Jump to content

Concealed-Exfiltration attacks with Bash Bunny for Android?


Realstone0001

Recommended Posts

  • 2 months later...

There isn't too much that can be done with most android devices. There is a payload for the Amazon Fire TV (runs android). There is only 1 payload for android and all it does is opens a URL in the default browser. Android is difficult given there is such variety across the various versions. The Fire TV payload works because the Fire TV interface is the same across all of their devices. For example, I tried creating a payload to enable developer mode, and it works on my phone, but not an older tablet. I think the closest that will be possible to this is after someone enables developer mode, then have the BB run adb commands against it.

While this isn't perfect it is quite handy - enabling USB debugging isn't too difficult to do and is fairly quick to do. Another caveat with android is that there isn't any (on most devices) ethernet drivers, so adb won't work either (the Fire TV has ethernet drivers, so adb works with the Fire TV as it requires the device work with ethernet)...

Link to comment
Share on other sites

Only way I can think of this is do it remotely.  Use the BB as a USB/HID attack device.  Put device in developer mode and load your own rat into the phone to connect to your machine to do exfiltration.  That way you can give the rat all the permissions it needs right at the device.  Only way to do that unless the device is rooted then you may have more options.

Link to comment
Share on other sites

There's a payload floating around that uses adb remote to connect to an android device.

Based on my ideas, there's really not much you can do until BashBunny gets USB host support. I have an idea that will try ADB (assuming the victim phone has USB Debugging enabled) first, then fallback to MTP if ADB is not enabled. This would allow relatively plug-n-play exfil of user data.

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...