Sphett Posted February 26 Share Posted February 26 I want to know how to use the SD card Quote Link to comment Share on other sites More sharing options...
Sphett Posted February 26 Author Share Posted February 26 Sorry, I pressed enter before I could finish. But I am trying to learn how to implement it with the bash bunny. I have read the documentation and tried to learn by myself but am very confused. I ideally want to use it to store credentials from victim machines but do not know how to call it from the bash bunny. I am using the exfiltration/simple-usb-extractor payload and want to change the location where the victim machine files go, to the micro SD card. Also are there any resources to better help me understand the MKII besides the documentation? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 26 Share Posted February 26 One way of getting less confused in that specific case is to not use the Micro SD card at all. I can't see that credentials would fill the internal storage of the Bunny. However, if you still want to use the Micro SD card with the Bunny, I guess you have to be more specific about what the confusion is all about. 2 hours ago, Sphett said: I am using the exfiltration/simple-usb-extractor payload and want to change the location where the victim machine files go, to the micro SD card. Why would you want to change the location? It's "dynamically" handled by the script, so I wouldn't try (or want) to change that. Quote Link to comment Share on other sites More sharing options...
Sphett Posted February 27 Author Share Posted February 27 I mean you are right, but what if I want to download an extreme amount of files, without the need for a Dropbox? What are the applications for the Mirco SD card slot? Is it for use in payloads or just for the BB itself? I just want to maximize the use of my BashBunny. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 27 Share Posted February 27 You can use it along with payloads and store things on it from the target perspective (but not store the payloads themselves on it, those needs to be stored on the internal storage of the Bunny). Quote Link to comment Share on other sites More sharing options...
Sphett Posted February 27 Author Share Posted February 27 I just figured out that I need to format the SD card to FAT32 in order for it to work, my SD card was formatted to exFAT. I didn't understand why I wasn't able to run payloads, and why it only passed the SD card to the victim machine. I will download a partition wizard tomorrow morning and re-try it. Thank you Professor Pyro for your time and help, and for answering my dumb questions lol. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 27 Share Posted February 27 exFAT should be possible to use from the target perspective, so that shouldn't be an issue. However, if it is to be accessed by the Bunny itself for some reason, exFAT won't be a possible option at this time. Quote Link to comment Share on other sites More sharing options...
Sphett Posted February 28 Author Share Posted February 28 So I have partitioned my micro SD card to FAT32, how do I implement it with my bash bunny? I see that the documentation allows for mass exfiltration, does the SD card increase the storage of the bash bunny, or trick victims into thinking it's just an SD card reader? I am honestly trying to find the best use for the micro SD card slot. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 28 Share Posted February 28 My previous post is still valid to that question Reading what the docs say about storage on the Mk2 Bunny kind of says it all https://docs.hak5.org/bash-bunny/getting-started/considerations-for-mark-ii#storage "If ATTACKMODE STORAGE is active: - In the case that a MicroSD card is present, the MicroSD Card will be presented to the target - In the case that a MicroSD card is not present, the internal udisk partition will be presented to the target." So, as the quote above from the docs says; if you use ATTACKMODE STORAGE in a payload, the Bunny storage will be mounted to the target device. This will be true either if using the Bunny internal storage (without a Micro SD card inserted), or if using a Micro SD card. In other words, if you have a Micro SD card inserted into the Bunny and you are using ATTACKMODE STORAGE, then the Micro SD card will be mounted to the target as a "USB drive". This also makes it transparent in terms of how to script things in the payloads used (as long as the Micro SD card is labeled with the same name as the internal Bunny storage, i.e. "BashBunny"). Using the previously mentioned simple-usb-extractor payload, it shouldn't matter if you use the Bunny with the internal storage or a Micro SD card. The payload should work in both cases. If using the internal storage only (not any Micro SD card), it will exfiltrate things to the Bunny internal storage. If using a Micro SD card (labeled "BashBunny", or tweaking the payload to use whatever label the Micro SD card has), it will exfiltrate things to the Bunny Micro SD card. Quote Link to comment Share on other sites More sharing options...
