How to Get USB_Exfiltration Payload Using the Bash Bunny

Jordan Drysdale //

This is a super quick write-up on the first very useful payload we tested and confirmed as 100% reliable on all Windows systems (XP-SP3+) with PowerShell enabled.

Bash Bunny Wiki: http://wiki.bashbunny.com/#!index.md

Payload: https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/usb_exfiltrator

The most important piece is an understanding of the exceptionally simple switch positioning and directory structure. 

We downloaded the entirety of the current payloads from the Bunny’s git here: https://github.com/hak5/bashbunny-payloads

The only edits we made to the USB_Exfil payload before copying it over to the switch1 directory was to remove the .PDF reference. This allowed us to pull sub-directories inside the user’s documents directory.

Be very careful! Depending on the size of your target’s Documents directory, you can fill the Bash Bunny’s storage at just under 2GB.

Lastly, in testing this one out, the system has to be unlocked… :/

Regardless, have fun!