Jump to content
redm0squit0

Ethernet what?

Recommended Posts

I thought that when you plugged this bunny into your USB port in attack mode it was supposed to show up as an Ethernet card? I have nothing showing no matter what i do. With that being said i cannot set the address to 172.16.64.1. To that end i can't get into via ssh and start to dabble around. Basically i am stuck at step number 1 other than opening the red package it came in. Kind of bummed out not sure what the issue is. Any help is very welcomed.

 

Thanks,

 

Brendan

Share this post


Link to post
Share on other sites

Quick question...

Did you actually read anything about the Bash Bunny before you bought it? Because 90% of stuff about the Bash Bunny explains how what-you're-so-confused-about works.

First thing you do when you get your Bunny in the mail: Upgrade to firmware 1.3. There's a step-by-step process here, or you can use the Bash Bunny Updater found here. Make sure you follow the steps for either process exactly, otherwise you may have issues. You should also install the tools found here but it isn't necessary unless you're using a payload that actually uses those tools (most do, but you can live without).

Now once you've done those you can start thinking about creating payloads (if you know anything about them - if you don't, you probably should have held off buying the Bunny until you know what the Bunny actually does).

The reason you can't access 172.16.64.1 when the Bunny is in arming mode is the fact that arming mode doesn't run the ethernet adapter you describe. It runs the serial adapter, which can be accessed via PuTTY or whatever serial program you use.

To create a payload all you need to do is create a text file that is named 'payload.txt' and drop it in one of the switch folders found in the 'payloads' folder, which is found in the Bunny's USB storage (plug the Bunny in with the switch in arming mode and you're good to go). Now you can start editing the payload.

Open the 'payload.txt' file with your favourite text editor and put this line at the top:

ATTACKMODE RNDIS_ETHERNET STORAGE

RNDIS_ETHERNET is the standard ethernet adapter for Windows machines. If you use Mac or Linux, go with ECM_ETHERNET instead:

ATTACKMODE ECM_ETHERNET STORAGE

I've kept STORAGE there so you can see your Bash Bunny's USB storage while it's running ethernet mode. From here, you can SSH into your Bunny using PuTTY or whatever you use. Default IP of the Bunny is 172.16.64.1.

Congratulations, you've just configured your first payload!

If you have any more questions about the Bunny feel free to ask, or refer to the wiki. My suggestion is to look around before you do ask. Make sure your questions haven't already been answered (trust me, there's a lot of duplicate posts around here, haha).

Edited by Dave-ee Jones

Share this post


Link to post
Share on other sites

Actually RTFM should be pinned at the top.  Or RTFW with W standing for wiki.  I do not know how many times I seen folks regurgitating tge wiki here for most of the questions asked.

I guess reading instructions is old school.  New school thing is to dive into it and then nake your own faq by asking questions in the forum that is in the manual.

I am beginning to no longer replay or answer questions if it is in the wiki.

Feed a man a fish and feed him for a day, teach him to fish and feed him for a lifetime.  You know the saying.

Share this post


Link to post
Share on other sites
4 hours ago, PoSHMagiC0de said:

Feed a man a fish and feed him for a day, teach him to fish and feed him for a lifetime.  You know the saying.

Ah, but have you heard the saying "If you are not willing to learn, no one can help you"?
The second part of the saying goes "But if you are determined to learn, no one can stop you".

Any man will take free fish, but not every man will be willing to learn.

Edited by Dave-ee Jones

Share this post


Link to post
Share on other sites
On 9/12/2017 at 2:20 AM, Dave-ee Jones said:

Quick question...

Did you actually read anything about the Bash Bunny before you bought it? Because 90% of stuff about the Bash Bunny explains how what-you're-so-confused-about works.

First thing you do when you get your Bunny in the mail: Upgrade to firmware 1.3. There's a step-by-step process here, or you can use the Bash Bunny Updater found here. Make sure you follow the steps for either process exactly, otherwise you may have issues. You should also install the tools found here but it isn't necessary unless you're using a payload that actually uses those tools (most do, but you can live without).

