Jump to content

problem with RNDIS_ETHERNET

omriman067

By omriman067
in Bash Bunny

 Share

Recommended Posts

omriman067 Newbie

omriman067

Posted
Posted

hey guys. I just got my bash bunny and I think that i'm having some issues with it.

I'm under the impressions that RNDIS_ETHERNET is not working properly.

i tried to run the following paylod: 

LED B SLOW

ATTACKMODE RNDIS_ETHERNET
LED STAGE1
DELAY 5000
GET TARGET_IP;GET TARGET_HOSTNAME;GET HOST_IP

ATTACKMODE HID
LED STAGE2
RUN WIN NOTEPAD
Q DELAY 1000
Q STRING Switch#:${SWITCH_POSITION} - IP:${TARGET_IP} - HOST:${TARGET_HOSTNAME} - BunnyIP: ${HOST_IP}

LED FINISH

and i got the following output: 

Switch#: - IP: - HOST: - BunnyIP:

all returned empty values.

does anyone have any recommendations on what to do?

thanks :)

Link to comment
Share on other sites
PoSHMagiC0de Rookie

PoSHMagiC0de

Posted
Posted
6 hours ago, omriman067 said:

hey guys. I just got my bash bunny and I think that i'm having some issues with it.

I'm under the impressions that RNDIS_ETHERNET is not working properly.

i tried to run the following paylod: 


LED B SLOW

ATTACKMODE RNDIS_ETHERNET
LED STAGE1
DELAY 5000
GET TARGET_IP;GET TARGET_HOSTNAME;GET HOST_IP

ATTACKMODE HID
LED STAGE2
RUN WIN NOTEPAD
Q DELAY 1000
Q STRING Switch#:${SWITCH_POSITION} - IP:${TARGET_IP} - HOST:${TARGET_HOSTNAME} - BunnyIP: ${HOST_IP}

LED FINISH

and i got the following output: 


Switch#: - IP: - HOST: - BunnyIP:

all returned empty values.

does anyone have any recommendations on what to do?

thanks :)

I just recently made a payload.txt that does dual mode and uses network information for the bunny quack commands. Have not run into this issue yet but I do things a little differently than the above.  I always assume there will be time to get data once attack mode is launched so I put conditions that must be met before continuing.  I have a condition for all the network stuff but I believe you can do it with one.  I would choose TARGET_HOSTNAME.

Example: 

LED B SLOW

ATTACKMODE RNDIS_ETHERNET
LED STAGE1
DELAY 5000
while [ -z $TARGET_HOSTNAME ]; do
	GET TARGET_HOSTNAME
	sleep 1
done
GET TARGET_IP
GET HOST_IP

ATTACKMODE HID
LED STAGE2
RUN WIN NOTEPAD
Q DELAY 1000
Q STRING "Switch#:$SWITCH_POSITION - IP:$TARGET_IP - HOST:$TARGET_HOSTNAME - BunnyIP: $HOST_IP"

LED FINISH

So far I only tried the loop on any network related GET in case it has not populated yet with a minimum of a 1 second pause in the loop to keep it from spinning out of control.  You can add a counter too in case you only want to try so many times but kill with a FAIL if it is exceeded.  That can keep you from waiting forever.

Just a recap.  RNDIS_ETHERNET work off the back only on Windows machines.  ECM_ETHERNET is for *nix and OSX systems.

To check more you can add LED indicators before the loop and after to see if it gets past that part or see how long it takes visually.  I do lots of debugging of payloads on the BB so figured out a thousand ways to debug while running on the Bunny.  Life is different when you cannot sit on the console of the machine you are debugging on (the BB) to see errors and stuff.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...