MrZoom Posted March 11, 2022 Share Posted March 11, 2022 I'll skip the i'm new's.. So trying to understand how to load up the bunny, So lets use bunnylogger for example there are four files and the readme.. bunnyloggerDecoder- i guess this is just to decode the raw output from the keylogger ( not sure how to use that atm ) paylod.sh- def. goes onto the bunny with lines 11, and 15 modified ** this is my actual payload script payload.txt- def. goes on the bunny **tells the computer what too do next in plaintext xinput- idk what this is for its a download... So both the payload files go onto the bunny.. what do i do with the others. im messging the writer of it as well : drapl0n tuxed0 to better understand. Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 12, 2022 Share Posted March 12, 2022 Everything you need to know is in the readme file. What files you need to put on the Bunny and where. Also how you are supposed to use the bunnyLoggerDecoder script. If you are new to the Bunny, my suggestion is not to start with a script like this one. Do something more simple instead and get familiar with the Bunny "concept" first. This payload isn't all that transparent either and needs to be adjusted based on what type of Bunny that is used. For example, doing a grep for "1.8G" using lsblk is just possible if using the Bunny Mk2 without a Micro SD card. If using the Mk2 with a Micro SD card, then that grep operation won't work. Not if using the Bunny Mk1 either. It's not transparent in terms of opening a terminal either, using CTRL-ALT t isn't fully "universal" and won't work on some distros. I'm also a bit surprised that Hak5 allowed a binary (xinput) to be a part of the payload. It's not the normal standpoint according to my experience. Not sure what the "Encode payload.txt" part of the GitHub readme is referring to. Maybe because the author is used to make some payloads for the USB Rubber Ducky. There's no encoding for the Bunny though. GET SWITCH_POSITION is part of the payload.txt file, but it isn't used in the script as far as I can see, so that part can be removed. Setting DUCKY_LANG is probably needed if not using a US target device. Link to comment Share on other sites More sharing options...
MrZoom Posted March 28, 2022 Author Share Posted March 28, 2022 I read the READ.ME and still came away confused. I understand what your saying about it being a bit too advanced, but the majority of the other payloads are not useful for me. I didnt realize the decoder required scripting. and now from what your telling me its not the best written or clearly written. I did reach out to drapion with no answer. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.