Menu
0
    0

    Your Cart is Empty

    Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.

    PAYLOAD HUB
    Discover creative payloads from the Hak5 community with filtering by device and category.

    PAYLOAD STUDIO
    Unleash your hacking creativity with this full-featured web-based Payload development environment.

    PAYLOAD AWARDS
    Get your payload in front of thousands and enter to win. Nearly $10,000 in annual Hak5 prizes!

    ADVANCED DUCKYSCRIPT COURSE
    Learn directly from the creators! Unlock your creative potential with this comprehensive online course.

    [PAYLOAD] SERIES
    Join Hak5 hosts and collaborators as we dive into the techniques and code that make great payloads!

    Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.

    Unleash your hacking creativity with the online payload editor: PayloadStudio

    Link to your collections, sales and even external links

    Add up to five columns

    Home  / Bash Bunny

    The Hottest Bash Bunny Hot Plug Attack: Network Hijacking

    Exploiting local network attack vectors, the Bash Bunny emulates specialized Ethernet adapters. That means the target computer sees the Bash Bunny not as an ordinary flash drive, but as a USB Ethernet Adapter connected to a network. It's a network of two – the Bash Bunny and your target – and once connected, you'll have direct access to the target bypassing any would-be firewalls, countermeasures or intrusion detection systems from the legitimate LAN.


    This is done in such a way that allows the Bash Bunny to be recognized on the victim computer as the fastest network, without drivers, automatically – locked or unlocked. As a 2 gigabit adapter with an authoritative DHCP server, the Bash Bunny obtains a low metric. This means that the computer will instantly trust the Bash Bunny with its network traffic — enabling a plethora of automated pocket network attacks undetectable by the existing infrastructure.

    These bring-your-own-network attacks are cross-platform, with the Bash Bunny exploiting Mac, Linux, and Android computers with its ECM Ethernet attack mode, and Windows computers with its Microsoft proprietary RNDIS Ethernet attack mode.

    Using these methods, attack like QuickCreds for example are able to steal hashed credentials from locked computers in seconds. Plug the Bash Bunny into a computer, wait a few seconds and when the light is green – the trap is clean!

    Let's take a look at how the Bash Bunny pulls off this simple and effective attack.

    First we issue the Ethernet attack mode specific for our target. If it's Windows, we'll want to use RNDIS_ETHERNET. If it's a Mac or Linux target, we'll want to use ECM_ETHERNET. Even better - if we're not sure, simply use AUTO_ETHERNET which will try both.

    In the above example, we also grab variables for the target's hostname and IP address, which is useful for naming the logs that we lovingly call loot.

    Then we simply run Responder on the usb0 interface - which is the network directly connected to the target using the Ethernet attack mode above. Finally, we wait until the NTLM hashes are captured. Easy!

    With a full TCP/IP stack and all common Linux-based tools at your disposal, the possibilities for pocket network attacks are endless!

     


    Also in Bash Bunny

    Geofencing for the Bash Bunny Mark II
    Geofencing for the Bash Bunny Mark II

    Hotplug attacks are great, until they're not — which is why it's important to limit the scope of engagement. Thankfully the Bash Bunny Mark II can do this with a geofencing feature using bluetooth signals to prevent payloads from running unless it's certain to be in the defined area.

    Remote Triggers for the Bash Bunny Mark II
    Remote Triggers for the Bash Bunny Mark II

    One of the greatest new features of the Bash Bunny Mark II is remote triggers. With this, a payload — or multiple stages of a payload — can be triggered from afar. These can be done with any bluetooth low-energy device, including most smartphones. In this article I'll demonstrate how to use this handy new feature.
    Getting Root on a Bash Bunny from the Serial Console
    Getting Root on a Bash Bunny from the Serial Console

    Throughout the history of personal computers, serial has been a mainstay for file transfer and console access. To this day it’s widely used, from headless servers to embedded microcontrollers. With the Bash Bunny, we’ve made it convenient as ever – without the need for a serial-to-USB converter.

    Guides

    x