pineapple BashBunny connected to Pineapple

[Just_a_User]

I wanted to start playing with bashbunny through my Pineapple Tetra. I guess it should be similar for nano but so far didn’t test. Thought I would share my findings in case anyone else was interested.

First and simplest of all you can install screen via opkg on your pineapple and connect to a bashbunny in arming mode: -

opkg update && opkg install screen

screen 115200 /dev/ttyACM0

For a while I tried getting the bashbunny storage to mount but after a bit of poking about I think the kernel needs FAT support as per this bug report before that can happen.

Then Lastly I wanted to get network access to the bashbunny and ideally share the tetras internet connection to the bashbunny. WARNING - It might not be 100% correct but this is what I did. Use ECM_ETHERNET as attack method and edit the following files in the pineapples /etc/config: -

Edit /etc/config/network to include the below

config interface 'usb2'
        option ifname   'eth2'
        option proto    'static'
        option ipaddr   '172.16.64.64'
        option netmask  '255.255.255.0'
        option gateway  '172.16.42.42'
        option dns      '8.8.8.8, 8.8.4.4'

and

Edit /etc/config/firewall to include the below.

config zone
        option name             eth2
        list network            'eth2'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             eth2

config forwarding
        option src              eth2
        option dest             lan

After a reboot I connected the bashbunny to the pineapple and from the pineapples terminal was able to ssh into the bashbunny at 172.16.64.1, Final test was being able to ping out and apt-get update successfully.

Also and maybe more interestingly to some, I was able to run nmap against pineapple clients as I hoped opening up some further "fun" in the future.

Hope this helps someone. Cheers all

Edited May 6, 2017 by Just_a_User

[PoSHMagiC0de]

So you expanded the payload potential of the Pineapple by adding another separate processor (the Bunny).  Hmm, now you can have separate jobs running on the bunny than on the Pineapple.  This opens up possibilities meaning people can expand their pineapples with external micro computers via USB network and some apis and run more threaded jobs simultaneously.

[Just_a_User]

On 06/05/2017 at 10:15 PM, PoSHMagiC0de said:

So you expanded the payload potential of the Pineapple by adding another separate processor (the Bunny).  Hmm, now you can have separate jobs running on the bunny than on the Pineapple.  This opens up possibilities meaning people can expand their pineapples with external micro computers via USB network and some apis and run more threaded jobs simultaneously.

Darren mentioned Pineapple Core in the bashbunny release hinting they could be going together. That part interested me so tried it, its not stub routing like he mentions but it gets it onto the pineapple. Its an interesting addition  to the pineapples capabilities that’s for sure. Perhaps running things like frameworks/toolkits that need full debian to run.

 

Edited May 19, 2017 by Just_a_User

[b0N3z]

@Just_a_User  I got the bunny to mount on my nano last night.  made a directory just for the bunny and it works great.  I have not yet been able to get it to mount on the Tetra but later today Im goin to play around with it a bit more and let you know what I find.

This was mounted to /sd but I later reset the pineapple and made a /Bashbunny directory for it.  I had to mount /dev/sdb or /dev/sdc depending on weather you have an sd card in your nano.

Edited May 7, 2017 by b0N3z

[PoSHMagiC0de]

All this info is worthy of a wiki entry for instructions on how to pull off what you guys are doing.  I know when I order my Nano elite tactical, I am going to want to try to connect the 2.

[b0N3z]

right now im working with the Tetra and so is @Just_a_User, and the nano config files are little different so it wont be the same as above.  As soon as we get this working on the Tetra, the Nano will be next.  As @Just_a_User said, its not stub routing like @Darren Kitchen was talking about in the bash bunny video, but im certain its close and with some ip routing it could be just that.

[Just_a_User]

@b0N3z I think the mounting issue is somehow tied to the kmod-nls-cp437 or vfat, I maybe wrong but from a quick check it seems to be installed on my nano but was not present on the tetra. I may be wrong but that’s my gut feel. But if I'm right its something that @Sebkinne would probably need to fix/bake into the firmware as and when he gets time to look at pineapple stuff again.

For reference the video is this one - the bit about Pineapple Core with stub routing is talked about briefly at 25 mins in.

 

 

Edited May 7, 2017 by Just_a_User

[b0N3z]

@Just_a_User i just plugged in both to check for a couple things after looking at the openwrt wiki, and I agree, It probably has something to do with the sdcard on the nano and not the tetra.

[Just_a_User]

1 hour ago, b0N3z said:

@Just_a_User i just plugged in both to check for a couple things after looking at the openwrt wiki, and I agree, It probably has something to do with the sdcard on the nano and not the tetra.

