JustJohn Posted February 19, 2018 Posted February 19, 2018 Hi Been around the forum and can't find any answer. Trying to get the bash bunny online using the bb.sh sharing script. I managed to get access to the bunny thru SSH, but it seams like, that the wlan0 interface shuts down and the new USB Ethernet eth1 takes over. What do I miss here? My Process Guided setup ---------------------- Step 1 of 3: Select Default Gateway Default gateway reported as 192.168.1.1 Use the above reported default gateway? [Y/n]? y Step 2 of 3: Select Internet Interface Internet interface reported as wlan0 Use the above reported Internet interface? [Y/n]? y Step 3 of 3: Select Bash Bunny Interface Please connect the Bash Bunny to this computer. ................[Checking] Detected Bash Bunny on interface eth1 Use the above detected Bash Bunny interface? [Y/n]? y Settings saved. Saved Settings: Share Internet connection from wlan0 to Bash Bunny at eth1 through default gateway 192.168.1.1 SSH Connection ---------------------------- $ssh root@172.16.64.1 root@172.16.64.1's password: _____ _____ _____ _____ _____ _____ _____ _____ __ __ (\___/) | __ || _ || __|| | | | __ || | || | || | || | | (='.'=) | __ -|| ||__ || | | __ -|| | || | | || | | ||_ _| (")_(") |_____||__|__||_____||__|__| |_____||_____||_|___||_|___| |_| Bash Bunny by Hak5 USB Attack/Automation Platform Last login: Sat Aug 26 00:09:43 2017 from 172.16.64.10 root@bunny:~# apt-get update 0% [Connecting to httpredir.debian.org]^C root@bunny:~# iptables --------------- Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ifconfig -------------- eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.16.64.10 netmask 255.255.255.0 broadcast 172.16.64.255 wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.131 netmask 255.255.255.0 broadcast 192.168.1.255 Best Regards Claus
PoSHMagiC0de Posted February 19, 2018 Posted February 19, 2018 Hmm, can anyone chime in and correct me..been a but since I did internet sharing with BB..but when sharing in linux, should there be a masquerade rule in the iptables for outgoing stuff on the internet facing interface.
JustJohn Posted February 19, 2018 Author Posted February 19, 2018 Hi PoSHMagiC0de Would this could do it? sudo iptables -A FORWARD --in-interface eth1 -j ACCEPT sudo iptables --table nat -A POSTROUTING --out-interface wlan0 -j MASQUERADE And then: Enable IP forwarding sudo sysctl -w net.ipv4.ip_forward=1 /Claus
JustJohn Posted February 19, 2018 Author Posted February 19, 2018 1 minute ago, clauspauli said: Hi PoSHMagiC0de Would this could do it? sudo iptables -A FORWARD --in-interface eth1 -j ACCEPT sudo iptables --table nat -A POSTROUTING --out-interface wlan0 -j MASQUERADE And then: Enable IP forwarding sudo sysctl -w net.ipv4.ip_forward=1 /Claus And should it be in the bb script, or is it a manual thing to do after running the bb?
Dave-ee Jones Posted February 20, 2018 Posted February 20, 2018 The BB takes over as the primary source because of its interface bandwidth. Windows (and Mac, I would imagine) treat it as the primary NIC because the NIC says it's a 2Gbps speed, so if your normal NIC is slower it gets ignored. You can fix this by specifying the NIC speed (basically spoofs the speed) as shown below: ATTACKMODE RNDIS_ETHERNET RNDIS_SPEED_10000 The above command limits the bandwidth to 10Mbps. However, I don't know if you can do the same with ECM but you can try (see below). ATTACKMODE ECM_ETHERNET ECM_SPEED_10000 # OR ATTACKMODE ECM_ETHERNET RNDIS_SPEED_10000
JustJohn Posted February 20, 2018 Author Posted February 20, 2018 6 hours ago, Dave-ee Jones said: The BB takes over as the primary source because of its interface bandwidth. Windows (and Mac, I would imagine) treat it as the primary NIC because the NIC says it's a 2Gbps speed, so if your normal NIC is slower it gets ignored. You can fix this by specifying the NIC speed (basically spoofs the speed) as shown below: ATTACKMODE RNDIS_ETHERNET RNDIS_SPEED_10000 The above command limits the bandwidth to 10Mbps. However, I don't know if you can do the same with ECM but you can try (see below). ATTACKMODE ECM_ETHERNET ECM_SPEED_10000 # OR ATTACKMODE ECM_ETHERNET RNDIS_SPEED_10000 Hi Dave Thanks for your reply, but it did not work. :-( Have tried with PCI NIC, same result. /Claus
JustJohn Posted February 20, 2018 Author Posted February 20, 2018 Anyone have this issue? Still not working with internet sharing on kali linux, /Claus
Just_a_User Posted February 20, 2018 Posted February 20, 2018 10 minutes ago, clauspauli said: Still not working with internet sharing on kali linux, I had some issues in the past that sound similar. Did you try running 'nm-connection-editor' from terminal, selecting your bb interface, go to ipv4 and changing manual/automatic to shared with other computers? maybe that sorts it, maybe it doesn't. Obviously the rest of the configs need to be correct as per the wiki. I do this on Ubuntu 17 and works well for me for ICS the hak5 gear.
JustJohn Posted February 20, 2018 Author Posted February 20, 2018 Thanks Just_a_User, that worked /Claus
Dave-ee Jones Posted February 20, 2018 Posted February 20, 2018 15 hours ago, clauspauli said: Hi Dave Thanks for your reply, but it did not work. :-( Have tried with PCI NIC, same result. /Claus Yeah, I suspected it wouldn't because Mac doesn't use RNDIS drivers, neither does Linux.
JustJohn Posted February 21, 2018 Author Posted February 21, 2018 11 hours ago, Dave-ee Jones said: Yeah, I suspected it wouldn't because Mac doesn't use RNDIS drivers, neither does Linux. Thanks for the replay
Recommended Posts
Archived
This topic is now archived and is closed to further replies.