment
Share on other sites

Here's the easy way to do this, no cable mods required

Parts:

Micro USB Host OTG Cable with USB Power

- Adapter for target device

- USB battery pack (or just your phone if it can output enough juice ~500 mA)

Edit: This is kind of cool too: https://www.amazon.com/PLAY-STORE-Charge-Durable-Material-Standsrd-Android-White/dp/B017X2BOWA/

WJcSLNn.jpg

Edited by snowc
Pic
  • Upvote 1
Link to comment
Share on other sites

28 minutes ago, snowc said:

Here's the easy way to do this, no cable mods required

Parts:

Micro USB Host OTG Cable with USB Power

- Adapter for target device

- USB battery pack

Edit: This is kind of cool too: https://www.amazon.com/PLAY-STORE-Charge-Durable-Material-Standsrd-Android-White/dp/B017X2BOWA/. A phone/tablet won't be enough to power the Bash Bunny over OTG but plugged into a battery, definitely

WJcSLNn.jpg

This is what I have tried and so far find is the best solution. My phone (Nexus 6p) does however provide enough power to the Bunny, so I do not need to include a battery.

  • Upvote 1
Link to comment
Share on other sites

3 minutes ago, Sebkinne said:

This is what I have tried and so far find is the best solution. My phone (Nexus 6p) does however provide enough power to the Bunny, so I do not need to include a battery.

So with just a phone and this cable you can have a pre-powered bunny. Pretty slick...

510vxEx-gML._SL1200_.jpg

Link to comment
Share on other sites

Has anyone actually tested this with success?  I now have this cable and can power up the BB with it, but the payloads fail.  If I use the cable without connecting the power supply it boots from the target-provided power and everything works, just as if I didn't use the cable at all. 

Link to comment
Share on other sites

55 minutes ago, zippy said:

Has anyone actually tested this with success?  I now have this cable and can power up the BB with it, but the payloads fail.  If I use the cable without connecting the power supply it boots from the target-provided power and everything works, just as if I didn't use the cable at all. 

Many battery packs have smart functionality built in like QuickCharge, which I'm guessing uses the data pins. My guess is those data pins are being engaged and not available to the host when you plug in. Might try a cheapo cable that only does power... or snip the data lines from the battery. Uncharted territory...

Link to comment
Share on other sites

52 minutes ago, snowc said:

Many battery packs have smart functionality built in like QuickCharge, which I'm guessing uses the data pins. My guess is those data pins are being engaged and not available to the host when you plug in. Might try a cheapo cable that only does power... or snip the data lines from the battery. Uncharted territory...

I use a cable that simply has the data lines snipped on the power end. That end I can plug into a battery or my phone (with an otg adapter) and the other into a machine. Works great, as long as the payload isn't hid. Then you'd need to trigger it somehow first.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...