Jump to content

GET TARGET_IP isn't working?


Am3ience

Recommended Posts

Posted

Again i'm new at this, i'm trying the nmap payload on the hak5 github and the GET TARGET_IP command is getting the IP of the bash bunny and not the computer it's plugged into? Is there something i'm doing wrong?

Posted

It doesn't seem like TARGET_IP is the IP of the computer, but Bash does scan the computer it's connected to, just doesn't get the proper IP. 

Posted

@Am3ience Could you provide more details? What OS are you attacking? Are you using the applicable ATTACKMODE?

What do you mean with "only a 176 ip"? Does the script resolve an IP according to the LEDs? Maybe add to the script a 

echo 'This is the target ip: '$TARGET_IP >> /root/ip-log.txt
echo 'This is the host ip: '$HOST_IP >> /root/ip-log.txt

and tell us the results...

Posted
On 2/4/2018 at 2:02 PM, GermanNoob said:

@Am3ience Could you provide more details? What OS are you attacking? Are you using the applicable ATTACKMODE?

What do you mean with "only a 176 ip"? Does the script resolve an IP according to the LEDs? Maybe add to the script a 


echo 'This is the target ip: '$TARGET_IP >> /root/ip-log.txt
echo 'This is the host ip: '$HOST_IP >> /root/ip-log.txt

and tell us the results...

I'm getting:
This is the target ip: 172.16.64.10
This is the host ip: 172.16.64.1

I was hoping to get the actual IP of the target PC, like when doing an if or ipconfig. I'm attacking a Win 10 machine. Also using ATTACKMODE RNDIS_ETHERNET .

Posted

Well, you can only get the IP of the victim pc on the "BB LAN"... What you could do otherwise:

use the ATTACKMODE HID STORAGE, start an terminal on the victim, type ipconfig and save the output directly to your BUNNY STORAGE. You can access this one from the BunnySide at /root/udisk/ and with some BASHFU you will be able to extract the IPs of the other network adapters...

Posted
41 minutes ago, GermanNoob said:

Well, you can only get the IP of the victim pc on the "BB LAN"... What you could do otherwise:

use the ATTACKMODE HID STORAGE, start an terminal on the victim, type ipconfig and save the output directly to your BUNNY STORAGE. You can access this one from the BunnySide at /root/udisk/ and with some BASHFU you will be able to extract the IPs of the other network adapters...

What is the BB LAN? Is there a way to nmap scan a network (192.168.10.0/24) using the Bash Bunny?

Posted

@Am3ience, what I call the "BB LAN" is the LAN connection of the BashBunny in Attackmode *_ETHERNET and the victim computer. From the BashBunny you can only scan this network as the BashBunny has only this network connection.

If you want to scan another network to which only your victim computer is connected you will need to execute the scan from the victim. Which means to use HID and (if your victim hasn't nmap installed) download nmap from the BashBunny via STORAGE (or SMB) or the internet...

  • 2 weeks later...
Posted
On 2/8/2018 at 9:19 AM, GermanNoob said:

@Am3ience, what I call the "BB LAN" is the LAN connection of the BashBunny in Attackmode *_ETHERNET and the victim computer. From the BashBunny you can only scan this network as the BashBunny has only this network connection.

If you want to scan another network to which only your victim computer is connected you will need to execute the scan from the victim. Which means to use HID and (if your victim hasn't nmap installed) download nmap from the BashBunny via STORAGE (or SMB) or the internet...

so the BB doesn't actually get the target's IP? It leases its IP " 172.16.64.10 " to target?

Posted
On 22.2.2018 at 3:03 AM, Am3ience said:

so the BB doesn't actually get the target's IP? It leases its IP " 172.16.64.10 " to target?

Not 100% correct:

BB tells you with GET TARGET_IP the IP of the target computer on the BashBunny Ethernet adapter. The victim computer leases the IP from the BashBunny which gives the IP 172.16.64.10 to the victim.

As said before: If you want to scan another network adapter you can do it by using a HID & storage attack (starting nmap from storage on the victim computer) or with a HID & ETHERNET attack by pivoting through the victim computer.

Posted
10 minutes ago, GermanNoob said:

Not 100% correct:

BB tells you with GET TARGET_IP the IP of the target computer on the BashBunny Ethernet adapter. The victim computer leases the IP from the BashBunny which gives the IP 172.16.64.10 to the victim.

As said before: If you want to scan another network adapter you can do it by using a HID & storage attack (starting nmap from storage on the victim computer) or with a HID & ETHERNET attack by pivoting through the victim computer.

so nmap needs to be installed on the victim computer? if one would want to scan another network adapter

Posted
1 minute ago, Am3ience said:

so nmap needs to be installed on the victim computer? if one would want to scan another network adapter

No, just start a nmap executable from the STORAGE location, but you have to run it from the victim computer.

The other way would be to utilize port forwarding on the victim computer. then you should be able to scan with nmap from the BashBunny...

Method A (STORAGE) would be easier to do...

Posted
22 minutes ago, GermanNoob said:

No, just start a nmap executable from the STORAGE location, but you have to run it from the victim computer.

The other way would be to utilize port forwarding on the victim computer. then you should be able to scan with nmap from the BashBunny...

Method A (STORAGE) would be easier to do...

oh ok, so just place the nmap package on the usb, and then put it on the victim's pc then scan?

Posted

if you have it on the BashBunny STORAGE partition you can run it from there on the victim computer. No need to copy it first.

Posted
31 minutes ago, GermanNoob said:

if you have it on the BashBunny STORAGE partition you can run it from there on the victim computer. No need to copy it first.

This would require you know the ip you want to scan beforehand, correct?

Posted
1 minute ago, Am3ience said:

This would require you know the ip you want to scan beforehand, correct?

No, this just needs ATTACKMODE HID & STORAGE. Have a look at some payloads, that use these ATTACKMODES in combination and access the BASHBUNNY storage folder from the victim. 

Don't go out there and run ANY payloads that you don't understand!!!

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...