Jump to content

Payload Security

mikachu

By mikachu
in Bash Bunny

 Share

Recommended Posts

mikachu Newbie

mikachu

Posted
Posted

I have been trying to find a way to secure my payload texts. This is mainly for the chance the usb is lost that the files can't be accessed by any person finding it. I have been some research and havent found any methods that would work for my situation. So far my best option is that the text file is a hidden file, but that is not a bulletproof solution. 

Link to comment
Share on other sites
dark_pyrro Grand Master

dark_pyrro

Posted
Posted

I'd bet my money on the fact that you won't find a bulletproof solution. It also depends on the one that finds it (or the one that gets it in the end). If it's a non tech person, it wouldn't understand what it is anyway. If it's a tech person (that's really interested in diving deeper into what it is), then it will be more difficult to hide things. But it all depends on if someone have the time to do the digging even if you're skilled enough to do it. I would probably do some changes under the hood of the Bunny to make it a bit more stealth, but that would limit the flexibility of the Bunny and also jeopardize the possibility to get further help or support.

Or, use the USB Rubber Ducky (that has the HIDE_PAYLOAD command and is generally more "stealth" than the Bunny), but it all depends on what attack features that are needed.

Link to comment
Share on other sites
NoExecute Enthusiast

NoExecute

Posted
Posted (edited)

Depends on OS. In Windows you can use encrypted usb storage, on Linux, use a LUKS partioned usb key.
For more advanced option, use GPG encryption with a smartcard GPG key 🙂

That should protect you a bit 😉 (if you're trying to protect your dev USB key and files, NOT the Bunny /O.MG itself)

Ahh, if it's protecting the bunny if it's lost, sorry no idea, other than, use it, and take it with you.
Write the payload to use servers you can afford to burn (one-time-use), and prepare to loose the Bunny / o.mg cable if not a permitted test.
But, you really shuldn't run unpermitted tests anyway, so what's the problem ? 😄

/NX

Edited by NoExecute
added stuff
Link to comment
Share on other sites
sploders101 Newbie

sploders101

Posted
Posted

This is purely a high-level concept, and likely not something that could be done today, but I've been thinking about turning my Bash Bunny (arriving Friday) into a password manager, and I'd really like to keep those safe, so I was thinking that since the MKII has a bluetooth radio, you could potentially write a program that pairs with an app for decryption by phone. It would come online, ask your phone to decrypt or provide a payload, store it in RAM (using a tmpfs), and execute from there. Then, the moment it's turned off, it would disappear. Does anyone see any technical challenges with this other than the phone app? If you wanted to protect loot, that should be pretty trivial using gpg and a public/private keypair, with the public key being on the Bunny.

Link to comment
Share on other sites
quentin_lamamy Apprentice

quentin_lamamy

Posted
Posted (edited)

The best idea i have for you at the moment is to create a generic payload that download  from an anonymous link like we transfer or whatever the real payload, store it on the BB storage, open a terminal on the host, unmount the bb and mount it. After your attack use the host terminal to delete your payload. If you set your dl link to one time use there will remain nothing "public" of your malicious payload

This idea need to be tested, not sure for the mount unmount

@dark_pyrro When unmount -> mount it is the same for the bb than remove it -> plug it in
 

Edited by quentin_lamamy
Link to comment
Share on other sites
quentin_lamamy Apprentice

quentin_lamamy

Posted
Posted (edited)
2 hours ago, dark_pyrro said:

When unmount -> mount it is does the same for the bb than remove it -> plugin

My bad, typing too fast, and my english not as good as i want ^^
If in command line bb is unmounted and mounted does it trigger the run of the payload like if you unplug the bb and plug it again ?

Edited by quentin_lamamy
Link to comment
Share on other sites
dark_pyrro Grand Master

dark_pyrro

Posted
Posted

that won't happen to my knowledge, either you do it using umount/mount or udisk unmount/udisk mount

not sure though if you mean that the unmount/mount should be executed from the target or on the Bunny itself

and, assuming you mean mount operations of the udisk (either internal nandf or Micro SD card if present)

Link to comment
Share on other sites
quentin_lamamy Apprentice

quentin_lamamy

Posted
Posted
6 hours ago, dark_pyrro said:

that won't happen to my knowledge, either you do it using umount/mount or udisk unmount/udisk mount

not sure though if you mean that the unmount/mount should be executed from the target or on the Bunny itself

and, assuming you mean mount operations of the udisk (either internal nandf or Micro SD card if present)

whatever the way, the goal is to trigger payload run after downloading the new one

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...