Skip to content
Home » Blog » The Rabbit Hole: Part I

The Rabbit Hole: Part I

Rabbit-Hole

Hak5 Bash Bunny Payload Manager

For those of you who aren’t familiar with the Hak5 Bash Bunny, it’s a small “computer on a stick” that is able to masqurade as any USB device you configure it as. Once connected to a target device, it will begin to interface as a keyboard and send preprogrammed keystrokes (much like a rubber ducky if you’re familiar with that). The Bash Bunny is significantly more capable than the ducky but the scope of this post isn’t to explain the Bash Bunny, but if you’d like content on that let me know in the comments. In the mean time you can read more or purchase your own Bash Bunny from https://shop.hak5.org/products/bash-bunny (I have no affiliation, so if you buy one let me know!).

The Bunny is capable of carrying 2 active payloads at a time selectable by a 3 way toggle switch on the side (Program, Payload 1, Payload 2). What you load up to these two are completely up to you and for me they’re based on the results of my target recon. If you have more than 2 device types which may be vulnerable, well your options are pretty limited. You must either carry an additional Bunny, or excuse yourself to the restroom or car while you juggle the active payloads.

My vision for the Rabbit Hole, is a small Arduino or Raspberry pie powered device (as small as I can get away with) which I can plug the bunny into and switch active and inactive payloads. The device should have a small lcd screen and buttons to navigate, select and swap payloads.

The Bash Bunny has a file system which is easy to understand. For the purpose of this project we’re concerned with 3 parent folders; “Library”, “Switch_1”, and “Switch_2”. When a Bash Bunny is connected and power applied, the Rabbit Hole should allow the user to VIEW the active payloads. It should then allow the user to view the inactive payloads in the “Library” folder. Finally it should allow the user to select an active payload slot and choose a payload to swap it with from the Library. SIMPLE!

To accomplish this I need to do some research on the USB protocol. I don’t know for sure, but my assumption is that when the Bunny is in Program mode, it behaves just like a USB flash drive. The Rabbit hole will need to be able to read and write to a USB attached storage device.

After defining the problem and visualizing a possible solution I’m left with a pretty simple list of desirements. I need a Raspberry Pi or Arduino device that can read and write from a USB flash drive!

With that in mind, my next step is to research and see what’s already available in the world (modules and software) to help me prototype a solution! See you soon!