The Lab – Gear Check – Hak5 Bash Bunny – Network

There are two different network attack modes that come with the Bash Bunny.  Only one of these should be used at a time, since they conflict.  The difference is the type of device it presents when active.

ECM_ETHERNET presents an Ethernet Control Model device, which is more useful when the target is Linux, Mac, or Android.  Probably other unix like systems, but testing will vet this out.

RNDIS_ETHERNET presents a Remote Network Driver Interface Specification device.  This is more useful on Windows, but will work on some Linux distributions.

Both of these present a gigabit false network to the “victim” machine, complete with DHCP server which serves up an IP in the 172.16.64.10 to 172.16.64.12 range.  The IP address of the Bunny itself will be 172.16.64.1 to act as a gateway device.  Presenting this fake network is much like the connection you get from plugging a LAN Turtle into that USB port.  The LAN turtle presents a network, whether it bridges through to a plugged in RJ45 connection or not.  The Bash Bunny’s fake network is faster, however.

If you’re intended attack does not need to be connected to an actual network, the Bash Bunny will likely be a superior option.  If it needs to act as a man in the middle bridged network, the LAN Turtle is the superior option.  You can still tie networking in a host shared internet setup with the Bash Bunny, and instructions are provided to do so, but this requires a bit more work to get set up correctly.  To do this “manually” might take some time.  Of course, you could possibly combine attack modes and use a Ducky script to run some of the commands needed to set this up, as well.

You can connect to the Bash Bunny with SSH while it is in one of these two network attack modes.  The default root password is “hak5bunny” and root is able to do direct SSH login.  This is probably easier to use than the SERIAL mode we will cover next week.

Leave a Reply

Your email address will not be published. Required fields are marked *