Yeah, when you edit fstab on nano to include

config 'mount'
	option	target		'/bashbunny'
	option	device		'/dev/sdb'
	option	fstype		'auto'
	option	options		'rw,sync'
	option	enabled		'1'

It mounts as expected. but when you add the below to the tetra's fstab I dont see it.

config 'mount'
	option	target		'/bashbunny'
	option	device		'/dev/sda'
	option	fstype		'auto'
	option	options		'rw,sync'
	option	enabled		'1'

Even tried removing the /dev/sda1 entry in case it somehow didnt like it but no change.

Edited May 7, 2017 by Just_a_User

[Sebkinne]

We'll hopefully have more details on this later, and should have an official solution for this too.

I don't think mounting the Bash Bunny to the WiFi Pineapple is the best way to handle communication, that's what CDC_ETHERNET is for. We can handle file transfers and C&C that way.

The idea is that you'd be able to offload heavier tasks such as running mitmf, bettercap, poisiontap, and more to the Bash Bunny, which requires a bit of fancy routing.

Anyway, it's one of the next things on my list.

[b0N3z]

@Sebkinne as of right now bettercap is not an option for arm devices as it needs ruby 2.4 minimum to install.  And the bash bunny only has ruby 2.1.5.

[Just_a_User]

@b0N3z you can get  ruby 2.4.1p111 on the bashbunny.

root@bunny:# ruby -v
ruby 2.4.1p111 (2017-03-22 revision 58053) [armv7l-linux-eabihf]

try this - it will take a while.

cd ~
apt-get install -y libssl-dev libreadline-dev zlib1g-dev bzip2 build-essential
git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL

git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc

exec $SHELL

RUBYVERSION=$(wget https://raw.githubusercontent.com/rapid7/metasploit-framework/master/.ruby-version -q -O - )
rbenv install $RUBYVERSION
rbenv global $RUBYVERSION
ruby -v

so to install bettercap after installing ruby do the below -

note - make sure the date and time on your bashbunny is set correctly before this step.

apt-get install build-essential ruby-dev libpcap-dev
git clone https://github.com/evilsocket/bettercap
cd bettercap
gem build bettercap.gemspec
gem install bettercap*.gem

root@bunny:~# bettercap
 _          _   _
| |__   ___| |_| |_ ___ _ __ ___ __ _ _ __
| '_ \ / _ \ __| __/ _ \ '__/ __/ _` | '_ \
| |_) |  __/ |_| ||  __/ | | (_| (_| | |_) |
|_.__/ \___|\__|\__\___|_|  \___\__,_| .__/
                                     |_| v1.6.1b
http://bettercap.org/

 

Edited June 28, 2017 by Just_a_User

[b0N3z]

@Just_a_User  I was looking into using rbenv to get it going been testing on a pi zero before doing it on the bunny but you have confirmed that for me so I will give this a try!!!!

[Just_a_User]

I have been trying to get MSF to run on the bashbunny, SEToolkit goes on without an issue but MSF requires PostgreSQL. PSQL is installed on the bashbunny as default but im struggling to get the postmaster or PostgreSQL's server daemon process to run. so I end up with errors like this: -

psql: could not connect to server: No such file or directory
	Is the server running locally and accepting
	connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?

Have been round in circles looking at this but thought id put this out there in case anyone has already got this working. Please share :)

Edited May 12, 2017 by Just_a_User

[b0N3z]

I think we are both on the same path, you have just way exceeded me on progress.  I have been working on it little by little here and there.

[PoSHMagiC0de]

I posted about maybe in firmware update they update Node to the latest stable LTS at that time.  Only cause like what you are doing above with getting a newer version of Ruby onto the bunny, it changes the default if I compile it myself thus making anything I want to share more tedious for others.  Might want to see if they will update all the core languages.

[Sebkinne]

1 hour ago, PoSHMagiC0de said:

I posted about maybe in firmware update they update Node to the latest stable LTS at that time.  Only cause like what you are doing above with getting a newer version of Ruby onto the bunny, it changes the default if I compile it myself thus making anything I want to share more tedious for others.  Might want to see if they will update all the core languages.

We are currently simply tracking debian's packages instead of building our own (apart from go). I'll see about getting node, ruby, and python updated if they are currently out of date.

[Dave-ee Jones]

I don't think updating to Python 3 is the best idea.

*Imagining all the syntax errors in 90% of current scripts...* Pls no...

Edited May 12, 2017 by Dave-ee Jones

[PoSHMagiC0de]

32 minutes ago, Dave-ee Jones said:

I don't think updating to Python 3 is the best idea.

*Imagining all the syntax errors in 90% of current scripts...* Pls no...

