dylan1951 Posted May 7, 2017 Share Posted May 7, 2017 Hi, How possible is it to create another mass storage partition on the bash bunny that can be booted from on another computer? Most payloads with the Bash Bunny require the device to be unlocked which makes attacks impossible when device is locked. If you could use the bunny to boot into a recovery os on a computer you don't know the password for a lot of the time passwords is easily removed and circumnavigated, making attacks possible again. Thanks, Dylan. Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 7, 2017 Share Posted May 7, 2017 You could potentially do this anyway. Just set the Bunny's ATTACKMODE to STORAGE, then reboot your PC and tell it to boot from the Bunny (making sure you have an ISO of some kind on the drive's root folder). The Bunny may reboot as well, but play around with it. You might be able to boot the PC, wait in the BIOS while the Bunny boots, then go to the Boot Menu and select the Bunny. Link to comment Share on other sites More sharing options...
Sebkinne Posted May 8, 2017 Share Posted May 8, 2017 This would absolutely be possible. We would have to create a backing file that would act as the new partition (or re-format the current one). That could then be mounted via the bunny's kernel module and then be formatted and made bootable like you would any normal USB drive. The only downside of this is that the Bash Bunny needs ~6 seconds to boot up, so you'd have make sure you time the boot correctly. It sounds like a fun project and kind of like something I have recently worked on (mini linux distro that can inject / download specific files from an encrypted windows drive - all automated from boot onwards). I wonder if it would make sense merging the two projects. Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 8, 2017 Share Posted May 8, 2017 51 minutes ago, Sebkinne said: This would absolutely be possible. We would have to create a backing file that would act as the new partition (or re-format the current one). That could then be mounted via the bunny's kernel module and then be formatted and made bootable like you would any normal USB drive. The only downside of this is that the Bash Bunny needs ~6 seconds to boot up, so you'd have make sure you time the boot correctly. It sounds like a fun project and kind of like something I have recently worked on (mini linux distro that can inject / download specific files from an encrypted windows drive - all automated from boot onwards). I wonder if it would make sense merging the two projects. Or you could just do that, I guess. Works a bit better. Link to comment Share on other sites More sharing options...
Sebkinne Posted May 8, 2017 Share Posted May 8, 2017 2 hours ago, Dave-ee Jones said: Or you could just do that, I guess. Works a bit better. Yeah. Most computers won't boot an ISO that's on the root of a USB Mass Storage drive. In fact, most won't even show the drive if it's not set to be bootable. But it all depends on the host machine. I think making the storage partition bootable is the most portable. Link to comment Share on other sites More sharing options...
bored369 Posted May 8, 2017 Share Posted May 8, 2017 You could probably do it right now with Easy2Boot, i'll see if i can test it out tonight Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 8, 2017 Share Posted May 8, 2017 1 hour ago, Sebkinne said: Yeah. Most computers won't boot an ISO that's on the root of a USB Mass Storage drive. In fact, most won't even show the drive if it's not set to be bootable. But it all depends on the host machine. I think making the storage partition bootable is the most portable. Yeah well, installing a bootloader for the USB should work fine, really. Putting Yumi on the storage partition could work, for example (but I wouldn't use Yumi, too ugly). What I would do is use syslinux and create my own menu and use multibootusb's method of launching extracted ISOs (uses grub, I believe). Link to comment Share on other sites More sharing options...
