mELLoMaN Posted July 5, 2023 Share Posted July 5, 2023 I have a bash bunny mark II. When I used it a long time ago, it worked fine, but yesterday I tried some new stuff... RNDIS_ETHERNET and STORAGE work fine, but when I write a payload with ATTACKMODE HID and plug it in, it doesn't get recognized at all by the computer. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted July 5, 2023 Share Posted July 5, 2023 3 hours ago, mELLoMaN said: When I used it a long time ago, it worked fine Judging from your previous posts, it doesn't seem to have been fully fine before either. Post some example payload code that doesn't work for you (if you're not trying anything else than just simply ATTACKMODE HID in your payload code). You could also try the following..... With the Bunny not attached to the PC, run the following in a Powershell window: Get-PnpDevice -PresentOnly | Where-Object {$_.InstanceId -match '^USB' } > USB01.txt Plug the Bunny into the same PC with a payload that includes ATTACKMODE HID and run (after the Bunny has booted up fully): Get-PnpDevice -PresentOnly | Where-Object {$_.InstanceId -match '^USB' } > USB02.txt Compare the files and see if there's any difference between the two: Compare-Object (Get-Content USB01.txt) (Get-Content USB02.txt) If the Bunny is identified, the output of the above command should be something like: InputObject ----------- OK HIDClass USB Input Device USB\VID_... Quote Link to comment Share on other sites More sharing options...
mELLoMaN Posted July 6, 2023 Author Share Posted July 6, 2023 (edited) I was looking in device manager and didn't see it there, but here I get the HIDClass when plugged in. ATTACKMODE HID Dealy 3000 Q GUI r Delay 100 Q String powershell Q Enter This is the payload I'm trying, but nothing happens at all... Also tried the example... GET SWITCH_POSITION LED ATTACK ATTACKMODE HID STORAGE RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')" LED FINISH Edited July 6, 2023 by mELLoMaN Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted July 6, 2023 Share Posted July 6, 2023 OK, if the target machine is able to identify the Bunny as a HID device, there's nothing wrong with the Bunny itself. It works as expected. Regarding your payload: 43 minutes ago, mELLoMaN said: ATTACKMODE HID Dealy 3000 Q GUI r Delay 100 Q String powershell Q Enter I would do it slightly different, try something like: ATTACKMODE HID QUACK DELAY 3000 QUACK GUI r QUACK DELAY 500 QUACK STRING powershell QUACK ENTER First, you need to spell the commands correctly Then, you need to QUACK your DELAYs I'm rarely using Q instead of QUACK. Q is really just a shortcut/link to QUACK but I've experienced issues in the past that might have been linked to the use of Q and instead of taking time to deep dive into if that actually is the case, I just starting using QUACK only instead. Quote Link to comment Share on other sites More sharing options...
mELLoMaN Posted July 6, 2023 Author Share Posted July 6, 2023 Ok, I found the problem... On my O.MG plug, I set the DUCKY_LANG to DE_CH, which works perfectly with swiss german keyboards. So I set it on the BashBunny to the same in the config file. If I set it to DE, it works. How Can I get the BashBunny to work with the same keyboard as the O.MG plug? Thanks a lot Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted July 6, 2023 Share Posted July 6, 2023 Just create the DE_CH language file for the Bunny. I have no O.MG device so I can't tell if it's 1:1 or using some kind of format that differs from the Hak5 format. There's a ch.json language file for the Bunny, not sure if it's German though. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.