Jump to content

Bash Bunny newbie needing help with tools


0rang3

Recommended Posts

Hey there guys,

I'm new to the BB and Hak5 forums, but decently familiar with computers in general. My issue is when using any payload asking for a tool, it just doesn't seem to work. Depending on the payload I get a failed LED. Mostly talking about PasswordGrabber but I've tried many. I feel that somehow I'm not installing the tools correctly or putting them in the wrong directory. Some of the advice out there seems to be for old firmware and have changed.

Here is what I have done so far:

  1. plugged the BB in my PC and played around with a few ducky scripts. It worked great.
  2. copied the payload directory from github and tried several credentials payloads to no avail.
  3. Used bashbunny updater and updated to 1.5_298. No dice.
  4. I moved to a second PC, disabled antivirus and malware services. No difference.
  5. I tried some payloads again and they added folders to loot directory but they were empty. I figured out I needed a few tools so I added the .deb to tools folder in arming mode. Safely ejected and reinserted. I assume they installed. Specifically per the instructions I added the LaZagne.exe to the switch location and tools folder.
  6. Tried again and it didn't work. I puttied into the BB via serial and poked around. The only directories there were: loot, udisk, version.txt. All of which were empty except loot which had a few folders of password grabber and quickcreds. Those folders were empty.

So I want to restate that powershell commands, ducky script and bash commands work fine to my knowledge. It seems to fail when using external tools, although I could be wrong. Also, maybe just something I have to learn how to fix but RNDIS does not ever get an IP address.

Does the BB spit out logs anywhere?

Any help would be greatly appreciated. 

0rang3

Link to comment
Share on other sites

It sounds like you have done a good job troubleshooting so far.  A couple things I'd try next would be:

  1. Try peppering your payload with the DEBUG command to write some custom logs and see exactly where your script is failing. (https://github.com/hak5/bashbunny-payloads/blob/master/payloads/extensions/debug.sh
  2. Screen/putty into the Bunny and try running the commands you think are failing, manually.  This will help you figure out any dependencies you may be missing (https://wiki.bashbunny.com/#!index.md) You can easily install dependencies with a shared internet connection (https://www.hak5.org/gear/bash-bunny/docs)
  3. Pick a specific payload, troubleshoot as far as you can with the above methods, then ask a more specific question on the selected payload's official thread (https://forums.hak5.org/forum/93-payloads/)

 

Link to comment
Share on other sites

Hi @0rang3!

to check if the .deb tools were installed: Have a ssh / serial into the BashBunny and have a look in /tools/ .

According other tools: Let's have a look at a specific payload and lets walk through... This way we might find the problem you are facing.

According logs: I don't know a specific BashBunny log. What I do during payload development / adjustment is to insert some loglines, like:

date >> /root/test.log; echo 'Logtext' >> /root/test.log

if there are any bash commands run, you can also do

bashcmd >> test.log

to see the errors happening...

According the ATTACKMODE RNDIS_ETHERNET issue:

Is the BashBunny recognized as an Ethernet device? I'm not sure if this is still necessary, but in the beginning you needed win7-win8-cdc-acm.inf in the BashBunny directory. Do you have that one?

I hope this helps you a little bit

Link to comment
Share on other sites

@bg-waI will give those steps a shot.

@GermanNoob Here is a Screencap of the bash bunny directory in arming mode. I have the inf file but it fails to install when trying so manually. I even removed the device from device manager and tried again to no avail. Like I said before when connecting via putty serial I run ls and get two directories and a text file called version. Tools are either absent or I'm somehow misunderstanding where to look.

I have to get to class soon so I won't be able to troubleshoot it anymore today.

Thanks for the help guys.

0rang3

Link to comment
Share on other sites

I'm not sure how confident you are with the BashBunny and / or Linux. So please excuse myself for explaining this you might know...

When you have used putty to log into the BashBunny, then just type:

ls /tools

This will show you all files installed on the BashBunny root file system (not the root user)... Tell us if impacked and responder are there.

According the ATTACKMODE RDNIS_ETHERNET:
Please put in switch1 folder the following content of payload.txt
 

ATTACKMODE RNDIS_ETHERNET

then safely eject the BB turn the switch to position 1 and put it back in the computer. Check if Windows recognizes the BashBunny as a new network adapter. If so you can use putty also ssh into the box.

While you have to go to class, I have to go to bed... See you tomorrow!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...