Jump to content

GET TARGET_ID not working on a 1.3 bunny?


Tassilo

Recommended Posts

I am having trouble using GET TARGET_ID in payloads.

To verify it's this specific command causing the trouble, I set up this short script:

ATTACKMODE RNDIS_ETHERNET
LED STAGE3
Q DELAY 3000
GET TARGET_IP
# Check target IP address. If unset, blink slow red.
if [ -z "${TARGET_IP}" ]; then
    LED FAIL2
    exit
fi
LED FINISH

and indeed it ends up blinking red. Firmware is 1.3. Any idea? Or is there something wrong in the script?

Thanks!

Link to comment
Share on other sites

So, I am assuming you are using this on a Windows box.

With that said I never used the GET with the TARGET_IP parameter but here is what I would do to test.  I would test for TARGET_HOSTNAME also just to make sure it works and I would check a few times to give the bunny time.  Example of a below script that should work for you to test.  I Included HID to quack out the results too.

 

LED SETUP
ATTACKMODE HID RNDIS_ETHERNET

LED STAGE1
COUNT=0
while [ -z $TARGET_HOSTNAME ] && [ $COUNT -lt 5 ]; do
    GET TARGET_HOSTNAME
    COUNT=$(($COUNT + 1))
    sleep 1
done
RUN WIN notepad
Q DELAY 3000

if [ ! -z $TARGET_HOSTNAME ]; then
    Q STRING "Hostname of computer is: $TARGET_HOSTNAME"
    Q DELAY 500
    Q ENTER
else
    Q STRING "Target Hostname was not found."
    Q DELAY 500
    Q ENTER
fi

LED SPECIAL1

COUNT=0

while [ -z $TARGET_IP ] && [ $COUNT -lt 5 ]; do
    GET TARGET_IP
    COUNT=$(($COUNT + 1))
    sleep 1
done

if [ ! -z $TARGET_IP ]; then
    Q STRING "IP of computer is: $TARGET_IP"
    Q DELAY 500
    Q ENTER
else
    Q STRING "Target IP was not found."
    Q DELAY 500
    Q ENTER
fi

LED FINISH

 

Pretty much you will loop through so many times to see if it is taking some time for the bunny to issue the IP.  I know I always get a hostname.  IP I don't use but this should work the same.  The LEDs will let you know which part it is checking for and the bunny should open notepad and type out results as it gets them.

 

Link to comment
Share on other sites

Wanted to add too.  You can make a payload with just ATTACKMODE RNDIS_ETHERNET and see if the victim machine gets the RNDIS interface installed.  If it does, use putty to ssh into the bashbunny and run the commands by hand...without the attackmode, changing attackmodes while on ssh will drop you.  I accidentally found that out testing a payload locally and running it before remarking out the attackmodes.  :-P

Anyway, you can SSH in and then run the get command and check to see if you get and IP, switch position, etc, etc, etc.

Link to comment
Share on other sites

6 hours ago, PoSHMagiC0de said:

Pretty much you will loop through so many times to see if it is taking some time for the bunny to issue the IP.  I know I always get a hostname.  IP I don't use but this should work the same.  The LEDs will let you know which part it is checking for and the bunny should open notepad and type out results as it gets them.

Fantastic, works like a charm, thanks a lot!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...