[RELEASE] Bash Bunny Firmware v1.3

[Sebkinne]

Hot off the heels of 1.2 our brave little bunny is hopping into 1.3 with exciting new features and fixes!

This Kilo Echo Whiskey Lima release is cool as a cucumber - with new CPU performance and thermal enhancements to boot!

In fact, the new CUCUMBER command allows you to throttle down to one core for chilly long term deployments - or put the petal to the metal and go PLAID with all out quad core speeds!

We even snuck in some sneaky new ATTACKMODE features - like ATTACKMODE OFF to run dark and go completely bus silent after your attack completes. Or new ATTACKMODE parameters for Serial Number and Manufacturer in addition to VID and PID, for you masquerading types!

Find all the fixes and features in the changelog and bounce on by to BashBunny.com/downloads for your devious device download (\_/)

Full Changelog 

 

[Darren Kitchen]

First

[RazerBlade]

Nice!

[Irukandji]

1 hour ago, Sebkinne said:

We even snuck in some sneaky new ATTACKMODE features - like ATTACKMODE OFF to run dark and go completely bus silent after your attack completes. Or new ATTACKMODE parameters for Serial Number and Manufacturer in addition to VID and PID, for you masquerading types!

 

Nasty. keep up the good work.

[Just_a_User]

Great stuff, thank you.

[PoSHMagiC0de]

Getting it before I pass out to bed.  :-)

[Dave-ee Jones]

Maaaaaaan! Missed first this time :(

Love the constant firmware updates though :D

EDIT: Where is the changelog, may I ask?

[Darren Kitchen]

58 minutes ago, Dave-ee Jones said:

Maaaaaaan! Missed first this time :(

Love the constant firmware updates though :D

EDIT: Where is the changelog, may I ask?

Changlog is linked from the downloads page at https://bashbunny.com/downloads

Direct link: https://storage.googleapis.com/bashbunny_updates/ch_fw_1.3-changelog.txt

[quack]

Thank you, can you please explain how to install the tools (impacket and responder) and the languages  ? An official howto would be very helpful !

[qdba]

Pretty good update.... 

Thanks

[amexfax]

3 hours ago, quack said:

Thank you, can you please explain how to install the tools (impacket and responder) and the languages  ? An official howto would be very helpful !

We need a Documentaion how to pass the red LED, I guess in my case the missing Responder.

[LowValueTarget]

12 hours ago, Sebkinne said:

Hot off the heels of 1.2 our brave little bunny is hopping into 1.3 with exciting new features and fixes!

Full Changelog

This is great! Two quick questions.

1. Does ATTACKMODE OFF essentially turn the BB into a USB host?

2. When using RNDIS_SPEED_XX, is RNDIS_ETHERNET a prerequisite, or are they mutally exclusive?

 

Thanks,

[Sebkinne]

2 hours ago, LowValueTarget said:

1. Does ATTACKMODE OFF essentially turn the BB into a USB host?

No, it just disables any USB communication. It'll be almost as if you are charging a non data device. Host mode is coming later down the line. 

Quote

2. When using RNDIS_SPEED_XX, is RNDIS_ETHERNET a prerequisite, or are they mutally exclusive?

You have to pass them both to ATTACKMODE if you want to set the speed. RNDIS_SPEED_XX is optional though. 

[Dave-ee Jones]

13 hours ago, Darren Kitchen said:

Changlog is linked from the downloads page at https://bashbunny.com/downloads

Direct link: https://storage.googleapis.com/bashbunny_updates/ch_fw_1.3-changelog.txt

Haha, thanks for that. I did find it, immediately feeling a bit silly seeing it right next to the downloads button. :P

4 hours ago, Sebkinne said:

No, it just disables any USB communication. It'll be almost as if you are charging a non data device. Host mode is coming later down the line. 

You have to pass them both to ATTACKMODE if you want to set the speed. RNDIS_SPEED_XX is optional though. 

