Jump to content

Python Payload Testing Server

theonewhoknocks

By theonewhoknocks
in Bash Bunny

 Share

Recommended Posts

theonewhoknocks Newbie

theonewhoknocks

Posted
Posted (edited)

I got annoyed pretty quickly by the amount of times I had to re-plug the Bash Bunny in order to test a complicated payload of some sort, so I threw together this rather rudimentary payload that spins up a flask server. Given that you can see the bunny via IP, you can test your payloads with ease by POSTing some text to it.

The post data type should be JSON and look like:

{"text": "cat "hello.txt";commands here;"}           I recommend putting a sleep in there so you have time to tab out of Postman or whatever you use to test APIs with

I just wanted to get the idea out there, but I think I'll clean it up soon enough.

I can imagine some more advanced things with this, related to data exfil or even remote administration....

And yeah.. I know.. this is suceptible to RCE, but whatever, it's testing!

----------------------

I ran these commands from https://blog.miguelgrinberg.com/post/designing-a-restful-api-with-python-and-flask

NOTE: Requires you have ICS on the bunny in order to "apt-get install python-pip" so that you can get flask from pip repo 

$ mkdir app-name-whatever
$ cd app-name-whatever
$ virtualenv flask
$ flask/bin/pip install flask

------------------------------

Python app.py code below: 

#change to whatever folder it is in relative to /root/
#ex: app-name-whatever/flask/bin/python
#!apiserver/flask/bin/python
from flask import Flask, jsonify, abort, request
import subprocess

app = Flask(__name__)


@app.route('/api/test', methods=['POST'])
def getapi():
    try:
        with open('data.txt', 'w') as outfile:
            cmd = request.json.get("text","")
            outfile.write(cmd)
        subprocess.call(['/bin/bash', "data.txt"])
        subprocess.call(['/root/ATTACKMODE', "RNDIS_ETHERNET"])
        subprocess.call(['LED', "R", "100"])
        return jsonify("OK")
    except:
        abort(500)

if __name__ == '__main__':
    app.run(debug=True)

 

The LED will flash red once the server is accessible again (because you probably changed attackmodes when testing)

Edited by theonewhoknocks
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...