BashBunny for "legit" work! Unattended headless new PC cloning

[slyyyde]

Made some great "white hat" usage of BashBunny this week.

Bought a batch of new micro-PCs, built a golden image for them, saved it with CloneZilla. Loaded a bootable CloneZilla Live install on to BB, then made a HID/STORAGE payload that boots target into CloneZilla with pre-scripted restore, redirecting stdout back to /loot. Script on BB waits a few minutes for CloneZilla to complete, then BB reboots both the target and itself to make sure /loot is synced and visible, then checks the logfile for successful completion before LED FINISH. Bing bang boom! Fresh new PC ready to deploy with custom config.

Lessons learned:

• It can be really hard to script blind HID keystrokes when the target might not be consistent each run (BIOS boot device menu sequence, for example). One workaround is to send multiple commands in a sequence that the target will ignore or fail recoverably if irrelevant.
• /loot doesn't automatically stay in sync between scripts running on BB and on the target when mounted as STORAGE.Having BB reboot itself was the only way I could reliably get it to see updates saved by the target.
• After a self-reboot, the same payload script can pick up where it left off by first detecting that a file is there now.
• If I really want real-time two-way communication between BB and target, probably need to use network instead of storage. Next time.

Fun project! Thanks Hak5 for a truly useful tool.

 

[jblk01]

Care to share how you did this?  Maybe a github link?  I love the idea of the BB doing some of my sysadmin work for me. 😂

[slyyyde]

I don't think my specific payload for this task is very generalizable, but I can try to provide some code snippets if there's a specific question you're wondering about. Mostly my script did a lot of LEDs, QUACKs, and sleeps, like most other scripts. A little file system stuff to check the logfile. Also spent a bit of time getting the cloning image just the way I wanted, with scheduled tasks queued up to have the newly-cloned image assign itself a unique machine name on first boot, and automatically install/activate a remote management agent. And poked around with grub.cfg on the CloneZilla side to get it launching a restore script with no intervention.