Tassilo Posted September 21, 2017 Share Posted September 21, 2017 I am having trouble using GET TARGET_ID in payloads. To verify it's this specific command causing the trouble, I set up this short script: ATTACKMODE RNDIS_ETHERNET LED STAGE3 Q DELAY 3000 GET TARGET_IP # Check target IP address. If unset, blink slow red. if [ -z "${TARGET_IP}" ]; then LED FAIL2 exit fi LED FINISH and indeed it ends up blinking red. Firmware is 1.3. Any idea? Or is there something wrong in the script? Thanks! Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted September 21, 2017 Share Posted September 21, 2017 So, I am assuming you are using this on a Windows box. With that said I never used the GET with the TARGET_IP parameter but here is what I would do to test. I would test for TARGET_HOSTNAME also just to make sure it works and I would check a few times to give the bunny time. Example of a below script that should work for you to test. I Included HID to quack out the results too. LED SETUP ATTACKMODE HID RNDIS_ETHERNET LED STAGE1 COUNT=0 while [ -z $TARGET_HOSTNAME ] && [ $COUNT -lt 5 ]; do GET TARGET_HOSTNAME COUNT=$(($COUNT + 1)) sleep 1 done RUN WIN notepad Q DELAY 3000 if [ ! -z $TARGET_HOSTNAME ]; then Q STRING "Hostname of computer is: $TARGET_HOSTNAME" Q DELAY 500 Q ENTER else Q STRING "Target Hostname was not found." Q DELAY 500 Q ENTER fi LED SPECIAL1 COUNT=0 while [ -z $TARGET_IP ] && [ $COUNT -lt 5 ]; do GET TARGET_IP COUNT=$(($COUNT + 1)) sleep 1 done if [ ! -z $TARGET_IP ]; then Q STRING "IP of computer is: $TARGET_IP" Q DELAY 500 Q ENTER else Q STRING "Target IP was not found." Q DELAY 500 Q ENTER fi LED FINISH Pretty much you will loop through so many times to see if it is taking some time for the bunny to issue the IP. I know I always get a hostname. IP I don't use but this should work the same. The LEDs will let you know which part it is checking for and the bunny should open notepad and type out results as it gets them. Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted September 21, 2017 Share Posted September 21, 2017 Wanted to add too. You can make a payload with just ATTACKMODE RNDIS_ETHERNET and see if the victim machine gets the RNDIS interface installed. If it does, use putty to ssh into the bashbunny and run the commands by hand...without the attackmode, changing attackmodes while on ssh will drop you. I accidentally found that out testing a payload locally and running it before remarking out the attackmodes. :-P Anyway, you can SSH in and then run the get command and check to see if you get and IP, switch position, etc, etc, etc. Quote Link to comment Share on other sites More sharing options...
Tassilo Posted September 22, 2017 Author Share Posted September 22, 2017 6 hours ago, PoSHMagiC0de said: Pretty much you will loop through so many times to see if it is taking some time for the bunny to issue the IP. I know I always get a hostname. IP I don't use but this should work the same. The LEDs will let you know which part it is checking for and the bunny should open notepad and type out results as it gets them. Fantastic, works like a charm, thanks a lot! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.