StealthBunny

Gadget IoC removal from HAK5's BashBunny

Generate Convert Improve

Install / Use

/learn @emptynebuli/StealthBunny

About this skill

Quality Score

0/100

README

Description

StealthBunny is a tool designed to modify HAK5's BashBunny USB gadget kernel driver to remove possible indicators of compromise. BashBunny leverages a closed-source kernel driver at /usr/local/bunny/lib/bunny_gadget.ko to build the system gadget and clone various USB devices. However, this driver fails to allow for mixed-case and special characters resulting in unfortunate IoCs.

The default gadget configuration will always display the iProduct as RNDIS/Ethernet Gadget:

To correct this behavior, I have identified error strings in the gadget file that are infrequently used. These have been replaced and the string calls have been modified, to allow for the iManufacturer and iProduct values to be customized. Resulting in a clean gadget device:

NOTE: This configuration represents Diebold Nixdorf's default ATM keyboard HID device ;)..

Useage

$ ./sbunny       
 @@@@@@   @@@@@@@  @@@@@@@@   @@@@@@   @@@     @@@@@@@  @@@  @@@       @@@@@@@   @@@  @@@  @@@  @@@  @@@  @@@  @@@ @@@  
@@@@@@@   @@@@@@@  @@@@@@@@  @@@@@@@@  @@@     @@@@@@@  @@@  @@@       @@@@@@@@  @@@  @@@  @@@@ @@@  @@@@ @@@  @@@ @@@  
!@@         @@!    @@!       @@!  @@@  @@!       @@!    @@!  @@@   ~   @@!  @@@  @@!  @@@  @@!@!@@@  @@!@!@@@  @@! !@@  
!@!         !@!    !@!       !@!  @!@  !@!       !@!    !@!  @!@  ~~~  !@   @!@  !@!  @!@  !@!!@!@!  !@!!@!@!  !@! @!!  
!!@@!!      @!!    @!!!:!    @!@!@!@!  @!!       @!!    @!@!@!@! ~~~~~ @!@!@!@   @!@  !@!  @!@ !!@!  @!@ !!@!   !@!@!   
 !!@!!!     !!!    !!!!!:    !!!@!!!!  !!!       !!!    !!!@!!!! ~~~~~ !!!@!!!!  !@!  !!!  !@!  !!!  !@!  !!!    @!!!   
     !:!    !!:    !!:       !!:  !!!  !!:       !!:    !!:  !!!  ~~~  !!:  !!!  !!:  !!!  !!:  !!!  !!:  !!!    !!:    
    !:!     :!:    :!:       :!:  !:!   :!:      :!:    :!:  !:!   ~   :!:  !:!  :!:  !:!  :!:  !:!  :!:  !:!    :!:    
:::: ::      ::     :: ::::  ::   :::   :: ::::   ::    ::   :::        :: ::::  ::::: ::   ::   ::   ::   ::     ::    
:: : :       :     : :: ::    :   : :  : :: : :   :      :   : :       :: : ::    : :  :   ::    :   ::    :      :     
                                                                                              @emptynebuli
Usage:                    sbunny [ restore | <iManufacturer> <iProduct> ]

StealthBunny allows for modifying the default_gadget.ko file and restoring the file back to the original value. To modify the default gadget just pass in a string for iManufacturer and iProduct. Reversal is as simple as sbunny restore. To insure you don't accidently make your bunny unusable, I recommend restoring the kernel drive at the end of each payload script.

Copy StealthBunny to /tools, on the BashBunny, and call sbunny before executing ATTACKMODE. The following payload.txt file demonstrates proper use of StealthBunny:

LED B SLOW
sbunny 'Jing-Mold' 'USB K/B+Mouse'
ATTACKMODE HID VID_0x05af PID_0x0808

LED R FAST
sbunny restore

Related Skills

node-connect

344.1k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

frontend-design

96.8k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

openai-whisper-api

344.1k

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

qqbot-media

344.1k

QQBot 富媒体收发能力。使用 <qqmedia> 标签，系统根据文件扩展名自动识别类型（图片/语音/视频/文件）。