Considerations for Mark II
The Bash Bunny Mark II adds mass exfiltration, wireless geofencing and remote trigger functionality via a MicroSD XC card reader and bluetooth low-energy radio.
All first generation payloads are compatible with the Bash Bunny Mark II.
Two considerations to keep in mind when developing and deploying payloads for the Bash Bunny Mark II; Wireless, and Storage.
If desired, the
WAIT_FOR_NOT_PRESENTextensions may be used for geofencing and remote triggers. When using these extensions, the bluetooth wireless landscape will be temporarily read to /tmp/bt_observation
- REMOTE TRIGGERS FOR THE BASH BUNNY MARK II
A few key points to note when using a MicroSD card with the Bash Bunny Mark II:
- Payloads are executed from internal storage only.
- If a MicroSD card is present at boot in arming mode, it will be passed through to the host.
- To load payloads, boot the Bash Bunny without a MicroSD card present.
ATTACKMODE STORAGEis active, the udisk will be presented to the target as a mass storage device.
- In the case that a MicroSD card is present, the udisk presented to the target will be the MicroSD card
- In the case that a MicroSD card is not present, the udisk presented to the target will be the internal udisk partition.
- By default the udisk is not mounted from the perspective of the Bash Bunny.
- To mount the udisk from the perspective of the Bash Bunny, issue the command `udisk mount`.
- The udisk partition — whether internal or MicroSD — can only be mounted on one device at a time.
- By default in all switch positions the udisk is not mounted on the host (the Bash Bunny itself).
/root/udiskdirectory will appear blank unless `
udisk mount` has been executed.
- Writing to
/root/udiskwhen unmounted will have no effect on the actual udisk partition.
- If both
ATTACKMODE STORAGEand `
udisk mount` are used — unexpected behavior may occur as the partition cannot be handled by both the target and host simultaneously.
- The MicroSD card should be partitioned with a single partition formatted with a filesystem appropriate to the target
- e.g. for Windows targets: FAT32, ExFAT, NTFS
- e.g. for Mac targets: FAT32, ExFAT, APFS
- e.g. for Linux targets: FAT32, ExFAT, EXT
- While the target may support various filesystems, the host (Bash Bunny) currently only supports EXT and FAT32. Additional filesystems (ExFAT) may be included in future firmware versions.