Bash Bunny
  • Bash Bunny by Hak5
  • Getting Started
    • Switch Positions
    • Mass Storage Structure
    • LED Status Indications
    • Installing Additional Tools
    • Installing Additional Languages
    • Considerations for Mark II
  • Writing Payloads
    • Payload Development Basics
    • DuckyScript™ on the Bash Bunny
    • QUACK
    • Extensions
    • ATTACKMODE
      • VID, PID, MAN, PROD, SN
    • LED
    • Working with the File System
    • CPU Control
    • Contributing Best Practices
    • Submitting Payloads
    • WAIT_FOR_PRESENT
  • Internet Connectivity
    • Getting the Bash Bunny Online
    • Sharing an Internet connection from Windows
    • Sharing an Internet connection from Linux
    • Sharing an Internet connection from MacOS
  • Software Updates
    • Updating the Bash Bunny Firmware
  • Troubleshooting
    • Factory Reset
    • Password Reset
  • Beginner Guides
    • Writing Keystroke Injection Payloads for the Bash Bunny
    • Network Hijacking Attacks with the Bash Bunny
    • Top 5 Bash Bunny Exfiltration Payloads to "steal files"
    • Getting Root on a Bash Bunny from the Serial Console
    • Remote Triggers for the Bash Bunny Mark II
    • Geofencing for the Bash Bunny Mark II
  • Video Guides
    • Bash Bunny Primer
    • Bash Bunny Phishing Attack with Hamsters
    • Password Grabber Bash Bunny Payload
    • Operating System Detection with the Bash Bunny
    • Bash Bunny Extensions
    • Reverse Shells on Linux with Bash Bunny
    • Bash Bunny Payload - Sudo Bashdoor on Linux
    • Bash Bunny Payload - 1990's Prank
    • Bash Bunny Dev - Behind the Scenes
    • Concealed Exfiltration - Pocket Network Attacks with the Bash Bunny
    • How to write Bash Bunny payloads and contribute on GitHub
Powered by GitBook
On this page
  1. Beginner Guides

Writing Keystroke Injection Payloads for the Bash Bunny

Last updated 11 months ago

Computers trust humans. Humans interact with keyboards. Hence the Human Interface Device or HID standard used by all modern USB keyboards. To a computer, if the device says it’s a keyboard — it’s a keyboard.

To pentesters, a small USB device pre-programmed to inject keystrokes into the victim computer covertly hidden inside a regular flash-drive case is a recipe for social engineering success. Hence the popular Hak5 USB Rubber Ducky – the device that invented keystroke injection attacks.

Building on this, the Bash Bunny directly interprets the Ducky Script language that has become synonymous with bad USB attacks.

With its HID attack mode, the Bash Bunny becomes a keyboard, and Ducky Script is processed with a quick and easy QUACK command.

GET SWITCH_POSITION
LED ATTACK
ATTACKMODE HID STORAGE
RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"
LED FINISH

As you can see from the above simple payload snippet, the Ducky Script tells the Bash Bunny to become both a keyboard and a flash drive. Then, it injects keystrokes which instruct the Windows target to run a powershell script saved on said flash drive.

Advanced attacks are enabled by combining HID attacks with the additional USB device supported by the Bash Bunny – like gigabit Ethernet, Serial and Storage. Coupled with a scripting language that supports conditions and logic using BASH, a new era of keystroke injection attacks are possible.

Learn more about using Ducky Script for Keystroke Injection attacks from the Payload Development section of the Bash Bunny documentation.