ATTACKMODE OFF will be quite useful for quickly shutting down any connections that the PC has to the Bunny's servers (if it is hosting any) which will be quite useful. :)

[Dice]

22 hours ago, quack said:

Thank you, can you please explain how to install the tools (impacket and responder) and the languages  ? An official howto would be very helpful !

I would really appreciate this as well, 

Afaik the instlaler procedure from 1.0 has changed ? 

[masterkorp]

Hello,

 

I noticed that the bashbunny tries to launch a postgresql service but it fails to bind the port. Why is that?

 

 

[Dice]

On 5/8/2017 at 3:03 PM, quack said:

Thank you, can you please explain how to install the tools (impacket and responder) and the languages  ? An official howto would be very helpful !

 

@LowTargetValue gave a perfect working solution

 

[Dave-ee Jones]

3 hours ago, hkyq said:

Left BB for <10 while updating, it's SUPER hot (almost burn myself touching the metal usb part) and I can smell burning.

EDIT: Flashing red/blue, hopefully won't burn this time.

EDIT2: Attempted to flash a few times, version says 1_067

Interesting, as mine is fine.

I am assuming it was updating as it got hot? Was it in a USB 3 or USB 2 port?

Wondering if CUCUMBER PLAID was called prematurely :P

[johnjohnsp1]

Hello all,

did install new firmware 1.3 coming from 1.2 , unfortunaly i see QuickCreds is no longer working (blinking . Anyone else did noticed this after the upgrade or its just me ?

Both tools (impacket and responeder) are correctly installed and can be used as logged in directly.

Made sure inside the /extensions folder all the files are Unix format.

Did flash the firmware few times by now, led are blinking blue/red as supposed to be

Did cloned the payload repository to match the latest version

After this all those tries i get:

 

# Set LED yellow, run attack
LED ATTACK

in a loop

no loot folder has been modified

 

any hint ?

 

thanks

[Dave-ee Jones]

10 hours ago, johnjohnsp1 said:

Hello all,

did install new firmware 1.3 coming from 1.2 , unfortunaly i see QuickCreds is no longer working (blinking . Anyone else did noticed this after the upgrade or its just me ?

Both tools (impacket and responeder) are correctly installed and can be used as logged in directly.

Made sure inside the /extensions folder all the files are Unix format.

Did flash the firmware few times by now, led are blinking blue/red as supposed to be

Did cloned the payload repository to match the latest version

After this all those tries i get:

 

# Set LED yellow, run attack
LED ATTACK

in a loop

no loot folder has been modified

 

any hint ?

 

thanks

QuickCreds was updated. Check the payloads section.

[TeCHemically]

48 minutes ago, Dave-ee Jones said:

QuickCreds was updated. Check the payloads section.

I am getting solid red that doesn't change even after 10+ minutes. On firmware 1.3, brand new quickcreds from github. Impacket and responder installed properly.

[johnjohnsp1]

33 minutes ago, TeCHemically said:

I am getting solid red that doesn't change even after 10+ minutes. On firmware 1.3, brand new quickcreds from github. Impacket and responder installed properly.

have you checked that both impact is installed and responder is inside tools folder ? , happened to me once, after checked that the led changed from red/solid red to yellow

[johnjohnsp1]

1 hour ago, Dave-ee Jones said:

QuickCreds was updated. Check the payloads section.

thanks for the replay but even If downloaded again now the payloads tree from GitHub the result doesn't change, quickcreds according to repo is updated a month ago .. are you getting the same error or issue within firmware 1.3 ? cause on 1.2 was perfectly working

[TeCHemically]

19 minutes ago, johnjohnsp1 said:

have you checked that both impact is installed and responder is inside tools folder ? , happened to me once, after checked that the led changed from red/solid red to yellow

impacket install was successful and both it and responder are in the tools folder, yes

[TeCHemically]

Do I need to reinstall ducktoolkit after a firmware upgrade? the only payloads that my BB have ever been able to run are ducky payloads; and now even they aren't working anymore. Attempting to run the duckinstall payload fails just like literally every other payload now...