Jump to content
jjd

1.1 ATTACKMODE ECM_ETHERNET no dhcp?

Recommended Posts

I have tried on two systems both mac's and since 1.1 using ATTACKMODE ECM_ETHERNET the target does not get a dhcp ip it ends up with a self assigned. seems to work fine on windows systems with NRDIS. Can anyone else test and see if they get the same thing?

Share this post


Link to post
Share on other sites

Hi jjd

Bit late to reply to this but I have been hunting issues with empty loot folders, so I have started utilising looger entries to see what is going on.

When I run a payload such as quickcreds, which uses ATACKMODE RNDIS_ETHERNET, and look at the relevant syslog entries i see this:

ay  7 22:00:34 bunny systemd[1]: Starting LSB: DHCP server...
May  7 22:00:34 bunny dhcpd: Internet Systems Consortium DHCP Server 4.3.1
May  7 22:00:34 bunny dhcpd: Copyright 2004-2014 Internet Systems Consortium.
May  7 22:00:34 bunny dhcpd: All rights reserved.
May  7 22:00:34 bunny dhcpd: For info, please visit https://www.isc.org/software/dhcp/
May  7 22:00:34 bunny dhcpd: Internet Systems Consortium DHCP Server 4.3.1
May  7 22:00:34 bunny dhcpd: Copyright 2004-2014 Internet Systems Consortium.
May  7 22:00:34 bunny dhcpd: All rights reserved.
May  7 22:00:34 bunny dhcpd: For info, please visit https://www.isc.org/software/dhcp/
May  7 22:00:34 bunny dhcpd: Wrote 0 leases to leases file.
May  7 22:00:34 bunny dhcpd: Server starting service.
May  7 22:00:35 bunny kernel: [    9.410145] CPU Budget: Temperature: 68 Limit state:0 item[1200000,4,-1,0 0]
May  7 22:00:35 bunny kernel: [    9.410187] [ddrfreq] temperature=68 C, ddr freq up
May  7 22:00:37 bunny isc-dhcp-server[768]: Starting ISC DHCP server: dhcpd.
May  7 22:00:37 bunny systemd[1]: Started LSB: DHCP server.
May  7 22:00:37 bunny bunny_framework[225]: Starting isc-dhcp-server (via systemctl): isc-dhcp-server.service.
May  7 22:00:43 bunny kernel: [   18.040058] usb0: no IPv6 routers present
May  7 22:00:58 bunny bunny_framework[225]: TARGET_IP = , TARGET_HOSTNAME = , HOST_IP =
May  7 22:00:58 bunny logger: #################### end attackmode #######################################

Target IP, target host and host ip are all empty, therefore the check target ip, etc fails. Interesting to see the line: May  7 22:00:34 bunny dhcpd: Wrote 0 leases to leases file.

It seems to me that the isc DHCP service isn't quite working.

To be clear, this is a run from a reset bunny, updated with latest 1.3 firmware, with the tools installed.

Any help would be greatly appreciated.

regards

 

David

 

Share this post


Link to post
Share on other sites

To follow up my own query above, it might be useful for me to confirm the contents of the following files:

/etc/dhcp/dhcpd.conf

subnet 172.16.64.0 netmask 255.255.255.0 {
  range 172.16.64.10 172.16.64.12;
  option routers 172.16.64.1;
  option domain-name-servers 172.16.64.1;
  option local-proxy-config "http://172.16.64.1/wpad.dat";
}

 

Share this post


Link to post
Share on other sites

And the only entry in the /etc/defaults/isc-dhcp-server file which is not commented out is: INTERFACES="usb0"

 

I also promise to not keep pressing te wrong keys here and breaking up these queries into multiple entries.

Share this post


Link to post
Share on other sites
On 4/7/2017 at 2:11 PM, jjd said:

I have tried on two systems both mac's and since 1.1 using ATTACKMODE ECM_ETHERNET the target does not get a dhcp ip it ends up with a self assigned. seems to work fine on windows systems with NRDIS. Can anyone else test and see if they get the same thing?

Hey man, simple fix for windows. i scratched my head for a good week trying to figure this out but just reset you network adapters. It is ridiculous, and you will have to do it quite often because for some reason windows is f'd up, but that solved the issue for me at least with ssh or ATTACKMODE_RNDIS_ETHERNET. Serial mode internet connecting wants to install another adapter that wants to fight for the default address 172.16.64.64, and when you let it, and try to ssh again with internet sharing forget about it. Plain and simple, just reset your adapters. It has something to do with automatic ip configuration with Windows ICS. Hope this helps

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...