BrickTop Posted March 6, 2022 Share Posted March 6, 2022 Hey guys, For a project I'm currently doing, I am wanting to open a PuTTy session, access the console and then run a script on a Cisco device, most probably a router. I want to do this either via Serial or SSH. I can edit a payload to change the filepath so that it exuctues PuTTy, but how would I edit the payload in such a way to get it to select the COM port, change the speed, open the terminal and then execute the script? I have looked through payloads on here and github but can't find anything 😕 Thanks 🙂 Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 7, 2022 Share Posted March 7, 2022 OK, just to "enhance" the scenario; since you mention PuTTy, I guess you are on Windows 10. If you find it difficult to set COM port, speed, etc. and also mention ssh, why not totally skip serial and go "all in" using ssh instead. It decreases the number of ingredients that might make it more complex. Using ssh also makes it possible to skip PuTTy since ssh is available at the command line in Windows 10 nowadays. Link to comment Share on other sites More sharing options...
BrickTop Posted March 7, 2022 Author Share Posted March 7, 2022 @dark_pyrro Thanks for that useful tip. I'm still in the process of learning this stuff. 🙂 Could you explain how I would go about doing it using that method please? Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 7, 2022 Share Posted March 7, 2022 I would probably create a payload script that starts a command prompt or a PowerShell prompt and then ssh into the device and then use the Bunny to QUACK whatever you want to happen. In this case it seems as if you want to start some script on the Cisco device after logon. Link to comment Share on other sites More sharing options...
BrickTop Posted March 7, 2022 Author Share Posted March 7, 2022 @dark_pyrro Ok, I can get it to start in PowerShell that won't be an issue, but yes ultimately I need it to be able to open the console on a Cisco router and then type and execute a script... Link to comment Share on other sites More sharing options...
BrickTop Posted March 7, 2022 Author Share Posted March 7, 2022 Where you mention SSH into the device and then use the Bunny, can I not use the Bunny to run all of these tasks? Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 Yes, you should be able. The Bunny has several features, one of them is the HID functionality. If you can do the steps you want to do with your regular keyboard, the Bunny will most likely be able to pull it off since the HID mode is a..... keyboard. Described in pseudocode I would make the Bunny start Powershell (or the regular Command prompt), then I would make the Bunny start ssh against the desired device (Cisco or whatever), then I would start the script on the device also using the Bunny. So, to repeat, if you can do it with a keyboard you can (most possibly with a high probability) do it with the Bunny. It's however a bit difficult to give any guarantees since there aren't any details known about the use case scenario (and we all know that the devil is in the details). Link to comment Share on other sites More sharing options...
BrickTop Posted March 8, 2022 Author Share Posted March 8, 2022 Ok thanks a lot for that. 🙂 You don't fancy helping me on this do you?? 😂 I reckon I can get it to start in PowerShell, however you can't just ssh 192 "" "" "" straight into a console can you? Don't you need to go via a terminal emulator such as PuTTy to reach the console? So I would need a command that can open PuTTy and then select the right options for the session no? Yep the devil is definitely in the details lol. Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 Can you ssh into the device and do everything you need (or not)? Link to comment Share on other sites More sharing options...
BrickTop Posted March 8, 2022 Author Share Posted March 8, 2022 I've SSH'd into a router and switch before but always used PuTTy. I have the stuff here though to try. A Cisco Router, Cisco Switch, Bash Bunny, Win 10, Kali Linux VM, and console cable. Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 OK, but as I said before, skip PuTTy/serial and go with ssh instead if ssh is possible. Link to comment Share on other sites More sharing options...
BrickTop Posted March 8, 2022 Author Share Posted March 8, 2022 Ok, how do I bypass PuTTy then and go directly to the console via SSH? Is it simply a matter of executing a command within PowerShell? Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 Yet again, as I said before, ssh (the command) is native in Win10 since a while back, so it's just to execute ssh [user]@[address of device]. I created a test payload now that (I think) does what you want to happen. But, since not having the exact setup/scenario as you have, it's not going to be 100% the same. I used a Win10 box. Started powershell. Opened an ssh session to a network device. Started/executed a script on the device. All of it using the Bunny. Link to comment Share on other sites More sharing options...
