bash_bunny - scvtrs

Simple Cross platform Volatile TCP Reverse Shell using a Bash Bunny

I purchase a “Bash Bunny” from Hak5 as it looked like a cool piece of kit. The main problem I found with the device is that it cannot easily detect what operating system the host devices is using, which means picking the correct payload and set of key combinations (to open the terminal or powershell) is difficult. The bash bunny does have a switch on the side to select payloads but I wanted a automated process.

The solution was to get the bash bunny to present itself as a ethernet device, capture the DHCP packets sent by the host system and use the p0f program to look at the packets at determine the host OS. This worked quite well.

Once the host OS was determined the bash bunny presents itself as a keyboard and they open the OS relevant terminal. EG powershell on Windows and Terminal on Mac and Linux. The bash bunny then uses its keyboard to type a boot strap script which will download the payload from a HTTP server running on the bash bunny. Once the code is downloaded it is executed to establish a reverse shell. The whole process takes about 30 seconds.

Windows Demo

Linux Demo (alternative mode)

If the OS cannot be determined the bash bunny will type out the entire payload.