Bunny not switching from HID to RNDIS_ETHERNET Windows 10

Question

Bunny not switching from HID to RNDIS_ETHERNET Windows 10

roelo34 opened this issue 7 years ago · 5 comments

When testing the smb_exfiltration payload, I noticed that the BB didn't correctly switch from HID to RNDIS... I decided to make a new payload with just this:

LED R
ATTACKMODE HID
LED G
ATTACKMODE RNDIS_ETHERNET

To my surprise, it actually didn't work (on multiple Windows 10 machines).
When plugging the BB in, it first shows up as a keyboard in the device manager, then the keyboard disconnects. After that I can hear a "there has been a connection" sound from Windows, but nothing shows up in device manager or adapter settings. Not even an unidentified device.

[EDIT]
It does show up in the device manager, however it is still shown as a keyboard.

Answer 1 · 2018-01-25T08:10:38.000Z

Have you tried setting PID/VID to other values ?
This works for me in Windows 10:

VendorID : 0x0b05
ProductID : 0x7774

The Device spoofed would be: Zenfone GO (ZB500KL) (RNDIS mode)
Maybe this helps

Answer 2 · 2018-02-04T23:17:44.000Z

Hi Simon,

I tried what you suggested and it doesn't seem to work...
This is my payload.txt

LED B
ATTACKMODE HID
LED R
ATTACKMODE RNDIS_ETHERNET VID_0x0b05 PID_0x7774
LED G

The result it still the same, no extra ethernet device, it stays shown as a keyboard.
Thanks for the help anyway :)

Answer 3 · 2018-02-05T00:58:18.000Z

Hey all I am having problems after ATTACKMODE HID too, after setting the attack mode to hid I am unable to get the SWITCH_POSITION I'm running 1.5

Answer 4 · 2018-02-05T09:28:40.000Z

Does it work without setting it to hid before ?
Or maybe you could try to combine both HID and RNDIS_ETHERNET like this:

ATTACKMODE HID RNDIS_ETHERNET VID_0x0b05 PID_0x7774

Answer 5 · 2018-02-11T17:56:35.000Z

That worked! Thanks a million Simon!