Bash Bunny
Search…
Bash Bunny by Hak5
Getting Started
Switch Positions
Mass Storage Structure
LED Status Indications
Installing Additional Tools
Installing Additional Languages
Considerations for Mark II
Beginner Guides
Writing Keystroke Injection Payloads for the Bash Bunny
Network Hijacking Attacks with the Bash Bunny
Top 5 Bash Bunny Exfiltration Payloads to "steal files"
Getting Root on a Bash Bunny from the Serial Console
Remote Triggers for the Bash Bunny Mark II
Geofencing for the Bash Bunny Mark II
Internet Connectivity
Getting the Bash Bunny Online
Sharing an Internet connection from Windows
Sharing an Internet connection from Linux
Sharing an Internet connection from MacOS
Software Updates
Updating the Bash Bunny Firmware
Writing Payloads
Payload Development Basics
DuckyScript™ on the Bash Bunny
Extensions
ATTACKMODE
LED
QUACK
VID, PID, MAN, PROD, SN
Working with the File System
CPU Control
Contributing Best Practices
Submitting Payloads
WAIT_FOR_PRESENT
Troubleshooting
Factory Reset
Password Reset
Video Guides
Bash Bunny Primer
Bash Bunny Phishing Attack with Hamsters
Password Grabber Bash Bunny Payload
Operating System Detection with the Bash Bunny
Bash Bunny Extensions
Reverse Shells on Linux with Bash Bunny
Bash Bunny Payload - Sudo Bashdoor on Linux
Bash Bunny Payload - 1990's Prank
Bash Bunny Dev - Behind the Scenes
Concealed Exfiltration - Pocket Network Attacks with the Bash Bunny
How to write Bash Bunny payloads and contribute on GitHub
Powered By GitBook
Writing Keystroke Injection Payloads for the Bash Bunny
Computers trust humans. Humans interact with keyboards. Hence the Human Interface Device or HID standard used by all modern USB keyboards. To a computer, if the device says it’s a keyboard — it’s a keyboard.
To pentesters, a small USB device pre-programmed to inject keystrokes into the victim computer covertly hidden inside a regular flash-drive case is a recipe for social engineering success. Hence the popular Hak5 USB Rubber Ducky – the device that invented keystroke injection attacks.
Building on this, the Bash Bunny directly interprets the Ducky Script language that has become synonymous with bad USB attacks.
With its HID attack mode, the Bash Bunny becomes a keyboard, and Ducky Script is processed with a quick and easy QUACK command.
1
GET SWITCH_POSITION
2
LED ATTACK
3
ATTACKMODE HID STORAGE
4
RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"
5
LED FINISH
Copied!
As you can see from the above simple payload snippet, the Ducky Script tells the Bash Bunny to become both a keyboard and a flash drive. Then, it injects keystrokes which instruct the Windows target to run a powershell script saved on said flash drive.
Advanced attacks are enabled by combining HID attacks with the additional USB device supported by the Bash Bunny – like gigabit Ethernet, Serial and Storage. Coupled with a scripting language that supports conditions and logic using BASH, a new era of keystroke injection attacks are possible.
Learn more about using Ducky Script for Keystroke Injection attacks from the Payload Development section of the Bash Bunny documentation.
Getting Started - Previous
Considerations for Mark II
Next - Beginner Guides
Network Hijacking Attacks with the Bash Bunny
Last modified 3mo ago
Copy link