Bash Bunny Ethernet mode not working

[CuChulaind]

I have 2 payloads for my bashbunny. The 1st simply runs in ATTACKMODE RNDIS_ETHERNET (with shared ethernet) and it works just fine. The 2nd payload I set to ATTACKMODE HID, run a powershell command, then switch to ATTACKMODE RNDIS_ETHERNET. When I do this the bunny fails to switch to ethernet mode. Am I missing something to switch modes?

Thanks.

Successful 

##### Network Connection Sharing ######

LED Y

ATTACKMODE RNDIS_ETHERNET 

LED FINISH

 

AND unsuccessful

#!/bin/bash
#
#Title:		Dev Payload
#Author:	Cuchulaind
#Props:		Cylone
#Version:	.1
#Category:	Development
#Target:	Windows XP SP3+ (Basic PowerShell)
#Attackmodes:	HID, Ethernet


##### HID Device ####
LED STAGE1
ATTACKMODE HID
RUN WIN "powershell Get-Process"

##### Ethernet Device ######
LED STAGE2
ATTACKMODE RNDIS_ETHERNET 

##### CLEANUP AND FINISH ###
LED FINISH

 

[PoSHMagiC0de]

After the LED FINISH flashes can you ping your BB at the IP it is at, 172.16.64.1?

Also, I usually give the BB a few seconds after setting an attack mode.

[CuChulaind]

Thank you for the reply.  After the finish LED I can not ping the bunny at 172.16.64.1. Also when running the 1st payload successfully I see an ethernet connect 2, whereas when I run payload 2, there is no ethernet connection 2.

 

I have tried both payloads on another Win10 machine and received the same results.

 

 

[CuChulaind]

For testing, I copied the working payload from switch 1 to payload on switch 2 and it worked as expected. I then went back to my original switch 2 payload and removed the HID stage. This also worked as expected. I surmise that for some reason when I am switching ATTACKMODES I am doing something incorrectly.

[CuChulaind]

Very very odd. The code below, when used the 1st time worked. I unplugged the BB, waited, plugged it back in, and then the Ethernet failed.  What gives?

LED STAGE1
ATTACKMODE HID

LED STAGE2
ATTACKMODE RNDIS_ETHERNET

LED FINAL

 

[CuChulaind]

Applying the code above to switch 1 also gave the same results, no ethernet attackmode. What is the proper way to set a delay in Bash Bunny? Q DELAY 1500?

[CuChulaind]

Rearranging the payloads works as expected. Ethernet 1st and Storage 2nd works. Ethernet first and HID 2nd works. It's not jut my device either, others, with the latest Windows 1803 update, are effected. Unable to to HID 1st then Ethernet, it simply doesn't work. Some change M$ made.

Your welcome

[PoSHMagiC0de]

When I get a chance I will have to test that.  Ever since dual mode was introduced on one of the previous firmware versions I have been using both attack modes at once to reduce time between victim driver installation/switching.  Also been clocking the speed down as not to interrupt their normal network connection.

 

ATTACKMODE HID RNDIS_ETHERNET RNDIS_SPEED_10000

 

[CuChulaind]

Thank you for the reply. I was able to successfully run what I wanted by specifying the 2 attack modes at once.  I have been doing them separately emulating the variety of pre-made payloads on git. Those of course, at least at this point, won't run and will need to be updated.

 

Brian