WEBVTT

00:00:00.940 --> 00:00:04.040
We're now ready for our first demonstration where we get an

00:00:04.050 --> 00:00:07.950
overview of the Bash Bunny file layout, the initial setup of the

00:00:07.950 --> 00:00:11.340
Bash Bunny, and we're also going to be loading our first default

00:00:11.340 --> 00:00:13.490
payload. So let's get started.

00:00:17.040 --> 00:00:19.720
The Bash Bunny switch must be placed into position 3,

00:00:19.890 --> 00:00:23.180
which is nearest to the USB connector, in order to continue with this

00:00:23.180 --> 00:00:27.580
demonstration. This places the Bash Bunny into mass storage mode.

00:00:28.540 --> 00:00:29.920
When you plug in the Bash Bunny,

00:00:29.920 --> 00:00:33.640
you will see that it appears as a normal USB storage device and can be

00:00:33.640 --> 00:00:36.070
browsed to with the file manager of your choice.

00:00:38.140 --> 00:00:40.930
Let's look at the folders held within the Bash Bunny and get an

00:00:40.940 --> 00:00:43.660
understanding of the important areas we need to focus on.

00:00:45.440 --> 00:00:47.560
Here, we see the layout of the Bash Bunny.

00:00:47.710 --> 00:00:50.900
The most important folders to look at here are loot,

00:00:50.910 --> 00:00:55.110
which we'll come back to later in another demo, and the payloads,

00:00:55.200 --> 00:00:58.950
which is the folder that contains the main bulk of where we need to focus today.

00:01:00.240 --> 00:01:03.690
The two switch folders contained within the payloads folder relate to the

00:01:03.700 --> 00:01:07.280
other two switch positions available, other than the mass storage setting

00:01:07.280 --> 00:01:12.150
we're currently on. Anything loaded into payload 1 will be used when the

00:01:12.150 --> 00:01:16.820
hardware switch is placed into position 1, and similar with payload 2 and

00:01:16.820 --> 00:01:21.940
switch position 2. The library contains the default scripts that come

00:01:21.940 --> 00:01:27.210
with the Bash Bunny. Other folders to be aware of are the extensions

00:01:27.210 --> 00:01:29.950
folder, which is the home of Bunny Script extinctions.

00:01:30.940 --> 00:01:33.370
Also on the Bash Bunny, we find the documents folder,

00:01:33.430 --> 00:01:35.470
which is the home of any documentation.

00:01:36.440 --> 00:01:39.200
The languages folder allows you to install additional

00:01:39.200 --> 00:01:41.350
HID keyboard layouts and languages.

00:01:43.230 --> 00:01:47.670
The tools folder is used to install additional Debian packages or other tools.

00:01:48.140 --> 00:01:50.900
Some payloads may require third‑party tools,

00:01:50.910 --> 00:01:53.980
such as the RDP checker payload that requires these

00:01:53.990 --> 00:01:55.550
impact library to be installed.

00:01:56.540 --> 00:01:59.330
Additional tools can be added to the Bash Bunny as you would a

00:01:59.330 --> 00:02:04.510
typical Debian‑based Linux computer. Tools in a .deb format or entire

00:02:04.510 --> 00:02:06.870
folders can be placed into the tools folder.

00:02:07.640 --> 00:02:10.250
The next time the Bash Bunny boots in to arming mode,

00:02:10.259 --> 00:02:15.290
it will cause the .deb packages to be installed using DPKG and then any

00:02:15.290 --> 00:02:18.550
remaining files and folders moved onto the root file system.

00:02:21.340 --> 00:02:23.970
If you wish to connect to the Bash Bunny directly to install

00:02:23.970 --> 00:02:27.170
or manage tools, you can do so with the username of root and

00:02:27.170 --> 00:02:28.750
the password of hak5bunny.

00:02:29.640 --> 00:02:39.660
Its IP addresses 172.16.64.1 with a DHCP range of 172.16.64.10 to 12.

00:02:40.840 --> 00:02:41.530
If, however,

00:02:41.530 --> 00:02:44.960
you wish to interact with the Bash Bunny directly via the serial port,

00:02:44.970 --> 00:02:52.620
you can use the following settings, 115200 board, 8 data bits, no parity

00:02:52.620 --> 00:02:59.590
bit, and 1 stop bit. On the Mac, you can connect using screen and log in

00:02:59.590 --> 00:03:04.880
using the root username and password of hak5bunny. We can now interact

00:03:04.880 --> 00:03:11.870
with the Bash Bunny like a normal Linux computer. To set ourselves up for

00:03:11.870 --> 00:03:15.640
the next demonstration, let's look in the library and drill down into the

00:03:15.640 --> 00:03:16.750
credentials folder.

00:03:17.340 --> 00:03:20.630
We know that our target environment is going to be a Mac laptop,

00:03:20.640 --> 00:03:25.300
so let's focus on the macinfograbber payload. To install the

00:03:25.300 --> 00:03:28.100
payload, we simply copy and paste the text file into the

00:03:28.100 --> 00:03:29.670
switch position of our choice.

00:03:30.540 --> 00:03:32.950
Let's copy it now into payload position 1.

00:03:36.740 --> 00:03:39.730
Before we go ahead and use the Bash Bunny to deliver this payload,

00:03:39.730 --> 00:03:42.260
let's take a quick look at the script itself.

00:03:43.240 --> 00:03:43.920
As you can see,

00:03:43.920 --> 00:03:46.990
it's a simple script that sets a few variables, and then using

00:03:46.990 --> 00:03:48.860
a scripting language called Bunny Script,

00:03:49.040 --> 00:03:51.810
can do call on the Bash Bunny to perform certain actions.

00:03:52.640 --> 00:03:56.250
In this script, we're pretending to be a human interface device, or HID,

00:03:56.510 --> 00:04:00.590
such as a keyboard. One of the best functions of the Bash Bunny is that

00:04:00.590 --> 00:04:04.440
we can set the color of the LED to give us visual feedback so that we

00:04:04.440 --> 00:04:06.250
know that we have completed our attack.

00:04:07.540 --> 00:04:08.270
At this point,

00:04:08.270 --> 00:04:12.160
we're ready to eject the Bash Bunny and use it to attack our target environment.