Sebkinne Posted May 8, 2017 Share Posted May 8, 2017 1 minute ago, Dave-ee Jones said: Yeah well, installing a bootloader for the USB should work fine, really. Putting Yumi on the storage partition could work, for example (but I wouldn't use Yumi, too ugly). What I would do is use syslinux and create my own menu and use multibootusb's method of launching extracted ISOs (uses grub, I believe). Except "installing" a bootloader actually does make the partition bootable. Simply dragging files onto a fat32 storage partition won't do much. Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 8, 2017 Share Posted May 8, 2017 11 minutes ago, Sebkinne said: Except "installing" a bootloader actually does make the partition bootable. Simply dragging files onto a fat32 storage partition won't do much. Uhuh :) Link to comment Share on other sites More sharing options...
dylan1951 Posted May 8, 2017 Author Share Posted May 8, 2017 Thanks for the reply's! I got it to work using Rufus with Hirens Boot CD and it works fine but when I tried to restore it afterwards the police were here for a couple of seconds but then it went to blue blinking slowly and didn't restore! Link to comment Share on other sites More sharing options...
dylan1951 Posted May 8, 2017 Author Share Posted May 8, 2017 I got it to flash blue and red properly by not letting it boot 3 times but it didn't work properly as the drive was not formatted and manually moving the directory structure dosn't make the payloads work! I'm getting a bit stuck if someone could help it would be great! Link to comment Share on other sites More sharing options...
dylan1951 Posted May 8, 2017 Author Share Posted May 8, 2017 Fdisk: Quote Disk /dev/nanda: 16 MiB, 16777216 bytes, 32768 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x00000000 Disk /dev/nandb: 16 MiB, 16777216 bytes, 32768 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/nandc: 16 MiB, 16777216 bytes, 32768 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/nandd: 3.3 GiB, 3489660928 bytes, 6815744 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/nande: 32 MiB, 33554432 bytes, 65536 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/nandf: 2 GiB, 2147483648 bytes, 4194304 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x5e8b1ca0 Device Boot Start End Sectors Size Id Type /dev/nandf1 2048 4192255 4190208 2G b W95 FAT32 Disk /dev/nandg: 480 MiB, 503316480 bytes, 983040 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/nandh: 1.3 GiB, 1342177280 bytes, 2621440 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk /dev/nandi: 276 MiB, 289406976 bytes, 565248 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes This dosn't look right there is a nandf and a nandf1. Link to comment Share on other sites More sharing options...
dylan1951 Posted May 9, 2017 Author Share Posted May 9, 2017 Ok I fixed it by using wipefs in fdisk using serial. Link to comment Share on other sites More sharing options...
dylan1951 Posted May 9, 2017 Author Share Posted May 9, 2017 Iv'e so far managed to make Hiren's boot CD bootable on the Bash Bunny but I don't think the BB mounts the disk once it's been made bootable making it not work normally anymore. Does anyone have any ideas? On 5/8/2017 at 0:56 PM, Sebkinne said: This would absolutely be possible. We would have to create a backing file that would act as the new partition (or re-format the current one). That could then be mounted via the bunny's kernel module and then be formatted and made bootable like you would any normal USB drive. The only downside of this is that the Bash Bunny needs ~6 seconds to boot up, so you'd have make sure you time the boot correctly. It sounds like a fun project and kind of like something I have recently worked on (mini linux distro that can inject / download specific files from an encrypted windows drive - all automated from boot onwards). I wonder if it would make sense merging the two projects. Merging these projects sounds like an awesome idea! Link to comment Share on other sites More sharing options...
Ryfty Posted December 17, 2017 Share Posted December 17, 2017 Hi Dylan, Bit of a necro but I have been attempting something similar with konboot and figured I would share my findings with the community. On 5/9/2017 at 6:18 PM, dylan1951 said: Iv'e so far managed to make Hiren's boot CD bootable on the Bash Bunny but I don't think the BB mounts the disk once it's been made bootable making it not work normally anymore. Does anyone have any ideas? Ran in to the same issue with the bunny not mounting the partition once it is made bootable and managed to solve it by running blkid to obtain the UUID of /dev/nandf1 then in my case adding the line "UUID=E2C0-CC95 /root/udisk auto rw,user,auto" to /etc/fstab without quotes resulted in switch1/2 functioning as before and correctly mounting the partition at boot time/running payloads. Can also confirm the bunny boots as intended with konboot =) -Ryfty- Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.