raf Posted March 16, 2019 Posted March 16, 2019 Hi, I just got a bash bunny. I'm using macos, and initially I could connect via serial in arming mode (switch 3) and I could connect via ethernet (switch 1). I did an apt-get update/upgrade, ran into the problem with systemctl not knowing about procps, fixed that thanks to this forum, but after that, ethernet no longer worked (with the default switch 1 payload.txt: ATTACKMODE ECM_ETHERNET STORAGE). I've just looked at the doco again and noticed that it says (for macos) to use RNDIS_ETHERNET (not ECM_ETHERNET) which would mean that the default switch 2 payload.txt was the right one: ATTACKMODE RNDIS_ETHERNET STORAGE So that's confusing me. It looks like I did the wrong thing but it worked anyway (or maybe the doco is wrong?). Anyway, when I try switch 1, macos now reports that the RNDIS gadget has a self-assigned IP and when I try switch 2, it says that the RNDIS device is not connected. So that makes me think that ECM_ETHERNET is better on macos than RNDIS_ETHERNET. The self-assigned IP is because dhcp isn't working and I think the dhcp server isn't working because of a problem with usb0 but I can't seem to find the error message that mentioned usb0 anymore. Anyway, here's what I can find from arming mode (where I can still connect via serial): # systemctl --failed UNIT LOAD ACTIVE SUB DESCRIPTION isc-dhcp-server.service loaded failed failed LSB: DHCP server LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 1 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. # systemctl status isc-dhcp-server ● isc-dhcp-server.service - LSB: DHCP server Loaded: loaded (/etc/init.d/isc-dhcp-server) Active: failed (Result: exit-code) since Thu 1970-01-01 00:00:13 UTC; 1min 31s ago Process: 244 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=1/FAILURE) Jan 01 00:00:11 bunny dhcpd[266]: Jan 01 00:00:11 bunny dhcpd[266]: No subnet declaration for usb0 (no IPv4 a...). Jan 01 00:00:11 bunny dhcpd[266]: ** Ignoring requests on usb0. If this is...at Jan 01 00:00:11 bunny dhcpd[266]: you want, please write a subnet declaration Jan 01 00:00:11 bunny dhcpd[266]: in your dhcpd.conf file for the network s...nt Jan 01 00:00:13 bunny isc-dhcp-server[244]: Starting ISC DHCP server: dhcpdc...! Jan 01 00:00:13 bunny isc-dhcp-server[244]: failed! Jan 01 00:00:13 bunny systemd[1]: isc-dhcp-server.service: control process ...=1 Jan 01 00:00:13 bunny systemd[1]: Failed to start LSB: DHCP server. Jan 01 00:00:13 bunny systemd[1]: Unit isc-dhcp-server.service entered fail...e. # dmesg [ 9.031393] usb open backing file: /dev/nandf, 0xd3c55e00 [ 9.031572] g_ether gadget: Mass Storage Function, version: 2009/09/11 [ 9.031586] g_ether gadget: Number of LUNs=1 [ 9.031603] lun0: LUN: removable file: /dev/nandf [ 9.031636] gadget_is_softwinner_otg is not -int [ 9.031645] gadget_is_softwinner_otg is not -int [ 9.031668] g_ether gadget: Ethernet Gadget, version: Memorial Day 2008 [ 9.031693] g_ether gadget: g_ether ready [ 9.262859] g_ether gadget: high-speed config #2: CDC Ethernet (ECM) # ifconfig -a eth0 Link encap:Ethernet HWaddr 7a:9c:df:7a:46:2a BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:114 gre0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1476 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) ip6tnl0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1452 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:520 (520.0 B) TX bytes:520 (520.0 B) sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) tunl0 Link encap:IPIP Tunnel HWaddr NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) I changed the switch 1 payload.txt to "ATTACKMODE ECM_ETHERNET SERIAL" so I could access it via the serial port while it was trying to get ethernet working. This is what I see now: # dmesg [ 8.533890] usb0: MAC 5a:00:00:5a:5a:00 [ 8.533907] usb0: HOST MAC 00:11:22:33:44:55 [ 8.534006] gadget_is_softwinner_otg is not -int [ 8.534016] gadget_is_softwinner_otg is not -int [ 8.534043] g_ether gadget: Ethernet Gadget, version: Memorial Day 2008 [ 8.534069] g_ether gadget: g_ether ready [ 8.761748] g_ether gadget: high-speed config #2: CDC Ethernet (ECM) [ 8.862089] ADDRCONF(NETDEV_UP): usb0: link is not ready [ 9.118930] ADDRCONF(NETDEV_CHANGE): usb0: link becomes ready [ 19.470040] usb0: no IPv6 routers present # ifconfig [...] usb0 Link encap:Ethernet HWaddr 5a:00:00:5a:5a:00 inet addr:172.16.64.1 Bcast:172.16.64.255 Mask:255.255.255.0 inet6 addr: fe80::5800:ff:fe5a:5a00/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:113 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:37528 (36.6 KiB) TX bytes:720 (720.0 B) So it now has a usb0 network interface, with the right address, but from macos it still sees a self-assined address. Ah, but I can do systemctl start isc-dhcp-server and it succeeds, and from macos, it says the RNDIS gadget is "Connected" and has the right address, but it still doesn't work. apr-get update says: Err http://httpredir.debian.org jessie/main armhf Packages 504 Gateway Time-out W: Failed to fetch http://httpredir.debian.org/debian/dists/jessie/main/binary-armhf/Packages 504 Gateway Time-out Any idea what I've done wrong or what I can do to get ethernet working again? I tried rebooting and isc-dhcp-server failed again, starting it manually worked and everything looks ok but network connectivity still isn't working. This is wierd. From the macos host, I can ssh root@172.16.64.1 and it works, but only after I've done a manual: systemctl start isc-dhcp-server from my serial port login. But from the bunny, I can't do: apt-get update So the networking is only working in one direction. Any idea what's going on? This is wierd. Thanks for any advice. cheers, raf Quote
Rkiver Posted March 16, 2019 Posted March 16, 2019 https://forums.hak5.org/forum/92-bash-bunny/ Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.