Trouble with Python Script

[Decoy]

Hi Everyone,

I am currently writing my first script for the Bash Bunny. I am done with it and I know it works locally. I think there is a disconnect somewhere with me locating where on the Bash Bunny the payload is located? My log turns up empty when run from the Bash Bunny. I also noticed my light is turning Green (finished) before I even show it as a connected network device. Is that possible to start running the script before having the internet? I thought it waited until it received an IP. Anyway - any help would be greatly appreciated. Thanks in advance.

 

LOOTDIR="/root/udisk/loot/brutebunny"

# Setup Ethernet
LED R B
# ATTACKMODE RNDIS_ETHERNET
ATTACKMODE ECM_ETHERNET

# Need Switch Position
source bunny_helpers.sh

# Setup loot directory and working directory
mkdir -p $LOOTDIR

# Bruteforce
LED G R 100
python /root/udisk/payloads/$SWITCH_POSITION/BruteBunny.py >> $LOOTDIR/log.txt

# Finished
LED G

I am testing this on Ubuntu. Thanks,

Decoy

[Dave-ee Jones]

Does the 'loot' directory exist? As in, is there a directory called 'loot' for the script to create a directory in there called 'brutebunny'?
If it's creating the log I guess the directories should be fine then?

RNDIS_ETHERNET works for some Linux cases. Not sure about Ubuntu though, might have to stick with ECM_ETHERNET but just try using RNDIS. If it's not picking up an IP then it most likely has something to do with the adapter, so see how it goes.

The BashBunny could be more useful with a WiFi adapter as well, but I guess that would make it a bit larger in size...

[Decoy]

I've tried both RNDIS and ECM and neither seem to work. Same result on a Windows 10 Machine as well; however like I said, I can run the Python script locally from the host machine and it works fine. I haven't seen too many examples of python scripts run from payloads aside from QuickCreds and the RDP Example; however those are referencing actual directories on the Bash Bunny OS - not from the Switch/Payload folders. The loot directory does get created, I've tried removing them prior to running - and still the same result. I really think it has to do with how I am running my python script - but I am not positive.

[Haxew]

Are you able to share the python script? How is the script connecting to the windows box out of the bunny?

[Decoy]

The Python script runs independently of the host machine; It runs on the Bunny OS itself, and attacks IPs on the network. I resolved the issue with the script not running - there was a missing dependency - so I had to create an install.sh file; however the log is still blank - and I am not getting any loot in the loot folder. I am just cleaning up a few things and I plan to publish the code here before doing a pull request.

[Decoy]

So all is working with my script; however now I've realized that in order for it to work, the host internet needs to be shared with the Bash Bunny. Has anyone developed a solid way to force the host to share internet with the Bash Bunny? My script is all about other devices on the host network, the original network subnet.

[Darren Kitchen]

One thing I would recommend is adding a sync command to the end to synchronize the udisk file system. Another method would be to temporarily store the loot in /root/loot, then once successful go ahead and move it to the udisk partition at /root/udisk/loot, etc and be sure to once again sync the FS. 

[Darren Kitchen]

7 hours ago, Decoy said:

So all is working with my script; however now I've realized that in order for it to work, the host internet needs to be shared with the Bash Bunny. Has anyone developed a solid way to force the host to share internet with the Bash Bunny? My script is all about other devices on the host network, the original network subnet.

If the target is Linux you could use a HID attack to inject the keystrokes keystrokes necessary to setup Internet Connection Sharing via iptables. You'll find the commands in bb.sh 

For Windows hosts there *should* be a way with powershell - but every time I've gone looking for a convenient way I've come up empty handed. ? 

[PoSHMagiC0de]

I love this thing.  Just got it.  So I saw your question.  I have not had time to put it all together but will let you know.

On linux the secret to sharing the inet connecton is in the bb.sh you download.  Of course it uses IPTables which means you will need to use sudo....which means you need to know the user's logon.  This is not a bad thing if you do or are just using this as a tool for yourself.  For pentesting this could be an issue unless you can fire off an exploit to get you root access at the console before using iptables.

For windows if the user is on as an admin user then this is not as bad since getting sudo there involves you just clicking yes.  A sample of someone setting ICS in Windows via Powershell is here.  I haven't had time to run through it and test it but from what I can gather for it to work you will need to use wmi in powershell to get the current active nic and get the nic the bashbunny is under.  I am assuming with some testing the bash bunny may come up as the same type of device on all machines so this maybe easy to filter and locate.  Next is just follow the script the guy posted but read further down as he made a mistake and discover to get it all to work.

 

https://social.technet.microsoft.com/Forums/lync/en-US/88003b3b-0e5c-49a7-bb20-cdbbbb435d09/enabling-windows-ics-from-powershell?forum=ITCG

If nothing is put together when I get time to begin really fiddling with this thing I will spawn something in Powershell that can do it and post it.

[Decoy]

20 hours ago, Darren Kitchen said:

If the target is Linux you could use a HID attack to inject the keystrokes keystrokes necessary to setup Internet Connection Sharing via iptables. You'll find the commands in bb.sh 

For Windows hosts there *should* be a way with powershell - but every time I've gone looking for a convenient way I've come up empty handed. ? 

Yeah, I've been looking too. I'm going to just release this for Linux for now just to get it out there. I'm sure the Open Source community you've fostered here will help to figure out something. Thanks for tips.

[Decoy]

7 hours ago, PoSHMagiC0de said:

https://social.technet.microsoft.com/Forums/lync/en-US/88003b3b-0e5c-49a7-bb20-cdbbbb435d09/enabling-windows-ics-from-powershell?forum=ITCG

If nothing is put together when I get time to begin really fiddling with this thing I will spawn something in Powershell that can do it and post it.

Thanks for the info. I'll check out this article and okay with it some more tonight. I've been messing with it for a few days trying some different things...

[Decoy]

10 hours ago, PoSHMagiC0de said:

https://social.technet.microsoft.com/Forums/lync/en-US/88003b3b-0e5c-49a7-bb20-cdbbbb435d09/enabling-windows-ics-from-powershell?forum=ITCG

If nothing is put together when I get time to begin really fiddling with this thing I will spawn something in Powershell that can do it and post it.

I just found a refined version of that PowerShell script here:

https://superuser.com/questions/470319/how-to-enable-internet-connection-sharing-using-command-line

# Register the HNetCfg library (once)
regsvr32 hnetcfg.dll

# Create a NetSharingManager object
$m = New-Object -ComObject HNetCfg.HNetShare

# List connections
$m.EnumEveryConnection |% { $m.NetConnectionProps.Invoke($_) }

# Find connection
$c = $m.EnumEveryConnection |? { $m.NetConnectionProps.Invoke($_).Name -eq "Ethernet" }

# Get sharing configuration
$config = $m.INetSharingConfigurationForINetConnection.Invoke($c)

# See if sharing is enabled
Write-Output $config.SharingEnabled

# See the role of connection in sharing
# 0 - public, 1 - private
# Only meaningful if SharingEnabled is True
Write-Output $config.SharingType

# Enable sharing (0 - public, 1 - private)
$config.EnableSharing(0)

# Disable sharing
$config.DisableSharing()

I'm going to play with a little later on to see if I can get it working.

[dreadpixel]

Any updates?

More than 2 years 😛