Getting Root on a Bash Bunny from the Serial Console
Throughout the history of personal computers, serial has been a mainstay for file transfer and console access. To this day it’s widely used, from headless servers to embedded microcontrollers. With the Bash Bunny, we’ve made it convenient as ever – without the need for a serial-to-USB converter.
With dedicated shell access from the arming mode, dropping to the Bash Bunny Linux terminal is simple over serial from any OS. When combined with advanced payloads, using the serial attack mode, there’s limitless potential for creativity with this often overlooked interface.
Find the COM# from Device Manager > Ports (COM & LPT) and look for USB Serial Device (COM#). Example: COM3
Alternatively, run the following powershell command to list ports:
[System.IO.Ports.SerialPort]::getportnames()
Enter COM# for serial line and 115200 for Speed. Click Open.
PuTTY is a free and open-source terminal emulator, serial console and network file transfer application.
- 1.Find the Bash Bunny device from the terminalls /dev/tty*" or "dmesg | grep ttyUsually on a Linux host, the Bash Bunny will register as either
/dev/ttyUSB0or/dev/ttyACM0. On an OSX/macOS host, the Bash Bunny will register as/dev/tty.usbmodemch000001. - 2.Next, connect to the serial device using
screen,minicomor your terminal emulator of choice.If screen is not installed it can usually be found from your distributions package manager.sudo apt install screenConnecting with screensudo screen /dev/ttyACM0 115200Disconnect with keyboard combo:CTRL+afollowed byCTRL+\