Jump to content

Recommended Posts

Hello, I've been playing with a small circuit for my Bunny...

I've put three USB connectors on a small board, 1 for the Bunny, 1 for the Target PC, and a switched one for a small battery bank (I use a cylinder type).

I have just run power from the battery bank connector to the Bunny and did not hook up power from the Target at all.

With this setup, I can run attacks on USB 2 only devices; and, more importantly pre-boot the Bunny before the attack... Flip switch, wait for Bunny to boot, then plug into Target...

I don't use the Bunny for keyboard injection, btw - I still prefer my Rubber Ducky for that.

This kind of setup could easily be added to the base Bunny, or as an alternative hardware version - with a single usb jack on the back to accept the battery bank connector.

A more sophisticated circuit could be setup to detect if power was available at the Target and allow the battery bank to be removed. Pre-boot Bunny, plug into Target, pull and palm battery.

The only complication is that it would be a lot of torque on the Bunny's main connector if the battery had to be left connected for a USB 2 Target...

Link to comment
Share on other sites

I don't think the "wait for boot then plug in" idea will work as it executes the payload immediately. The payload launches on the Bunny, not on the PC, so it will launch the payload regardless of it actually being plugged into a PC or not. Bit hard to get your head around. Think of the Bunny as a PC (it is, essentially - it's a small Linux box) which has it's own kernel/OS and runs the code on itself, not on the PC. We only program it to interact with the connected PC.

Also, USB 2 ports are the only ports I use with my Bunny, so I'm not sure what you're talking about there..USB 2 and USB 3 both supply power to the device (how do you think a USB flash drive can be read from a USB 2 port?).

I wouldn't mind putting a Bluetooth/WLAN adapter on my Bunny tho..

Link to comment
Share on other sites

I actually built the board before I received my Bunny.

The power thing is based on the specs which show USB 5V ~1.5A...

As USB 2 only supplies 500 ma, I constructed the board based on the Bunny needing 3 times that amount of current.

As to the timing I am using ATTACKMODE RNDIS_ETHERNET then loop until TARGET_IP is populated then proceed with script.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...