Jump to content

Bash Bunny on Serial Console/PuTTy


BrickTop
 Share

Recommended Posts

Hey guys,

For a project I'm currently doing, I am wanting to open a PuTTy session, access the console and then run a script on a Cisco device, most probably a router. I want to do this either via Serial or SSH. I can edit a payload to change the filepath so that it exuctues PuTTy, but how would I edit the payload in such a way to get it to select the COM port, change the speed, open the terminal and then execute the script? I have looked through payloads on here and github but can't find anything 😕

Thanks 🙂

Link to comment
Share on other sites

OK, just to "enhance" the scenario; since you mention PuTTy, I guess you are on Windows 10. If you find it difficult to set COM port, speed, etc. and also mention ssh, why not totally skip serial and go "all in" using ssh instead. It decreases the number of ingredients that might make it more complex. Using ssh also makes it possible to skip PuTTy since ssh is available at the command line in Windows 10 nowadays.

Link to comment
Share on other sites

Yes, you should be able. The Bunny has several features, one of them is the HID functionality. If you can do the steps you want to do with your regular keyboard, the Bunny will most likely be able to pull it off since the HID mode is a..... keyboard. Described in pseudocode I would make the Bunny start Powershell (or the regular Command prompt), then I would make the Bunny start ssh against the desired device (Cisco or whatever), then I would start the script on the device also using the Bunny. So, to repeat, if you can do it with a keyboard you can (most possibly with a high probability) do it with the Bunny. It's however a bit difficult to give any guarantees since there aren't any details known about the use case scenario (and we all know that the devil is in the details).

Link to comment
Share on other sites

Ok thanks a lot for that. 🙂 You don't fancy helping me on this do you?? 😂 I reckon I can get it to start in PowerShell, however you can't just ssh 192 "" "" "" straight into a console can you? Don't you need to go via a terminal emulator such as PuTTy to reach the console? So I would need a command that can open PuTTy and then select the right options for the session no? Yep the devil is definitely in the details lol. 

Link to comment
Share on other sites

Yet again, as I said before, ssh (the command) is native in Win10 since a while back, so it's just to execute ssh [user]@[address of device]. I created a test payload now that (I think) does what you want to happen. But, since not having the exact setup/scenario as you have, it's not going to be 100% the same. I used a Win10 box. Started powershell. Opened an ssh session to a network device. Started/executed a script on the device. All of it using the Bunny.

Link to comment
Share on other sites

Ok, sorry I haven't done much involving SSH before, only stuff in Uni so I'm still learning this stuff. So you have a payload that is doing exactly what I want it to do including running a script on the console of the Cisco IOS? Albeit minor a few adjustments which would be required to match the working environment?

Link to comment
Share on other sites

I only have a basic script at the moment whereby I am trying to do the basics, which is literally just opening up a program. Such as notepad, but here's the code...

 

#!/bin/bash
LED Y
DUCKY_LANG gb
ATTACKMODE HID

RUN WIN notepad.exe
Q ENTER

LED G

 

However, although this payload ran fine when tried on the computers in Uni, it doesn't run on my personal machine (Win10).

Link to comment
Share on other sites

Well, that's not really doing what you want. It's some kind of start though. Adding some delays is my first suggestion. Then continue to script what you actually want to happen. In general, delays needs to be matched against target computer performance and some operations needs longer delays than other. In this case, I would wait a bit extra when starting powershell and during the ssh logon process.

Link to comment
Share on other sites

Ok, how would I go about this though? This is all extra stuff to demonstrate, my main goal is the Cisco stuff as mentioned above, so this notepad stuff doesn't really matter. You mention time delays, however, the script should still run shouldn't it?

Link to comment
Share on other sites

OK, let us be honest here, you don't really want to do the job, do you?! Sorry, I don't do charity payload development. I'm all positive to sharing knowledge (and I have actually shared some fair amount of knowledge in this thread already), but this is a good "first challenge" for you to learn how to develop payloads. It's simple as 123. Learn the Ducky script basics and mimic the steps you would do using a regular keyboard (as I've already mentioned in this thread). It's not a complex thing to achieve at all and if you are in a position of doing some project involving network devices, I'm very sure you have the mental capacity of getting it all to work. Over and out.....

Link to comment
Share on other sites

Bit abrupt to say the least. Of course I want to do this job, I'm not after charity or someone to do the work for me. I am looking to get into cybersecurity and I am committed to learning, but because time is limited at the moment, it means I am having to move faster than I would like in order to achieve this. I'm just after guidance at the end of the day. If my questions are bothering you then I'll look elsewhere for help. Thanks for all your help though. 

Link to comment
Share on other sites

  • 2 weeks later...

You know what?   I totally understand both of your situations from my perspective and I just wanted to add that you both handled yourself well polite and just. Also it's so interesting reading this and seeing the making of one.... thank you both for the contribution! I'm wrapping my head<slowly> around duckylang and the use of it to play a roll in true offensive defense. I'm (as a result of this particular thread)  thinking something like a wireless deployment in which a wireless network (pineapple perhaps mark v )injects duckylang by having a storage attachment (via usb)  that automounts (a bash bunny)  when we want it to. 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...