Jump to content

GET TARGET_IP isn't working?


Am3ience
 Share

Recommended Posts

@Am3ience Could you provide more details? What OS are you attacking? Are you using the applicable ATTACKMODE?

What do you mean with "only a 176 ip"? Does the script resolve an IP according to the LEDs? Maybe add to the script a 

echo 'This is the target ip: '$TARGET_IP >> /root/ip-log.txt
echo 'This is the host ip: '$HOST_IP >> /root/ip-log.txt

and tell us the results...

Link to comment
Share on other sites

On 2/4/2018 at 2:02 PM, GermanNoob said:

@Am3ience Could you provide more details? What OS are you attacking? Are you using the applicable ATTACKMODE?

What do you mean with "only a 176 ip"? Does the script resolve an IP according to the LEDs? Maybe add to the script a 


echo 'This is the target ip: '$TARGET_IP >> /root/ip-log.txt
echo 'This is the host ip: '$HOST_IP >> /root/ip-log.txt

and tell us the results...

I'm getting:
This is the target ip: 172.16.64.10
This is the host ip: 172.16.64.1

I was hoping to get the actual IP of the target PC, like when doing an if or ipconfig. I'm attacking a Win 10 machine. Also using ATTACKMODE RNDIS_ETHERNET .

Link to comment
Share on other sites

Well, you can only get the IP of the victim pc on the "BB LAN"... What you could do otherwise:

use the ATTACKMODE HID STORAGE, start an terminal on the victim, type ipconfig and save the output directly to your BUNNY STORAGE. You can access this one from the BunnySide at /root/udisk/ and with some BASHFU you will be able to extract the IPs of the other network adapters...

Link to comment
Share on other sites

41 minutes ago, GermanNoob said:

Well, you can only get the IP of the victim pc on the "BB LAN"... What you could do otherwise:

use the ATTACKMODE HID STORAGE, start an terminal on the victim, type ipconfig and save the output directly to your BUNNY STORAGE. You can access this one from the BunnySide at /root/udisk/ and with some BASHFU you will be able to extract the IPs of the other network adapters...

What is the BB LAN? Is there a way to nmap scan a network (192.168.10.0/24) using the Bash Bunny?

Link to comment
Share on other sites

@Am3ience, what I call the "BB LAN" is the LAN connection of the BashBunny in Attackmode *_ETHERNET and the victim computer. From the BashBunny you can only scan this network as the BashBunny has only this network connection.

If you want to scan another network to which only your victim computer is connected you will need to execute the scan from the victim. Which means to use HID and (if your victim hasn't nmap installed) download nmap from the BashBunny via STORAGE (or SMB) or the internet...

Link to comment
Share on other sites

  • 2 weeks later...
On 2/8/2018 at 9:19 AM, GermanNoob said:

@Am3ience, what I call the "BB LAN" is the LAN connection of the BashBunny in Attackmode *_ETHERNET and the victim computer. From the BashBunny you can only scan this network as the BashBunny has only this network connection.

If you want to scan another network to which only your victim computer is connected you will need to execute the scan from the victim. Which means to use HID and (if your victim hasn't nmap installed) download nmap from the BashBunny via STORAGE (or SMB) or the internet...

so the BB doesn't actually get the target's IP? It leases its IP " 172.16.64.10 " to target?

Link to comment
Share on other sites

On 22.2.2018 at 3:03 AM, Am3ience said:

so the BB doesn't actually get the target's IP? It leases its IP " 172.16.64.10 " to target?

Not 100% correct:

BB tells you with GET TARGET_IP the IP of the target computer on the BashBunny Ethernet adapter. The victim computer leases the IP from the BashBunny which gives the IP 172.16.64.10 to the victim.

As said before: If you want to scan another network adapter you can do it by using a HID & storage attack (starting nmap from storage on the victim computer) or with a HID & ETHERNET attack by pivoting through the victim computer.

Link to comment
Share on other sites

10 minutes ago, GermanNoob said:

Not 100% correct:

BB tells you with GET TARGET_IP the IP of the target computer on the BashBunny Ethernet adapter. The victim computer leases the IP from the BashBunny which gives the IP 172.16.64.10 to the victim.

As said before: If you want to scan another network adapter you can do it by using a HID & storage attack (starting nmap from storage on the victim computer) or with a HID & ETHERNET attack by pivoting through the victim computer.

so nmap needs to be installed on the victim computer? if one would want to scan another network adapter

Link to comment
Share on other sites

1 minute ago, Am3ience said:

so nmap needs to be installed on the victim computer? if one would want to scan another network adapter

No, just start a nmap executable from the STORAGE location, but you have to run it from the victim computer.

The other way would be to utilize port forwarding on the victim computer. then you should be able to scan with nmap from the BashBunny...

Method A (STORAGE) would be easier to do...

Link to comment
Share on other sites

22 minutes ago, GermanNoob said:

No, just start a nmap executable from the STORAGE location, but you have to run it from the victim computer.

The other way would be to utilize port forwarding on the victim computer. then you should be able to scan with nmap from the BashBunny...

Method A (STORAGE) would be easier to do...

oh ok, so just place the nmap package on the usb, and then put it on the victim's pc then scan?

Link to comment
Share on other sites

1 minute ago, Am3ience said:

This would require you know the ip you want to scan beforehand, correct?

No, this just needs ATTACKMODE HID & STORAGE. Have a look at some payloads, that use these ATTACKMODES in combination and access the BASHBUNNY storage folder from the victim. 

Don't go out there and run ANY payloads that you don't understand!!!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...