Jump to content
Hak5 Forums
EgonSommer

simulate scripts

Recommended Posts

Hi, 

is there a way to test my self-written scripts without changing the Bash Bunny mode? Or is there a way to simulate the scripts on the software side? 

 

How do you handle this?

Do you have any suggestions or tips?

Thank you very much.

Share this post


Link to post
Share on other sites

The only way I know is to eject the BB and start the attack. To simulate different machines I use virtual machines...

Share this post


Link to post
Share on other sites

You can run scripts from the shell, just like any other Linux box.

source path/to/script.txt

 

Share this post


Link to post
Share on other sites

Well, that's what I thought.

That is a pity, would have saved a little time.

 

Share this post


Link to post
Share on other sites
14 hours ago, EgonSommer said:

Well, that's what I thought.

That is a pity, would have saved a little time.

What exactly were you expecting?

Serial into the Bunny and run your test script. It does save you time because you don't have to copy it to a switch, unplug the Bunny, plug it in again, wait for it to come back up and then run the payload..all to watch it not do anything because you forgot to end your if statement with "fi".

Unless you have a bash emulator (not to mention, it would need the same modules as the Bunny) inside your text editor there's no way you can make it faster, sorry.

Share this post


Link to post
Share on other sites
15 hours ago, Dave-ee Jones said:

What exactly were you expecting?

Serial into the Bunny and run your test script. It does save you time because you don't have to copy it to a switch, unplug the Bunny, plug it in again, wait for it to come back up and then run the payload..all to watch it not do anything because you forgot to end your if statement with "fi".

Unless you have a bash emulator (not to mention, it would need the same modules as the Bunny) inside your text editor there's no way you can make it faster, sorry.

 

Hi Dave-ee Jones,


I thought of a "Bash Bunny emulator". Thank you for answering anyway.

 

Share this post


Link to post
Share on other sites
On 2/10/2018 at 1:58 AM, EgonSommer said:

Hi Dave-ee Jones,

I thought of a "Bash Bunny emulator". Thank you for answering anyway.

Possible, but emulating ATTACKMODEs and things would be different. You could create "pseudo functions" that replace certain ones.
For example, to emulate being an RNDIS_ETHERNET you would set a value to TARGET_IP.

function ATTACKMODE() {
	case "$1" in
		RNDIS_ETHERNET)
			TARGET_IP="172.16.16.100"
			;;
		*)
			echo "Usage: ATTACKMODE RNDIS_ETHERNET"
			exit 1
	esac
}

ATTACKMODE RNDIS_ETHERNET
echo $TARGET_IP

However you wouldn't be able to troubleshoot any issues with the target PC (because it doesn't exist..), so if you ported it to the Bash Bunny for an IRL test it might have other issues that the emulator can't emulate, e.g. the PC not detecting the BB as an ethernet device because it's drivers are busted.

Share this post


Link to post
Share on other sites

I do not know how anyone tests the BB in a VM.  You would have to program in all the modes vid_pid the bunny will use for your attack and hope it doesn't detect it is active before the VM picks it up and installs it.  Meaning if you use network, VM will need that ID and any others.  Sounds painful to even try.  I only test the HID parts on a VM with the Bunny directly but I do not add it to the VM as a USB device.  I let it type through the host.  Keyboard commands can come from the host into the VM just fine. 

If I test directly on a Windows machine (bare metal) while developing I use a HID/Network attack mode to ssh into the bunny and run a second payload.txt that matches my original payload.txt file I have that does not have an attackmode...because switching attack modes while you are connected will drop you.

Most of the time I build a quazi BB environment with victim as a VM and wait till I am done there before moving to test timing on a real Windows box meaning I write the payload.txt as a bash script to get variables and stuff or simulate getting the variables and echoing my quack commands.  I normally only have 1 and try to keep my payloads down to 1 quack session to kick off the whole process.  I copy and paste the echo into the victim Windows VM and usually if I am doing SMB, I have on my host (which is linux) smbserver.py running so VM can access.  If USB Storage I have another VM drive setup that I have connected and labelled with same name as Bashbunny.  Once I get everything going in my pseudo then it saves me much time getting it ready on the bunny for the real thing.  At that point it is usually timings, not coding bugs that I have to work through.

Share this post


Link to post
Share on other sites
3 hours ago, PoSHMagiC0de said:

I do not know how anyone tests the BB in a VM.  You would have to program in all the modes vid_pid the bunny will use for your attack and hope it doesn't detect it is active before the VM picks it up and installs it.  Meaning if you use network, VM will need that ID and any others.  Sounds painful to even try.  I only test the HID parts on a VM with the Bunny directly but I do not add it to the VM as a USB device.  I let it type through the host.  Keyboard commands can come from the host into the VM just fine.

Hi @PoSHMagiC0de,

well, I never experienced any problems using BB with an vm. Depending on which system you use (VMware or VirtualBox) you can tell the software just to add the USB device directly to the vm... It's just easy.... 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×