Payload Idea

[PSherlock70]

Hello, 

After doing some reading on the SMB Exfiltration, would it be possible to create the same kind of payload but for an Android phone? Say for someone to connect the BB to an Android phone and copy over a certain file. 

 

[LowValueTarget]

This would be much easier if the BB allowed Host Mode configuration. You could easily use ADB or MTP to grab files.

I would look at the android section of the payload repo. Demmsec has a payload that pushes a payload to a FireTV via remote ADB.

[Dave-ee Jones]

I've been playing around with this kind of stuff on my phone.

Managed to get BunnyWeb (python web server that runs on the BB) working on my Android phone, with access to the HTML website on my phone.
Also, there is a list of shortcuts you can use to control the Android phone via a HID attack. Here's a link to a list of shortcuts.

For obvious reasons, powershell/batch payloads will not work on an Android phone. Kind of sad, considering how powerful they are.

You could potentially turn your phone into a WiFi Pineapple with the BB plugged in using the phone's hotspot...Ooo, that could be fun...

[VincBreaker]

10 hours ago, Dave-ee Jones said:

You could potentially turn your phone into a WiFi Pineapple with the BB plugged in using the phone's hotspot...Ooo, that could be fun...

This seems to be really powerfull when it comes to pranking friends, but since you already could have done it manually, I either didn't hear of it yet or it isn't possible or you are really the first one to think of that attack vector.

When it comes to android exfiltration, I would write an exfil app and then push it to the app like Demnsec did or register the bash bunny as storage and then manually install and use an file manager or use ADB to copy the files to the BB.