Jump to content
1N3

Bash Bunny Driver Delay (HID ATTACKMODE)

Recommended Posts

Testing the BashBunny for use on a physical pentest/red team engagement but noticing a huge problem with using this device for a real world assessment. Mainly, on a Windows 7 x64 desktop, the initial driver install process took over 2 minutes to install. After initial drivers are installed, my payload initializes and finishes within 10 seconds which is great if only I didn't have to install the drivers first...

What makes this issue even worse is that the BashBunny doesn't wait until the drivers have been installed before executing the payload which means you need to unplug/re-plug the device in after waiting 2 minutes to execute the payload. Ideally, it would be nice to build some code into the BashBunny to automatically detect when the drivers are installed and then run the payload.

Has anyone had any issues with this and is there any way to improve the speed here? 2 minutes is wayyy to long to wait around at an unlocked workstation. I would be better off typing out the payload by hand if it meant only taking 20-30 seconds max.

Edited by 1N3

Share this post


Link to post
Share on other sites

JediMaster beat me to it.

While my scancode problem went away on my Linux box by fixing the "Lang=us" declaration, I still have problems on the Surface Book so I decided to try VID CID. I haven't yet tried it on the Surface, but on my Linux box it looks like this:

               ---------------------------------------

# System default payload
ATTACKMODE HID VID_0X045e PID_0X005c SN_12345678 MAN_Microsoft
LED R  
 
Q DELAY 3000
Q STRING echo running
Q DELAY 300
Q ENTER
Q DELAY 300
Q STRING lsusb
Q ENTER
Q DELAY 300
 
LED G  
Q DELAY 3000
shutdown 0

..........

lsusb
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 005: ID 2109:0810 VIA Labs, Inc. VL81x Hub

Bus 001 Device 012: ID 045e:005c Microsoft Corp. Office Keyboard (106/109)
Bus 001 Device 004: ID 2109:0810 VIA Labs, Inc. VL81x Hub
Bus 001 Device 007: ID 093a:2510 Pixart Imaging, Inc. Optical Mouse
Bus 001 Device 006: ID 413c:2011 Dell Computer Corp. Multimedia Pro Keyboard
Bus 001 Device 003: ID 413c:1005 Dell Computer Corp. Multimedia Pro Keyboard Hub
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 003: ID 2109:0810 VIA Labs, Inc. VL81x Hub
Bus 004 Device 002: ID 2109:0810 VIA Labs, Inc. VL81x Hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

 

 

Share this post


Link to post
Share on other sites

Thanks for the info! Using the drivers mentioned above, I was able to decrease the time to execute to ~20 seconds!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...