n33dsh3llz Posted March 31, 2017 Share Posted March 31, 2017 How would I go about getting an ARM version of ADB working on the bash bunny? I tried using Google's Python implementation of ADB, but it required libusb1 and other dependencies. The goal is to make a payload that: Enabled USB debugging (HID) Accepts connection to device (HID) ADB Install's package (bash) ADB launches package (bash) I had the HID payload working for enabling USB debugging, but then realized ADB was for x64 processors. I found a couple ARM versions, but couldn't get any of them working properly. Can anyone help me out with this. Ideally, I would like to utilize my apkwash script (https://github.com/jbreed/apkwash) to generate a lightweight payload to use for pushing onto a device. With ADB you can also attempt gaining root as well through ADB methods that otherwise wouldn't be accessible. 1 Quote Link to comment Share on other sites More sharing options...
Just_a_User Posted March 31, 2017 Share Posted March 31, 2017 (edited) Nice idea - I just had a play and seem to have ADB (android-tools-adb_4.2.2+git20130529-5.1_armhf.deb) installed on my bunny. I only tested basic operation while connected to client via my tetra - see below. I used manual instructions here and here, the dependencies were already installed on the bunny - or alternatively you can just run "apt-get install android-tools-adb". root@bunny:~# adb version Android Debug Bridge version 1.0.31 root@bunny:~# adb connect 172.16.42.147 * daemon not running. starting it now on port 5037 * * daemon started successfully * connected to 172.16.42.147:5555 root@bunny:~# adb devices List of devices attached 172.16.42.147:5555 offline root@bunny:~# adb devices List of devices attached 172.16.42.147:5555 device root@bunny:~# adb shell shell@android:/ $ But maybe you got this far already and had problems with operation? Edited May 7, 2017 by Just_a_User 2 Quote Link to comment Share on other sites More sharing options...
LowValueTarget Posted March 31, 2017 Share Posted March 31, 2017 (edited) Demmsec looks to have submitted a pull request that may help https://github.com/hak5/bashbunny-payloads/pull/135/files Edited March 31, 2017 by LowValueTarget Quote Link to comment Share on other sites More sharing options...
n33dsh3llz Posted March 31, 2017 Author Share Posted March 31, 2017 Thanks! I was trying to manually transfer the package over and run it. I haven't connected mine to the internet so that may be the way I go this weekend. Also, the FireTV payload seems right where I was going with this, but for Android phones. Thanks for the heads up as this will save some time! The biggest thing with launching the default payload generated by MSFVenom is it will be flagged by AV. Calling the activity will require some work using my AV bypass script as it randomizes the naming structure, but it wouldn't be hard to explain how to get that information. I wasn't thinking of using the connect method with emulating a network adapter, but looks like DemmSec may have saved me some more headaches! Justin Quote Link to comment Share on other sites More sharing options...
n33dsh3llz Posted April 1, 2017 Author Share Posted April 1, 2017 (edited) Well, I was originally unable to get basic ADB working over the OTG like you would connected to the phone directly with USB debugging enabled. I tried the method demmsec did in that payload, but it would never get an IP address. Come to find out, it was able to pull an address once I disabled my mobile data. I assume this is because of checks android does to make sure it is using the best network connection and the bash bunny has no actual connection to the internet. With that, I may just need to add some extra HID commands to get the job done. J Edit: Now I am unable to replicate the Network popup I was getting upon initially turning off mobile data. Edited April 1, 2017 by n33dsh3llz Update Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.