SchwarzerLotus Posted May 18, 2018 Share Posted May 18, 2018 I've got a little question if I understood this correct: In the Ethernet attack mode the bash bunny acts like a Linux machine connected to the network. For example port scan of my windows PC: I use a script to perform a port scan from my Linux machine. Now I copy the script to the bash bunny (with necessary modifies of course), put it into the windows machines usb port and it does the "same" Is this correct? Or did I misunderstood how the Ethernet attack principally works? Lovely Greetz ☺ Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 21, 2018 Share Posted May 21, 2018 The Bash Bunny is basically a Linux box with a USB-end as it's main source of power and data. The ATTACKMODE module that the Bash Bunny has is essentially a Linux gadget module. Examples are: ATTACKMODE RNDIS_ETHERNET # Windows network adapter ATTACKMODE ECM_ETHERNET # Linux/MAC network adapter ATTACKMODE STORAGE # USB Storage device (just like any other USB) ATTACKMODE SERIAL # Serial adapter ATTACKMODE HID # HID device (keyboard) You can, theoretically, have up to 3 of those at any time (I think - it may be 2). You cannot use both ETHERNET adapters at once though, I believe. Examples are: # USB storage, keyboard emulation and ethernet adapter ATTACKMODE RNDIS_ETHERNET HID STORAGE # USB storage, serial (just like arming mode) ATTACKMODE STORAGE SERIAL # Windows network - sets speed to 10Mbps ATTACKMODE RNDIS_ETHERNET RNDIS_SPEED_10000 If you wanted to port a network scan on a Linux machine to a network scan on a Windows machine, you would just need to change the ATTACKMODE, assuming that the BB wasn't trying to use any commands in a shell on the victim PC. For example, if you wanted to try running "ifconfig" on the Linux machine via HID then you would need to change that to something else (e.g. "ipconfig") for the Windows machine. # Linux ATTACKMODE ECM_ETHERNET # Windows ATTACKMODE RNDIS_ETHERNET Hope this helps! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.