Sphett Posted February 29 Author Share Posted February 29 So for this line in simple-usb-extractor payload; How do I set it to the name of the Micro SDcard which is "BASHBUNNY"? I tried to name it "BashBunny" but it stayed in all caps. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 29 Share Posted February 29 1 hour ago, Sphett said: I tried to name it "BashBunny" but it stayed in all caps. Where did you try to set it? 1 hour ago, Sphett said: So for this line in simple-usb-extractor payload; How do I set it to the name of the Micro SDcard which is "BASHBUNNY"? You shouldn't set it on that line. Quote Link to comment Share on other sites More sharing options...
Sphett Posted March 2 Author Share Posted March 2 I tried to set it on the Windows format tool and the MiniTool Partition Wizard. Is there a way to name it on the root of the bash bunny? Which line should I set it on in order to get it to save to the Micro SD card? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 2 Share Posted March 2 (edited) 6 hours ago, Sphett said: I tried to set it on the Windows format tool and the MiniTool Partition Wizard. Is there a way to name it on the root of the bash bunny? Why not just try to plug the Bunny into a Windows machine in arming mode or some payload containing ATTACKMODE STORAGE (or use a Micro SD card reader) and then change the label using the standard OS features (i.e. right click the drive letter in Explorer and change the label). 6 hours ago, Sphett said: Which line should I set it on in order to get it to save to the Micro SD card? You shouldn't need to edit any line. The payload should take care of it if everything is set up correctly. This isn't actually about the Bunny, it's more related to understand scripting basics. However... It's the payload.txt file that kicks it all off and it's the PowerShell line that initially identifies which drive letter the Bunny has on the target system RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\z.cmd')" more exact (gwmi win32_volume -f 'label=''BashBunny''').Name For the sake of this "discussion"; let us assume that the drive letter of the Bunny is "D:" and $SWITCH_POSITION is "switch1" Apart from identifying the current drive letter of the Bunny, the PowerShell line also starts the z.cmd file (located in the same switch directory as the payload.txt file) The z.cmd file just "obfuscates" and "silently" runs the next command file; x.cmd (also located in the same switch directory as the payload.txt file) An important thing (at least for the understanding of the payload) is the occurrence of "%~dp0" since it's a representation of the path from where the z.cmd file was executed In this case %~dp0 will be the same thing as D:\payloads\switch1 So the line in z.cmd that says cscript %~dp0\i.vbs %~dp0\x.cmd actually says cscript D:\payloads\switch1\i.vbs D:\payloads\switch1\x.cmd So, moving further in the execution flow, x.cmd is started In x.cmd, the following line is vital to understand how the Bunny is "addressed" using "%~dp0" set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2% First thing to understand is probably why "\..\.." is used. Again, this is because of the path that "%~dp0" represents. "%~dp0" is still equal to D:\payloads\switch1 in this example The question now is; "Where is the "loot" directory of the Bunny normally located?" Answer: In the root of the udisk, i.e. D:\ in this case So... the script is "positioned" in D:\payloads\switch1 How do you position yourself in D:\loot ? By addressing it using "\..\.." which changes the position in the file system 2 steps up (to D:\) and the down into \loot (and so on) However, dst is just a variable (or more of a constant since it's not changing throughout the script), but it's used further on in the script So, the "dst" constant will be something like; D:\loot\USB_Exfiltration\ (plus the target computer name along with a date/time stamp; note that the date/time handling probably needs some tweaking if you're not using US style formatting of date and time) All in all, you shouldn't need to add any specific drive letter representing the Bunny in the script. As said, the payload should take care of that if the label of the Bunny (internal storage or Micro SD card) is the same as the label defined in the payload file (i.e. "BashBunny" if not actively changed when setting the payload up). Edited March 2 by dark_pyrro Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.