Little question about Ethernet attack mode principally works

[SchwarzerLotus]

I've got a little question if I understood this correct:
In the Ethernet attack mode the bash bunny acts like a Linux machine connected to the network.
For example port scan of my windows PC:
I use a script to perform a port scan from my Linux machine. Now I copy the script to the bash bunny (with necessary modifies of course), put it into the windows machines usb port and it does the "same"

Is this correct? Or did I misunderstood how the Ethernet attack principally works?

Lovely Greetz ☺

[Dave-ee Jones]

The Bash Bunny is basically a Linux box with a USB-end as it's main source of power and data.

The ATTACKMODE module that the Bash Bunny has is essentially a Linux gadget module. Examples are:

ATTACKMODE RNDIS_ETHERNET # Windows network adapter
ATTACKMODE ECM_ETHERNET # Linux/MAC network adapter
ATTACKMODE STORAGE # USB Storage device (just like any other USB)
ATTACKMODE SERIAL # Serial adapter
ATTACKMODE HID # HID device (keyboard)

You can, theoretically, have up to 3 of those at any time (I think - it may be 2). You cannot use both ETHERNET adapters at once though, I believe. Examples are:

# USB storage, keyboard emulation and ethernet adapter
ATTACKMODE RNDIS_ETHERNET HID STORAGE

# USB storage, serial (just like arming mode)
ATTACKMODE STORAGE SERIAL

# Windows network - sets speed to 10Mbps
ATTACKMODE RNDIS_ETHERNET RNDIS_SPEED_10000

If you wanted to port a network scan on a Linux machine to a network scan on a Windows machine, you would just need to change the ATTACKMODE, assuming that the BB wasn't trying to use any commands in a shell on the victim PC. For example, if you wanted to try running "ifconfig" on the Linux machine via HID then you would need to change that to something else (e.g. "ipconfig") for the Windows machine.

# Linux
ATTACKMODE ECM_ETHERNET

# Windows
ATTACKMODE RNDIS_ETHERNET

Hope this helps!