B0rk Posted September 17, 2017 Share Posted September 17, 2017 Just curious if anyone knows if it would be possible to connect the BashBunny to multiple hosts simultaneously? I understand that the BashBunny probably wouldn't be able to run a normal payload (I.E. HID, Serial, etc.) to multiple systems at a time unless it was running as an Ethernet Adapter, but I was wondering if it is potentially possible as it can run a DHCP Server that can hand out multiple addresses. I.E. If you were able to obtain access to a server room or other location where there are multiple hosts that the BashBunny could be connected to at the same time (since servers are generally stacked in a rack) and have a payload execute upon issuing an address to said hosts. Maybe like using a USB Female to Female adapter connected to a USB Hub and using USB Male to Male cables to connect to the hosts. Just some food for thought and possible research. **Obviously, there would be some major research, scripting, and automation involved to create such a payload. Quote Link to comment Share on other sites More sharing options...
quentin_lamamy Posted September 17, 2017 Share Posted September 17, 2017 Well, it's the kind of question that need to be answer by a BB specialist ( @Sebkinne , @Dave-ee Jones any idea?). But i think it's not a suitable usage of the BB. I am not sure of what you are expecting you have a DHCP server running on the BB, any extra information on this subject ? Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted September 17, 2017 Share Posted September 17, 2017 I would doubt it. If it is possible it would be news to me. Best way to look at it is this. Is it possible to hook up a usb mouse through some sort of reverse USB hub to multiple PCs? I am not talking about a KVM. That still requires switching for each machine. From what I know you cannot and first and foremost the attack the Bunny does is USB. I only know of USB hubs hooking many USB devices to 1 host. Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted September 17, 2017 Share Posted September 17, 2017 The Bash Bunny is running a DHCP server. You can see the IP range here: https://wiki.bashbunny.com/#!./index.md#Default_Settings There's only 3 IPs so you can't have much connected to it, really, but I'm sure there's a setting somewhere you can tweak. Quote Link to comment Share on other sites More sharing options...
B0rk Posted September 18, 2017 Author Share Posted September 18, 2017 27 minutes ago, Dave-ee Jones said: The Bash Bunny is running a DHCP server. You can see the IP range here: https://wiki.bashbunny.com/#!./index.md#Default_Settings There's only 3 IPs so you can't have much connected to it, really, but I'm sure there's a setting somewhere you can tweak. Exactly, that's why I was curious. I'm just not sure how exactly it could be done, but I was just thinking about it while I was trying to sleep last night. - Curiosity, nothing more. Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted September 18, 2017 Share Posted September 18, 2017 2 minutes ago, B0rk said: Exactly, that's why I was curious. I'm just not sure how exactly it could be done, but I was just thinking about it while I was trying to sleep last night. - Curiosity, nothing more. I was trying to get the Bash Bunny to host a Win10 PC's WiFi adapter (some adapters with BLE can host a hotspot), but it kept using the default ethernet/WiFi adapter to host it and I couldn't figure out how to make it so the Bunny hosts it. That would effectively make the Bunny's network wireless, allowing you to remotely execute payloads on a machine with your phone using a web UI (like WabbitWeb), so a plug-and-walk-away payload. So that would make good use of DHCP. However, I would think that if you plugged the Bunny into a switch with a USB-to-ethernet dongle you could get the desired effect. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.