Updated docs/readme.txt for firmware v1.3

2025-12-24 05:58:28 +00:00 · 2017-05-08 16:15:04 +10:00
parent dd2013ef9d
commit 4dbc20f972
1 changed files with 334 additions and 278 deletions
--- a/docs/readme.txt
+++ b/docs/readme.txt
@@ -6,7 +6,7 @@
 Bash Bunny by Hak5                           USB Attack/Automation Platform
-                      -+- QUICK REFERENCE GUIDE v1.3 -+-
+                      -+- QUICK REFERENCE GUIDE v1.4 -+-
     +-----------------+
@@ -34,18 +34,25 @@
 Mass-Storage Directory Structure                 Default Settings
 --------------------------------------------     -----------------------------
 .
- |-payloads/                                      Username: root
+ |-config.txt      - Global config script         Username: root
- | |-library/                                     Password: hak5bunny
+ |                   Sourced by all payloads      Password: hak5bunny
- | | |-* Payloads from Bash Bunny repository    
+ |-payloads/                                      Hostname: bunny
- | | |-extensions/ - Additional Bunny Script      Hostname: bunny
+ | |-library/                                     
- | |                 commands/functions.
+ | | |-* Payloads from Bash Bunny repository      IP Address: 172.16.64.1
- | |-switch1/                                     IP Address: 172.16.64.1
+ | |                                              DHCP Range: 172.16.64.10-12
- | | |-payload.txt - Bunny Script executed on     DHCP Range: 172.16.64.10-12
+ | |-extensions/   - Additional Bunny Script      
- | |                 boot in switch position 1  
+ | |                 commands/functions.          LED Status:
- | |-switch2/                                     LED Status:
+ | |-switch1/                                     Green Solid    - Boot up
- |   |-payload.txt - Bunny Script executed on     Green Solid    - Boot up
+ | | |-payload.txt - Bunny Script executed on     Blue Blink     - Arming Mode
- |                   boot in switch position 2    Blue Blink     - Arming Mode
+ | |                 boot in switch position 1    Red/Blue Blink - Recovery
- |-loot/  - Where payloads store logs and data    Red/Blue Blink - Recovery
+ | |-switch2/                                     
 | | |-payload.txt - Bunny Script executed on     
 | |                 boot in switch position 2    
 | |-arming/                                      
 |   |-payload.txt - Override payload for
 |                   Arming Mode *USE CAUTION*
 |
 |-loot/           - Where payloads store logs and data    
 |-docs/           - EULA, License, this readme.txt
 |-tools/          - Contents placed here will be copied
 |                   to /tools at boot in arming mode.
@@ -70,7 +77,8 @@
 -----------------------------------------------------------   ---------------
 ATTACKMODE  Specifies the USB devices to emulate.             REM
             Accepts combinations of three: SERIAL,            DELAY
-             ECM_ETHERNET, RNDIS_ETHERNET, STORAGE, HID        STRING
+             ECM_ETHERNET, RNDIS_ETHERNET, STORAGE, HID,       STRING
             RO_STORAGE or disable all USB with OFF            SPACE
                                                               WINDOWS/GUI
 LED         Control the RGB LED. Accepts color and pattern    MENU/APP
             or predefined payload state.                      SHIFT
@@ -109,13 +117,44 @@
 payloads may make use of these command. Similar to payloads, the extensions 
 can be obtain and updated from the Bash Bunny repository.
- Example extension: RUN - Simplifies command execution for HID attacks.
+ RUN - Simplifies command execution for HID attacks.
 Usage: RUN [OS] [Command] 
   RUN WIN notepad.exe
   RUN WIN "powershell -Exec Bypass \"tree c:\\ > tree.txt; type tree.txt\"
   RUN OSX http://www.example.com
 CUCUMBER - CPU Control (May be specified globally in /config.txt)
 Usage: CUCUMBER [Mode]
   CUCUMBER ENABLE   Single CPU core mode with governor set to ondemand
                     *Best thermal option for long-term deployments
   CUCUMBER DISABLE  Quad CPU core mode with governor set to ondemand
                     *Default behavior. Best overall power/performance
   CUCUMBER PLAID    Quad CPU core mode with governor set to performance
                     *Ludicrous speed. Not intended for long-term deployments.
 DUCKY_LANG - Specifies HID injection language for QUACK commands
 Usage: DUCKY_LANG [Language]
   DUCKY_LANG us 
   * Specified in two letter language abbreviation
   * Uses language json file from langauge database (updated via /languages)
 REQUIRETOOL - Checks if a tool is installed. Exits with LED FAIL if not.
 Usage: REQUIRETOOL [tool]
   REQUIRETOOL impacket
   * Checks /tools/ for named directory or system installed tool name
 GET - Returns variable
 Usage: GET [variable]
   GET TARGET_IP         Returns $TARGET_IP
   GET TARGET_HOSTNAME   Returns $TARGET_HOSTNAME
   GET HOST_IP           Returns $HOST_IP
   GET SWITCH_POSITION   Returns $SWITCH_POSITION
 Connecting to the Linux Serial Console from Windows           Serial Settings
 ---------------------------------------------------------     ---------------
@@ -141,16 +180,21 @@
 Example Payload Structure
 -------------------------
- payloads/switch#/
+ /config.txt - Sourced by all payloads enabling global configurations
               Example: DUCKY_LANG us
 /payloads/switch#/
                 |-payload.txt   Primary payload file executed on boot in
                 |               specified switch position
-                 |-readme.txt    Optional payload documentation
+                 |-readme.md     Payload documentation in markdown for github
                 |-config.txt    Optional payload configuration for variables
                 |               sourced by complex payloads
                 |-install.sh    Installation script for complex payloads
-                 |               requiring initial setup (may require Internet)
+                                 requiring initial setup (may require Internet)
-                 |-remove.sh     Uninstall/Cleanup script for complex payloads
+ /payloads/arming/
-
+                |-payload.txt    Special payload executed when switch is in 
                                 position 3 (arming mode). Overrides default
                                 STORAGE+SERIAL mode. For advanced users only.
                                 WARNING: Be careful not to lock yourself out
                                 of the Bash Bunny by disabling access via 
                                 STORAGE or SERIAL when using this feature.
 Share Internet Connection with Bash Bunny from Windows
@@ -184,16 +228,28 @@
 ATTACKMODE Command
 -----------------------------------------------------------------------------
 ATTACKMODE sets the device emulation parameters for the Bash Bunny. 
- Three of five attack modes may be executed simultaneously.
+ Three attack modes may be executed simultaneously.
 Parameter      Type                                  Target/Use
- -------------- ------------------------------------  -------------------
+ -------------- ------------------------------------  ------------------------
 SERIAL         ACM     Abstract Control Model        Serial Console
 ECM_ETHERNET   ECM     Ethernet Control Model        Linux/Mac/Android
 RNDIS_ETHERNET RNDIS   Remote Network Dvr Int Spec   Windows (some *nix)
 STORAGE        UMS     USB Mass Storage              Flash Drive
 RO_STORAGE     UMS     USB Mass Storage              Read-Only Flash Drive
 HID            HID     Human Interface Device        Keystroke Injection
 ATTACKMODE Advanced Parameters
 ------------- ----------------------------------------------------------------
 PID_          Specifies the USB device product ID
 VID_          Specifies the USB device vendor ID
 MAN_          Specifies the USB device manufacturer
 SN_           Specifies the USB device serial number
 OFF           Disables all USB emulaiton
 Example:
 ATTACKMODE HID STORAGE VID_0XF000 PID_0X1234 SN_12345678 MAN_HAK5
 LED Command