Now once you've done those you can start thinking about creating payloads (if you know anything about them - if you don't, you probably should have held off buying the Bunny until you know what the Bunny actually does).

The reason you can't access 172.16.64.1 when the Bunny is in arming mode is the fact that arming mode doesn't run the ethernet adapter you describe. It runs the serial adapter, which can be accessed via PuTTY or whatever serial program you use.

To create a payload all you need to do is create a text file that is named 'payload.txt' and drop it in one of the switch folders found in the 'payloads' folder, which is found in the Bunny's USB storage (plug the Bunny in with the switch in arming mode and you're good to go). Now you can start editing the payload.

Open the 'payload.txt' file with your favourite text editor and put this line at the top:


ATTACKMODE RNDIS_ETHERNET STORAGE

RNDIS_ETHERNET is the standard ethernet adapter for Windows machines. If you use Mac or Linux, go with ECM_ETHERNET instead:


ATTACKMODE ECM_ETHERNET STORAGE

I've kept STORAGE there so you can see your Bash Bunny's USB storage while it's running ethernet mode. From here, you can SSH into your Bunny using PuTTY or whatever you use. Default IP of the Bunny is 172.16.64.1.

Congratulations, you've just configured your first payload!

If you have any more questions about the Bunny feel free to ask, or refer to the wiki. My suggestion is to look around before you do ask. Make sure your questions haven't already been answered (trust me, there's a lot of duplicate posts around here, haha).

"The reason you can't access 172.16.64.1 when the Bunny is in arming mode is the fact that arming mode doesn't run the ethernet adapter you describe. It runs the serial adapter, which can be accessed via PuTTY or whatever serial program you use."

 

Hi there, I really appreciate your assistance. I bought the bunny because i have been using the Ducky, and learned about this new tool and well i did decide purchase it with little knowledge, however it is simply something that I will learn with as i go along much like i did with the wifi pineapple!  About what you have said with using putty, I have been down that route, and since my laptop doesn't have serial ports or at least didn't have them until I looked into how to get them installed there is no way for me to connect via ssh. I was able to using Kali Linux, but I like using my windows machine and and any machines I would be testing the bunny one would be windows machines as well.

In my device manager, serial ports now at least show up, however everything is in grey  and it doesn't recognize the device. I am going through this tutorial piece by piece as you have written it and I will have to let you know if I make any progress once through. Thanks again for the response. 

Share this post


Link to post
Share on other sites

Strange enough as it is, i was following a tutorial on youtube.com, and i copied down the script for the test payload described on there. After i took out my bb, switched it into attack mode 1, and put it into my machine, at that time i finally saw it ask me for a public or private connection via eth #4. The only weird part was that I didnt think that was the payload to get my bunny set up, and still don't think it is but hey, it worked for me! I think that i had made a mistake on installing the firmware update because this time around it worked and i was able to get the thing up and running. I'd do this all night and well in to tomorrow at least i was able to stay up this late since working late shift tomrw. THanks again for the help, i really think that like you said, it is all about a proper installation of the firmware as i now have serial connection, as well as internet connection sharing. THanks!

) and 

Share this post


Link to post
Share on other sites
16 hours ago, redm0squit0 said:

Hi there, I really appreciate your assistance. I bought the bunny because i have been using the Ducky, and learned about this new tool and well i did decide purchase it with little knowledge, however it is simply something that I will learn with as i go along much like i did with the wifi pineapple!  About what you have said with using putty, I have been down that route, and since my laptop doesn't have serial ports or at least didn't have them until I looked into how to get them installed there is no way for me to connect via ssh. I was able to using Kali Linux, but I like using my windows machine and and any machines I would be testing the bunny one would be windows machines as well.

In my device manager, serial ports now at least show up, however everything is in grey  and it doesn't recognize the device. I am going through this tutorial piece by piece as you have written it and I will have to let you know if I make any progress once through. Thanks again for the response. 

