Jump to content

mass storage attack mode question


runnerinmask
 Share

Recommended Posts

Hi Runnerinmask,

The Bash Bunny is usually used with a combination of attackmodes. One example would be HID and storage.
You would not directly get execution on the target machine, but execute some code using the HID attack first, possibly launching code from the mass storage partition of the Bash Bunny.

Link to comment
Share on other sites

2 hours ago, Sebkinne said:

Hi Runnerinmask,

The Bash Bunny is usually used with a combination of attackmodes. One example would be HID and storage.
You would not directly get execution on the target machine, but execute some code using the HID attack first, possibly launching code from the mass storage partition of the Bash Bunny.

I think he is wondering how it executes in the first place. Autorun, referring to a pre-Windows XP feature that enabled USBs to run as soon as they were plugged in, was disabled automatically and there is no easy way to enable it for Windows XP, 7, 8, 8.1 and 10. So he is wondering how it executes even though autorun is disabled.

All I really know is that the Bunny is basically a small computer on its own. Payloads run on the BB itself and therefore don't really act with the victim PC unless it is told to (executing HID attacks, as @Sebkinne said). In the case of the HID attack, the BB basically tells the victim "Hey, I'm a keyboard. Let me act like one!" and passes keyboard presses over to the victim.

Basically speaking, the BashBunny doesn't interact with the PC like autorun did/does, it interacts with itself and passes things to the PC via scripts the user has made (e.g. a python script that copies files from the BashBunny to the victim), but that is all the BashBunny as the main PC and the victim as almost like a USB to the Bunny. Pretty clever.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...