Jay314 Posted June 18, 2017 Posted June 18, 2017 (edited) ===========================SOLUTION============================== Generate the following payload without STORAGE in the attackmode. #!/bin/bash LED G ATTACKMODE ECM_ETHERNET Thanks to Fang_Shadow, I've learned that using storage in concert ECM_ETHERNET prevents the system from pulling an IP (for what reason I still don't understand - I'm guessing it's just a bug). I have had some issues with SSH but according to ifconfig (on local system) I see the interface is up and nmap scans show port 22 is open on the new IP, I'll update this post if anything changes. =================================================================== Endgoal: I want to ssh from host machine into my BashBunny, then pivot from my BashBunny to a remote cloud hosted webserver, and write a testfile to that server.Host System Used: Debian LinuxCrux: I am unable to acquire an ip address for my BashBunny using bb.sh Attempts: 1. I tried to perform these actions from Arming Mode using the serial connection, however I learned that I am not able to share my network connection from serial mode and that Arming Mode only allows: Serial and Storage 2. I attempted to run the default payload in order to gain network connectivity: #!/bin/bash LED G ATTACKMODE ECM_ETHERNET STORAGE My understanding of this code is that it will indicate it is ready when there is a solid green light (LED G) and that it will facilitate Ethernet connectivity and Storage (Last line), it is also my understanding that this initializes a new network interface that can be seen with the commands "ip addr" or "ifconfig -a". However this new interface does not appear to be configured yet and attempting to run the command ssh root@172.16.64.1 does not result in the expected login prompt and eventually times out. 3. I've also attempted to run the bb.sh in order to share my hosts network connection, despite not being able to ssh into 172.16.64.1 IP. The script appears to work until you attempt to connect with it, and then it just hangs. Any ideas on how to ssh into the BashBunny? Thanks, Jay Edited June 26, 2017 by Jay314 Solution found. 1 Quote
b0N3z Posted June 18, 2017 Posted June 18, 2017 switch your attackmode to STORAGE ECM_ETHERNET 1 Quote
Jay314 Posted June 18, 2017 Author Posted June 18, 2017 8 minutes ago, b0N3z said: switch your attackmode to STORAGE ECM_ETHERNET I changed the payload to read: ATTACKMODE STORAGE ECM_ETHERNET There doesn't appear to be any change, and I am curious why the ordering would matter? Quote
Lord_KamOS Posted June 18, 2017 Posted June 18, 2017 Can you show us the the payload.txt and its full path on the BB. And the output of ifconfig after you have inserted it. Quote
Jay314 Posted June 18, 2017 Author Posted June 18, 2017 (edited) @Lord_KamOS When mounting /dev/sdb (the BB) to /mnt/external/, the full path to the Payload is: /mnt/external/payloads/switch1/payload.txt The contents of the payload reads: #!/bin/bash LED G ATTACKMODE STORAGE ECM_ETHERNET ifconfig -a entry for the new interface reads: eth1 Link encap:Ethernet HWaddr 00:11:22:33:44:55 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Edited June 18, 2017 by Jay314 1 Quote
Lord_KamOS Posted June 18, 2017 Posted June 18, 2017 9 minutes ago, Jay314 said: When mounting /dev/sdb (the BB) to /mnt/external/, the full path to the Payload is: /mnt/external/payloads/switch1/payload.txt The contents of the payload reads: #!/bin/bash LED G ATTACKMODE STORAGE ECM_ETHERNET ifconfig -a entry for the new interface reads: eth1 Link encap:Ethernet HWaddr 00:11:22:33:44:55 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Strange, i did the exact same thing and got a IP address. Quote
Dave-ee Jones Posted June 18, 2017 Posted June 18, 2017 Firstly, what you could do is a live LED update. E.g. LED W ATTACKMODE ECM_ETHERNET STORAGE LED G Or you could use 'udisk_mount' to mount storage without using the STORAGE attackmode. This however does not allow you to access it at a USB. I can SSH into my Bunny fine on Windows with RNDIS_ETHERNET, I'm not familiar with ECM_ETHERNET for Linux though. Also, there are some driver issues occasionally with ETHERNET modes and STORAGE mode. Quote
Jay314 Posted June 18, 2017 Author Posted June 18, 2017 Just now, Lord_KamOS said: Strange, i did the exact same thing and got a IP address. Can I ask what Operating System you are using? Quote
Dave-ee Jones Posted June 18, 2017 Posted June 18, 2017 2 minutes ago, Lord_KamOS said: Strange, i did the exact same thing and got a IP address. Yeah, so more than likely it's a driver issue... Quote