You don't need to use serial, you can use SSH. SSH won't work for serial ports, you needed to choose the specific serial port (COM#). However, if you setup a payload with:

ATTACKMODE RNDIS_ETHERNET STORAGE

you won't need serial, you can just SSH after you've set your RNDIS adapter in the 172.16.64.* range with a static IP. But, nice to know you've figured it out!

Share this post


Link to post
Share on other sites

Okay so i am back, only this time with a whole lot more of junk. The first things where i didn't flash the bunny properly was just stupidity but i have since used the bunny and tested out several different payloads, some of which work and some of which do not work. The problem here is that I really am back to square one! My original whine was regarding not being able to get the adapter therefor no internet access.

Well since I have worked out the kink of simply putting the payload on one of the switches and bam there it was, at that point i really thought i was home free! I am dead wrong. This sucks. I have spent many long nights recently trying to simply get internet sharing on this thing. I follow all the tutorials to a T and even sit there for hours trying different configurations just trying to get this to work. I am using putty and am able to ssh into the bunny, but that doesn't mean anything as far as having internet connection sharing from your wifi card. It is the same card i use my wifi pineapple on however no issues. Now what happens is strange, because when i plug it in, and the device shows up, you can see packets coming in and out fairly rapidly, however once i configure the ip address and subnet, the traffic completely stops. Sorry if this doesn't make much sense, but I decided to take some screen shots of this stuff that is baffling to me just to see if any of you have any ideas what the hell is happening!

I think the most interesting one is the one that says i'm using 192.168.137.1. The reason it is interesting as well as ANNOYING is that my private ip address starts with 10.0.0.1. Not a clue where this 192 is even coming from. 

ifconfig.PNG

ipconfigsnap.PNG

netconnect.PNG

packets flowing.PNG

ping.PNG

wifiwhatikd.PNG

wireless huhhhhh.PNG

hidden lan ip.PNG

Share this post


Link to post
Share on other sites
29 minutes ago, redm0squit0 said:

Not a clue where this 192 is even coming from. 

Its from your VMware virtual ethernet devices.

Share this post


Link to post
Share on other sites

You're using internet connection sharing in Windows.  That's where your 192.168.xxx.xxx IP is coming from.  Windows creates a router and this is the range it makes.

Share this post


Link to post
Share on other sites
1 hour ago, barry99705 said:

You're using internet connection sharing in Windows.  That's where your 192.168.xxx.xxx IP is coming from.  Windows creates a router and this is the range it makes.

I realized this fairly quickly after seeing the address, the other ANNOYING thing  is that, I have disabled completely my VMware cards, (it may not show on any of the pictures) but even after disabling these cards that have this address, I would still come up with the same configuration. So i turned them back on figuring whatever because after you change the ipv4 address in the bunny connection about 2 or 3 times, it sticks with 172.16.64.64, but of course it just doesn't work. So little good does it do.

Edited by redm0squit0
wrong number

Share this post


Link to post
Share on other sites

You can look around the forums for the answer. I recall one guy recently fixing a problem just like this by resetting his adapters, you'll have to have a search of the Bunny subforum for the post though.

Share this post


Link to post
Share on other sites

Well guys, that light just frickin went on! I have only worked on this for about 15 hours now but any way. What i did was not much at all. 

1. disconnected from my home wifi 

2. connected to my computer using tethering with my iphone

3. suddenly i tried to apt-get update from putty and there was action! I cannot believe my eyeballs. Now i better get some sleep since this debacle kept me up letting me slumber for just about 6.5 hours over the last two nights. I guess your supposed to have something like 8 a night but then again, who's countin

 

****Could anyone have any possible ideas wtf happened here? I wouldn't doubt it if it happened again, but at least i know its not a hoax. Why is my home wifi router wifi access point not working, yet my iphone is? I have a hotspot as well just havent tried it yet for fear of losing connection. Thanks again for all the suggestions!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...