BrickTop Posted March 8, 2022 Author Share Posted March 8, 2022 Ok, sorry I haven't done much involving SSH before, only stuff in Uni so I'm still learning this stuff. So you have a payload that is doing exactly what I want it to do including running a script on the console of the Cisco IOS? Albeit minor a few adjustments which would be required to match the working environment? Link to comment Share on other sites More sharing options...
BrickTop Posted March 8, 2022 Author Share Posted March 8, 2022 Could you send me a sample of the payload please so I can match it to what I currently have. I can see where I've been going wrong then 🙂 Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 Why not post yours here instead..... Link to comment Share on other sites More sharing options...
BrickTop Posted March 8, 2022 Author Share Posted March 8, 2022 I only have a basic script at the moment whereby I am trying to do the basics, which is literally just opening up a program. Such as notepad, but here's the code... Â #!/bin/bash LED Y DUCKY_LANG gb ATTACKMODE HID RUN WIN notepad.exe Q ENTER LED G Â However, although this payload ran fine when tried on the computers in Uni, it doesn't run on my personal machine (Win10). Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 Well, that's not really doing what you want. It's some kind of start though. Adding some delays is my first suggestion. Then continue to script what you actually want to happen. In general, delays needs to be matched against target computer performance and some operations needs longer delays than other. In this case, I would wait a bit extra when starting powershell and during the ssh logon process. Link to comment Share on other sites More sharing options...
BrickTop Posted March 8, 2022 Author Share Posted March 8, 2022 Ok, how would I go about this though? This is all extra stuff to demonstrate, my main goal is the Cisco stuff as mentioned above, so this notepad stuff doesn't really matter. You mention time delays, however, the script should still run shouldn't it? Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 Of course, it will run (if you mean the Bunny payload script), but at a pace that the target computer perhaps can't match. If you just bombard the target with commands that it is not ready to execute, then the payload will render useless in the end. You have to time things. Link to comment Share on other sites More sharing options...
BrickTop Posted March 8, 2022 Author Share Posted March 8, 2022 Ah ok, I see what you're saying. Could you send me the payload that you tested or give some guidance as to what I would need to change? Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 OK, let us be honest here, you don't really want to do the job, do you?! Sorry, I don't do charity payload development. I'm all positive to sharing knowledge (and I have actually shared some fair amount of knowledge in this thread already), but this is a good "first challenge" for you to learn how to develop payloads. It's simple as 123. Learn the Ducky script basics and mimic the steps you would do using a regular keyboard (as I've already mentioned in this thread). It's not a complex thing to achieve at all and if you are in a position of doing some project involving network devices, I'm very sure you have the mental capacity of getting it all to work. Over and out..... Link to comment Share on other sites More sharing options...
BrickTop Posted March 9, 2022 Author Share Posted March 9, 2022 Bit abrupt to say the least. Of course I want to do this job, I'm not after charity or someone to do the work for me. I am looking to get into cybersecurity and I am committed to learning, but because time is limited at the moment, it means I am having to move faster than I would like in order to achieve this. I'm just after guidance at the end of the day. If my questions are bothering you then I'll look elsewhere for help. Thanks for all your help though. Link to comment Share on other sites More sharing options...
Nunamabidenz Posted March 21, 2022 Share Posted March 21, 2022 You know what?  I totally understand both of your situations from my perspective and I just wanted to add that you both handled yourself well polite and just. Also it's so interesting reading this and seeing the making of one.... thank you both for the contribution! I'm wrapping my head<slowly> around duckylang and the use of it to play a roll in true offensive defense. I'm (as a result of this particular thread) thinking something like a wireless deployment in which a wireless network (pineapple perhaps mark v )injects duckylang by having a storage attachment (via usb) that automounts (a bash bunny) when we want it to.  Link to comment Share on other sites More sharing options...
Nunamabidenz Posted March 21, 2022 Share Posted March 21, 2022 I like the idea of this challenge and I'm going to do this first then see how it works on a windows system. Any suggestions on deployment without knowing which platform/system you will have to deploy on? Like a master key of sorts? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.