The Bash
Bunny from Hak5 is a versatile little hacking device for performing
USB-based attacks. It’s a tiny Linux computer that emulates various USB
devices, like a flash drive or keyboard, in order to inject payloads on a
target computer. It’s a fun tool for people who are interested in
cracking, but it’s a bit expensive at $100. Using a Raspberry Pi Zero W,
Alex Jensen was able to replicate the Bash Bunny for far less money.
Jensens’ “Poor Man’s Bash Bunny” incorporates most of the functionality found on Hak5’s device. That includes the ability to act like a flash drive, a keyboard, a serial device,
and an Ethernet adapter. Using a 4 DIP switch, any of 16 boot modes can
be selected for different scripts and payloads. Once it has been
booted, two buttons can be used to launch specific scripts depending on
which boot mode has been selected.
If you want to build your own, you’ll only need a handful of components: a Raspberry Pi Zero W,
a USB stem, two push buttons, a 4 DIP switch, a perf board, and some
resistors and LEDs. The circuits are simple enough for anyone to
understand, and connect the buttons and switches to the Raspberry Pi’s
GPIO pins. Then just install Raspbian and Git clone Jensens’ repository
and run the setup script. That repository includes a handful of tools
that will let you get started with USB attacks.
No comments:
Post a Comment