Bash Bunny
Zur Navigation springen
Zur Suche springen
Useful Information
- Bash Bunny needs up to 7 seconds to Boot
Directory
/docs - home to documentation.
/languages - install additional HID Keyboard layouts/languages.
/loot - used by payloads to store logs and other data
/tools - used to install additional deb packages and other tools.
/payloads - home to active payloads, library and extensions
/payloads/switch1 and /payloads/switch2 - home to payload.txt and accompanying files which will be executed on boot.
/payloads/library - home to the payloads library which can be downloaded from the Bash Bunny Payload git repository
/payloads/library/extensions - home to Bunny Script extensions
Spezifikationen
- ARM Cortex A7 Quad-Core Prozessor mit 1,3 Ghz
- 8 GB NAND SSD
- 1 GB DDR3 Ram
- MixroSD XC Laufwerk mit einer max. Kapazität von 2 TB
- Bluetooth LE
Syntax
Bunny Script
| COMMAND | Description |
|---|---|
| ATTACKMODE | Specifies the USB device or combination of devices to emulate. |
| LED | Control the RGB LED. Accepts color and pattern or payload state. |
| QUACK | Injects keystrokes (ducky script) or specified ducky script file. |
| Q | Alias for QUACK |
| DUCKY_LANG | Set the HID Keyboard language. e.g: DUCKY_LANG us |
Extensions
| COMMAND | Description | Example |
|---|---|---|
| RUN | Keystroke injection shortcut for mutli-OS command execution. | RUN WIN notepad.exe |
| RUN OSX terminal | ||
| RUN UNITY xterm | ||
| GET | Exports system variables | GET TARGET_IP # exports $TARGET_IP |
| GET TARGET_HOSTNAME # exports $TARGET_HOSTNAME | ||
| GET HOST_IP # exports $HOST_IP | ||
| GET SWITCH_POSITION # exports $SWITCH_POSITION | ||
| REQUIRETOOL | Exits payload with LED FAIL state if the specified tool is not found in /tools | REQUIRETOOL impacket |
| DUCKY_LANG | Accepts two letter country code to set the HID injection language for subsequent ducky script / QUACK commands | DUCKY_LANG de |
ATTACKMODE
| ATTACKMODE | Type | Description |
|---|---|---|
| SERIAL | ACM - Abstract Control Model | Serial Console |
| ECM_ETHERNET | ECM - Ethernet Control Model | Linux/Mac/Android Ethernet Adapter |
| RNDIS_ETHERNET | RNDIS - Remote Network Drv Int Spec | Windows (and some Linux) Ethernet Adapter |
| STORAGE | UMS - USB Mass Storage | Flash Drive |
| HID | HID - Human Interface Device | Keyboard - Keystroke Injection via Ducky Script |
| OFF | NONE | Disables the USB interface until ATTACKMODE is executed |
| ATTACKMODE COMBINATION | VID / PID |
|---|---|
| SERIAL STORAGE | 0xF000/0xFFF0 |
| HID | 0xF000/0xFF01 |
| STORAGE | 0xF000/0xFF10 |
| SERIAL | 0xF000/0xFF11 |
| RNDIS_ETHERNET | 0xF000/0xFF12 |
| ECM_ETHERNET | 0xF000/0xFF13 |
| HID SERIAL | 0xF000/0xFF14 |
| HID STORAGE | 0xF000/0xFF02 |
| HID RNDIS_ETHERNET | 0xF000/0xFF03 |
| HID ECM_ETHERNET | 0xF000/0xFF04 |
| HID STORAGE RNDIS_ETHERNET | 0xF000/0xFF05 |
| HID STORAGE ECM_ETHERNET | 0xF000/0xFF06 |
| SERIAL RNDIS_ETHERNET | 0xF000/0xFF07 |
| SERIAL ECM_ETHERNET | 0xF000/0xFF08 |
| STORAGE RNDIS_ETHERNET | 0xF000/0xFF20 |
| STORAGE ECM_ETHERNET | 0xF000/0xFF21 |
VID and PID
- USB devices identify themselves by combinations of vendor ID and product ID
- These 16-bit IDs are specified in hex and are used by the victim PC to find drivers
- VID and PID may be spoofed using the VID and PID parameters for ATTACKMODE
ATTACKMODE HID STORAGE VID_0XF000 PID_0X1234
LED
LED Colors
| COMMAND | Description |
|---|---|
| R | Red |
| G | Green |
| B | Blue |
| Y | Yellow (AKA as Amber) |
| C | Cyan (AKA Light Blue) |
| M | Magenta (AKA Violet or Purple) |
| W | White |
LED Pattern
| PATTERN | Description |
|---|---|
| SOLID | Default No blink. Used if pattern argument is ommitted |
| SLOW | Symmetric 1000ms ON, 1000ms OFF, repeating |
| FAST | Symmetric 100ms ON, 100ms OFF, repeating |
| VERYFAST | Symmetric 10ms ON, 10ms OFF, repeating |
| SINGLE | 1 100ms blink(s) ON followed by 1 second OFF, repeating |
| DOUBLE | 2 100ms blink(s) ON followed by 1 second OFF, repeating |
| TRIPLE | 3 100ms blink(s) ON followed by 1 second OFF, repeating |
| QUAD | 4 100ms blink(s) ON followed by 1 second OFF, repeating |
| QUIN | 5 100ms blink(s) ON followed by 1 second OFF, repeating |
| ISINGLE | 1 100ms blink(s) OFF followed by 1 second ON, repeating |
| IDOUBLE | 2 100ms blink(s) OFF followed by 1 second ON, repeating |
| ITRIPLE | 3 100ms blink(s) OFF followed by 1 second ON, repeating |
| IQUAD | 4 100ms blink(s) OFF followed by 1 second ON, repeating |
| IQUIN | 5 100ms blink(s) OFF followed by 1 second ON, repeating |
| SUCCESS | 1000ms VERYFAST blink followed by SOLID |
| 1-10000 | Custom value in ms for continuous symmetric blinking |
LED State
| STATE | COLOR PATTERN | Description |
|---|---|---|
| SETUP | M SOLID | Magenta solid |
| FAIL | R SLOW | Red slow blink |
| FAIL1 | R SLOW | Red slow blink |
| FAIL2 | R FAST | Red fast blink |
| FAIL3 | R VERYFAST | Red very fast blink |
| ATTACK | Y SINGLE | Yellow single blink |
| STAGE1 | Y SINGLE | Yellow single blink |
| STAGE2 | Y DOUBLE | Yellow double blink |
| STAGE3 | Y TRIPLE | Yellow triple blink |
| STAGE4 | Y QUAD | Yellow quadruple blink |
| STAGE5 | Y QUIN | Yellow quintuple blink |
| SPECIAL | C ISINGLE | Cyan inverted single blink |
| SPECIAL1 | C ISINGLE | Cyan inverted single blink |
| SPECIAL2 | C IDOUBLE | Cyan inverted double blink |
| SPECIAL3 | C ITRIPLE | Cyan inverted triple blink |
| SPECIAL4 | C IQUAD | Cyan inverted quadriple blink |
| SPECIAL5 | C IQUIN | Cyan inverted quintuple blink |
| CLEANUP | W FAST | White fast blink |
| FINISH | G SUCCESS | Green 1000ms VERYFAST blink followed by SOLID |