Considerations for Mark II

The Bash Bunny Mark II adds mass exfiltration, wireless geofencing and remote trigger functionality via a MicroSD XC card reader and bluetooth low-energy radio.

All first generation payloads are compatible with the Bash Bunny Mark II.

Two considerations to keep in mind when developing and deploying payloads for the Bash Bunny Mark II; Wireless, and Storage.

WIRELESS

If desired, the WAIT_FOR_PRESENT or WAIT_FOR_NOT_PRESENT extensions may be used for geofencing and remote triggers. When using these extensions, the bluetooth wireless landscape will be temporarily read to /tmp/bt_observation

STORAGE

A few key points to note when using a MicroSD card with the Bash Bunny Mark II:

Arming Mode

To load payloads, boot the Bash Bunny without a MicroSD card present.

Payloads are executed from internal storage only.
If a MicroSD card is present at boot in arming mode, it will be passed through to the host.

Payload Considerations

If ATTACKMODE STORAGE is active:
- In the case that a MicroSD card is present, the MicroSD Card will be presented to the target
- In the case that a MicroSD card is not present, the internal udisk partition will be presented to the target.
By default, after loading payloads during boot, the udisk is not mounted from the perspective of the Bash Bunny.
- To mount the udisk from the perspective of the Bash Bunny, issue the command `udisk mount`.

Mounting Considerations

The udisk partition — whether internal or MicroSD — can only be mounted on one device at a time.
The /root/udisk directory will appear blank unless `udisk mount` has been executed.
Writing to /root/udisk when unmounted will have no effect on the actual udisk partition.
If both ATTACKMODE STORAGE (Mount to target) and `udisk mount` (Mount to Bash Bunny) are used — unexpected behavior may occur as the partition cannot be handled by both the target and host simultaneously.

Formatting Considerations

The MicroSD card should be partitioned with a single partition formatted with a filesystem appropriate to the target
- e.g. for Windows targets: FAT32, ExFAT, NTFS
- e.g. for Mac targets: FAT32, ExFAT, APFS
- e.g. for Linux targets: FAT32, ExFAT, EXT
While the target may support various filesystems, the host (Bash Bunny) currently only supports EXT and FAT32. Additional filesystems (ExFAT) may be included in future firmware versions.

Last updated 11 months ago

STORAGE

A few key points to note when using a MicroSD card with the Bash Bunny Mark II:

Arming Mode

To load payloads, boot the Bash Bunny without a MicroSD card present.

Payloads are executed from internal storage only.

If a MicroSD card is present at boot in arming mode, it will be passed through to the host.

Payload Considerations

If ATTACKMODE STORAGE is active:

In the case that a MicroSD card is present, the MicroSD Card will be presented to the target
In the case that a MicroSD card is not present, the internal udisk partition will be presented to the target.

By default, after loading payloads during boot, the udisk is not mounted from the perspective of the Bash Bunny.

To mount the udisk from the perspective of the Bash Bunny, issue the command `udisk mount`.

Mounting Considerations

The udisk partition — whether internal or MicroSD — can only be mounted on one device at a time.

The /root/udisk directory will appear blank unless `udisk mount` has been executed.

Writing to /root/udisk when unmounted will have no effect on the actual udisk partition.

If both ATTACKMODE STORAGE (Mount to target) and `udisk mount` (Mount to Bash Bunny) are used — unexpected behavior may occur as the partition cannot be handled by both the target and host simultaneously.

Formatting Considerations

The MicroSD card should be partitioned with a single partition formatted with a filesystem appropriate to the target

e.g. for Windows targets: FAT32, ExFAT, NTFS
e.g. for Mac targets: FAT32, ExFAT, APFS
e.g. for Linux targets: FAT32, ExFAT, EXT

While the target may support various filesystems, the host (Bash Bunny) currently only supports EXT and FAT32. Additional filesystems (ExFAT) may be included in future firmware versions.