The Lab – Gear Check – Hak5 Bash Bunny – Serial

The last attack mode we haven’t covered is the SERIAL mode. This mode presents a serial device to the “victim” machine, which can be connected to via any standard serial console software tool. On Windows machines, PuTTY can handle serial connections. For Unix and Linux systems, a variety of options exist including the traditional “cu” and “tip” command line programs, “screen” (the tool used in Hak5 examples,) “kermit,” “minicom,” and so on. If you have a tool you’re comfortable with, you might stick a statically compiled version of it onto the drive and access it via the STORAGE mode using a HID mode control mechanism, perhaps.

There isn’t as much use for this, given the complexity it presents, except where the network is blocked by some kind of corporate software control, but serial is not. It seems more like a niche attack vector, but it’s better to have it available than not.

As you should be aware if you have experience connecting to serial consoles, a serial connection has some control setting that need to be set correctly before a serial session can be reliably established. The settings for the Bash Bunny’s serial session are as follows:

Baud Rate: 115200
Data Bits: 8
Parity Bit: No
Stop Bit: 1

This is often abbreviated as 115200/8N1 for some serial console software.

Again, it is almost always going to be easier to just use one of the network based attack modes, and ssh to the Bunny using plink (Windows) or openssh (Unix/Linux.)

Leave a Reply

Your email address will not be published. Required fields are marked *