Agreed.  Almost all projects I have seen still are in major version 2.  Even I am still coding in 2.  Node and the others are really low.  On the Bunny I see 0.1.x.  I think Ruby was the same when a few of us was talking about MiTM and Bettercap ideas.

[Dave-ee Jones]

40 minutes ago, PoSHMagiC0de said:

Agreed.  Almost all projects I have seen still are in major version 2.  Even I am still coding in 2.  Node and the others are really low.  On the Bunny I see 0.1.x.  I think Ruby was the same when a few of us was talking about MiTM and Bettercap ideas.

I checked the version of Python on my Bunny. It's 2.7.9, which I am happy with :)

[Sebkinne]

1 hour ago, Dave-ee Jones said:

I don't think updating to Python 3 is the best idea.

*Imagining all the syntax errors in 90% of current scripts...* Pls no...

I wasn't planning on moving to Python3. Maybe shipping Python2.7 and Python3 at the same time, but not replacing Python2. Ruby and NodeJS I'll take a look at, but as I said, we are tracking a stable Debian branch for our packages. Unfortunately that does mean packages that are slightly outdated. Security fixes should however be backported. 

[Dave-ee Jones]

2 hours ago, Sebkinne said:

I wasn't planning on moving to Python3. Maybe shipping Python2.7 and Python3 at the same time, but not replacing Python2. Ruby and NodeJS I'll take a look at, but as I said, we are tracking a stable Debian branch for our packages. Unfortunately that does mean packages that are slightly outdated. Security fixes should however be backported. 

Well, calling 'python3' could work.

[Just_a_User]

Just adding here for my reference (I reset frequently) and sharing.

######## openjdk-8-jre-headless

echo "deb http://http.debian.net/debian jessie-backports main" > /etc/apt/sources.list.d/jessie-backports.list
apt-get update
apt-get install -t jessie-backports openjdk-8-jre-headless

root@bunny:~# java -version
openjdk version "1.8.0_121"
OpenJDK Runtime Environment (build 1.8.0_121-8u121-b13-1~bpo8+1-b13)
OpenJDK Zero VM (build 25.121-b13, interpreted mode)
 

######## NodeJS v7.10 (Debian 8/Jesse supported)

curl -sL https://deb.nodesource.com/setup_7.x | bash -
apt-get install -y nodejs

root@bunny:~# nodejs -v
v7.10.0

npm install npm@latest -g

root@bunny:~# npm -v
4.6.1

###########

 

Edited May 17, 2017 by Just_a_User

[Just_a_User]

Again, for ref and sharing - MITMf installation onto bashbunny.

#Before starting the installation process

#only required for libcapstone3 package
echo "deb http://http.debian.net/debian jessie-backports main" > /etc/apt/sources.list.d/jessie-backports.list

apt-get update
apt-get install python-dev python-setuptools libpcap0.8-dev libnetfilter-queue-dev libssl-dev libjpeg-dev libxml2-dev libxslt1-dev libcapstone3 libcapstone-dev libffi-dev file libevent-dev

#Install virtualenvwrapper
pip install virtualenvwrapper

#Edit your .bashrc file to source the virtualenvwrapper.sh script
cd ~
nano .bashrc
#add the following line to the file
source /usr/local/bin/virtualenvwrapper.sh
#save and exit

#Restart your terminal or run
source /usr/local/bin/virtualenvwrapper.sh

#Create your virtualenv: 
mkvirtualenv MITMf -p /usr/bin/python2.7

#Clone the MITMf repository: 
git clone https://github.com/byt3bl33d3r/MITMf
#cd into the directory, initialize and clone the repos submodules: 
cd MITMf && git submodule init && git submodule update --recursive

#Install the dependencies: takes a while and has locked up my bunny a couple of times - max's out all 4 cores.
pip install -r requirements.txt

#Run MITMf
root@bunny:~# python mitmf.py --help

███╗   ███╗██╗████████╗███╗   ███╗███████╗
████╗ ████║██║╚══██╔══╝████╗ ████║██╔════╝
██╔████╔██║██║   ██║   ██╔████╔██║█████╗  
██║╚██╔╝██║██║   ██║   ██║╚██╔╝██║██╔══╝  
██║ ╚═╝ ██║██║   ██║   ██║ ╚═╝ ██║██║     
╚═╝     ╚═╝╚═╝   ╚═╝   ╚═╝     ╚═╝╚═╝     

usage: mitmf.py -i interface [mitmf options] [plugin name] [plugin options]

MITMf v0.9.8 - 'The Dark Side'

 

Edited December 15, 2017 by Just_a_User

[Glowinghot666]

been thinking about this ever since i received my B.B but i work 12 hr shifts... keep it up tons of power