Sebkinne

We actually use the official sources.list that is installed when you install Debian via debootstrap. By default Debian only considers the "main" repository to be part of Debian itself. That said, it absolutely makes sense to ship the Bash Bunny with some extra repositories, I'll make sure to update this for the next firmware release.

Haven't looked into it yet. We currently track the official releases to the debian repository, so we are up-to-date with those. Debian doesn't really have a reputation for having current versions, so we can make exceptions for some tools, such as nodejs and ruby where required. It's on my list though, so I'll look at it before the next firmware is out.

I hate to put something like this in a post with cool stuff, but.. Disclaimer: Using the Bash Bunny like this may void your warranty, as it could cause unforeseen effects on the underlying system.

Running the Bash Bunny with a GUI such as xfce is absolutely possible, but also means that the CPU governor won't have much of a chance to scale down the CPU frequency. The chip should be able to take the heat without issues, but caution should still be advised, running the Bash Bunny out of standard operation.

@Vert - what firmware are you on? On v1.3 the device should feel a lot cooler than it used to.

Unfortunately there is no way to change it once it's left the warehouse, sorry.

Hi nprouse, I'm sorry for the delay in your shipping. I see you chose USPS, so I urge you to read this post which has some relevant information. Mind you, I am not in the shipping department, and this may not apply to you. Regarding your ticket, I see you created one on Thursday and sent another one again on Sunday. It can take up to 3 business days for us to respond to customer inquiries. Your tickets have reached the right place and you will be taken care of shortly, if there is something we can do, and it's not just USPS being USPS :)

Hi SpoonNet, Because the payloads are bash, you will need to escape the $: Q STRING "kill -9 \$\$" That should work as expected.

While we are on freenode, there is maybe one message on there per week. irc.hak5.org is definitely the place to go.

Log into your bunny and execute "udisk reformat". That'll fix you right up.

This is correct.

I recall seeing some powershell command that will eject based on disk labels. Unfortunately I don't have that handy right now, but it might point you in the right direction. Keep in mind that ejection can take a while, so you might need to ensure it was properly ejected before pulling out the Bash Bunny.

You must have updated the udisk with the payload repository. I can guarantee that the firmware doesn't contain the files :)

Nope I haven't included any languages apart from us.json in the firmwares. I'm not sure if I ever will, as there will be a cross-platform udisk updater soon.

Hey everyone, Recently I have seen a lot of questions in regards to installing tools on the Bash Bunny. This post will contain a list of .deb files published by Hak5. Please see our wiki for installation instructions. If you would like to suggest a tool to be published, please reply to this thread. All other posts will be removed. Impacket Responder Gohttp Metasploit-Framework (Requires firmware 1.6 or above). Disclaimer: Hak5 is not responsible for these tools. They are 3rd party packages and have not been checked for stability or security. Hak5 simply packages these tools for easy installation.

The first place you should always look for resources is the payloads repository. You'll notice that we have added a whole bunch of languages, including pt :) https://github.com/hak5/bashbunny-payloads/blob/master/languages/pt.json

No, unless you know of an automatic way that executes a file from mass storage. The reason HID is used is often just to initiate a script that will handle the rest in the background. Ideally you'd want to keep the hid attack to a minimum (possibly disable hid after the script is launched).

This looks good, I'll check it out soon :) May I suggest that you add a LICENSE on Github to prevent this? MIT / Apache / BSD might be good choices if you want to be very permissive. Otherwise GPL will do too :)

Hey everyone, I wanted to see what the Bash Bunny community thinks about a tool (Win, MacOS, Linux) that would automatically update your payload repository on the Bash Bunny's mass storage partition. It would be run from your computer when the Bash Bunny is plugged in and automatically download the latest payloads, extensions, and languages. As a bonus, it could automatically download firmware upgrades to the mass storage partition to ensure the Bash Bunny is always up-to-date and that the updates are performed correctly. What do you currently do to update your payloads? Git clone + copy? Git clone directly to the partition? Download a .Zip of the repository? How regularly do you do this? Edit: Just to clear some things up: The tool would not run automatically when the Bash Bunny is plugged in, but would have to explicitly be launched by the user. The tool would be downloaded, placed on the root of the mass storage partition and executed from there.

Hi @RazerBlade, I'm sorry you are not satisfied with the WiFi Pineapple. I haven't been able to spend a lot of time on the WiFi Pineapple lately, because I was focusing on other Hak5 products. That's why you haven't seen any firmware or system module updates. In terms of bugs, I am aware that some exist, but you should know that only a small subset of our users experience them, which make them hard to track down. Once I pick up the WiFi Pineapple again, I'm going to go over every Module (maybe one a week) and rid it of bugs and usability issues. I'll also be launching RCs to ensure that the shipped firmware upgrades are solid and "bug free(tm)". For now though, I'm truly sorry you are unhappy with the current state of the WiFi Pineapple. I hope that over the next few weeks and months we can remedy this.

There won't be any new WiFi Pineapples this year, so you'll be fine to buy it now :)

This. If you are trying to boot it somehow else, it won't work.

It isn't - I think it was just an example of good practice. I'll make that more clear.

Next firmware :)

We'll take the secret to our graves.. maybe. Could very well be Darren, but my money is on Perin or Sara :D