Jump to content

Little question about Ethernet attack mode principally works


Recommended Posts

I've got a little question if I understood this correct:
In the Ethernet attack mode the bash bunny acts like a Linux machine connected to the network.
For example port scan of my windows PC:
I use a script to perform a port scan from my Linux machine. Now I copy the script to the bash bunny (with necessary modifies of course), put it into the windows machines usb port and it does the "same"

Is this correct? Or did I misunderstood how the Ethernet attack principally works?

Lovely Greetz ☺

Link to comment
Share on other sites

The Bash Bunny is basically a Linux box with a USB-end as it's main source of power and data.

The ATTACKMODE module that the Bash Bunny has is essentially a Linux gadget module. Examples are:

ATTACKMODE RNDIS_ETHERNET # Windows network adapter
ATTACKMODE ECM_ETHERNET # Linux/MAC network adapter
ATTACKMODE STORAGE # USB Storage device (just like any other USB)
ATTACKMODE SERIAL # Serial adapter
ATTACKMODE HID # HID device (keyboard)

You can, theoretically, have up to 3 of those at any time (I think - it may be 2). You cannot use both ETHERNET adapters at once though, I believe. Examples are:

# USB storage, keyboard emulation and ethernet adapter

# USB storage, serial (just like arming mode)

# Windows network - sets speed to 10Mbps

If you wanted to port a network scan on a Linux machine to a network scan on a Windows machine, you would just need to change the ATTACKMODE, assuming that the BB wasn't trying to use any commands in a shell on the victim PC. For example, if you wanted to try running "ifconfig" on the Linux machine via HID then you would need to change that to something else (e.g. "ipconfig") for the Windows machine.

# Linux

# Windows

Hope this helps!

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...