Lord_KamOS Posted June 18, 2017 Posted June 18, 2017 Just now, Jay314 said: Can I ask what Operating System you are using? Debian 8 Can you try re-flashing the firmware. Quote
Jay314 Posted June 18, 2017 Author Posted June 18, 2017 Just now, Dave-ee Jones said: Yeah, so more than likely it's a driver issue... Driver issue isn't likely, we're talking linux here, I'm on a debian system and the BB runs on debian also... Quote
Jay314 Posted June 18, 2017 Author Posted June 18, 2017 Just now, Lord_KamOS said: Debian 8 Can you try re-flashing the firmware. Sure, I'll let you know the results. 1 Quote
Lord_KamOS Posted June 19, 2017 Posted June 19, 2017 16 minutes ago, Jay314 said: Sure, I'll let you know the results. if that does not work, can you try it on a different computer? Quote
Jay314 Posted June 19, 2017 Author Posted June 19, 2017 2 minutes ago, Lord_KamOS said: if that does not work, can you try it on a different computer? Sure 1 Quote
Jay314 Posted June 19, 2017 Author Posted June 19, 2017 26 minutes ago, Lord_KamOS said: if that does not work, can you try it on a different computer? I just updated to version 1.3, but that didn't seem to make any difference, still not pulling an IP. Just booted up my other linux system now, I'll let you know whether that solves the problem. Quote
Jay314 Posted June 19, 2017 Author Posted June 19, 2017 (edited) 46 minutes ago, Lord_KamOS said: if that does not work, can you try it on a different computer? Same results on a different machine (diff processors, diff Network Interface Card, diff mobo, same OS) It starts a new interface but doesn't generate an IP Edited June 19, 2017 by Jay314 1 Quote
Dave-ee Jones Posted June 19, 2017 Posted June 19, 2017 Okay so you can connect to the Bunny's network but you don't get an IP? You can always set a static one? 172.16.64.20 should work? Quote
Fang_Shadow Posted June 19, 2017 Posted June 19, 2017 Remember that linux uses both RNDIS_ETHERNET and ECM_ETHERNET, since it wants to be compatible with both windows and unix(mac). Has the usage of both storage and another attack mode work at the same time before on linux, or could be something different. 1 Quote
HeadScratchCode Posted June 19, 2017 Posted June 19, 2017 If you're doing it on Linux Debian, you should set the payload to RNDIS_ETHERNET From my experience it doesn't work if I use ECM Quote
Sebkinne Posted June 19, 2017 Posted June 19, 2017 1 hour ago, HeadScratchCode said: If you're doing it on Linux Debian, you should set the payload to RNDIS_ETHERNET From my experience it doesn't work if I use ECM It should be the other way around. RNDIS is a windows specific protocol that has support in Linux (though if you look at the source files, you will find comments on how it's kind of hacky). ECM ethernet is the way to go on Linux operating systems. I have yet to see a full distribution that doesn't support ECM out of the box but supports RNDIS. 2 Quote
PoSHMagiC0de Posted June 19, 2017 Posted June 19, 2017 Try taking off STORAGE. I have done all other combos, including the newly working HID RDNIS_ETHERNET but never ethernet with storage. In fact, I can't ssh into my bunny while in arming mode. :-P I have to make a payload.txt for just the ethernet type of the OS I am on to get an IP. Quote
Sebkinne Posted June 19, 2017 Posted June 19, 2017 3 hours ago, PoSHMagiC0de said: In fact, I can't ssh into my bunny while in arming mode. :-P I have to make a payload.txt for just the ethernet type of the OS I am on to get an IP. That's because arming mode doesn't start Ethernet. Once we have AUTO_ETHERNET working that will change. 2 Quote
b0N3z Posted June 19, 2017 Posted June 19, 2017 27 minutes ago, Sebkinne said: Once we have AUTO_ETHERNET working that will change. Is this what I think it is? An attack mode that will auto detect the best use ETHERNET attack mode. Quote
Sebkinne Posted June 19, 2017 Posted June 19, 2017 2 minutes ago, b0N3z said: Is this what I think it is? An attack mode that will auto detect the best use ETHERNET attack mode. Yup, that's it. I have it working but it's a bit slow. There are some tricks to speed it up though, so once I finish that, I'll push out a new firmware. 5 Quote
Lord_KamOS Posted June 20, 2017 Posted June 20, 2017 On 19.6.2017 at 2:51 AM, Jay314 said: Same results on a different machine (diff processors, diff Network Interface Card, diff mobo, same OS) It starts a new interface but doesn't generate an IP Did you get a shell? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.