Jump to content

Stepped Attacks


Recommended Posts

Is it possible to "step" attack modes so that on a single switch position it connects as one device, performs an attack then connects as an additional device type?

My idea was to launch an attack on the AV using only HID then mount the storage and run further attacks with the AV work around already in place so the malware remians undetected.

Alternatively is it possible to have two seperate partitions so we can launch a HID + STORAGE attack on the first switch with no recognised malware in the first storage partition and then switch to the other payload which launches an attack where the malware is now accessible.

I am aware that this could be acomplished using two seperate devices, I'm just trying to figure out if it's possible using just one.

Link to comment
Share on other sites

Sure it is. Try this payload

Q DELAY 3000
RUN WIN "notepad"

As you can see, it goes first into rndis_ethernet and then opens notepad in hid storage.

I saw in your 2 posts you made, that you don't have much experience with the Bunny. Please be sure that you watch all the BashBunny Videos Hak5 made for us, because all the things I said are in the videos even better explained

Link to comment
Share on other sites

It canceles the RNDIS_ETHERNET mode. In my payload here, as soon as the line "attackmode hid storage" comes, it becomes a hid storage device, and cancelles the RNDIS_ETHERNET attackmode. You can check that if you simply let the payload run until it's finished, and then go to "Control Panel\Network and Internet\Network and Sharing Center" -> Change Adapter Settings. In Attackmode RNDIS_ETHERNET the bunny would show up there (e.g. Ethernet 2). But it doesn't. That means that if you do another attackmode in the same payload, the original attackmode canceles.

But that doesn't mean you can't run HID and ETHERNET at the same time. Just write all the attackmodes you want to combine in the same line and there you go.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...