Sebkinne

:)

We are excited to announce the Bash Bunny Firmware v1.2! With it we fixed a couple of big bugs (payloads getting cancelled after 1.5 minutes and RNDIS not working with other attackmodes), and added a new RO_STORAGE attackmode. We also added a new command to QUACK, and now allow some settings such as the ducky language to be set in a config.txt file. More features, fixes and experiences in the full changelog - so hop on over to BashBunny.com/downloads and nab version 1.2 today!

Ah, in that case you could connect them up via the ethernet cable and run the wp5.sh script on the Pi. The rest is up to you :)

Depending on what I hear from Darren today we'll either release 1.2 and 1.3-RC1 (with this issue hopefully fixed), or roll it all into 1.3 and release that. Keep an eye out for the new thread.

Hi @esa, I usually just use Sublime Text 3, but Atom is a pretty good free (and open source) alternative. They can both be setup to be very IDE like, but I have to admit they do not really get close to what Jetbrains has to offer. Having used PHPStorm in the past, I still do most of my Pineapple coding in Sublime as most of the features PHPStorm offers are not too relevant here or are available via plugins in both Sublime and Atom. It does take some time to setup and configure the way you want it, but it's definitely worth it.

You probably don't want to actually run certbot on the WiFi Pineapple directly. Instead, you'd run it on a real server that you point a domain towards. Say "mda1125pineapple.com". Now you get a valid SSL certificate that you can install on your WiFi Pineapple, as long as you also resolve all DNS queries for mda1125pineapple.com to your pineapple (you can do that by either spoofing all DNS requests or setting the A record of the domain to 172.16.42.1). This would give you a valid SSL certifciate when connecting to your WiFi Pineapple, but is probably a lot of hassle (as you have to do it every 3 months), and it requires your Pineapple has an internet connection.

Hi Odeon, The WiFi Pineapple software cannot be run on a RaspberryPi.

When LEDE split off from OpenWrt I was pretty set on moving to LEDE (thought it would take some time to move everything over). The reasoning behind it being that LEDE is more up-to-date than OpenWrt with a more stable future, and that the developers that formed LEDE were the ones I had previously interacted with / that work on the architectures used in most of our products. That was until I heard that OpenWrt and LEDE may be joining back together (mailinglist in December). I know this hasn't happened yet and I don't know the current status, but I wanted to wait it out before duplicating the work to first move to LEDE and then back to OpenWrt. By the looks of it, LEDE may simply co-exist with OpenWrt and sources are shared between the two parties. If that stays the case, we will most likely make the switch, but it still depends on a bunch of other factors.

Hi TechnafellerSlim, At the moment with the current hardware this is not likely to happen.

I think we may have a solution for this in 1.2, I'll check it out tonight :)

Once I get a tiny bit of time I'll ship a newer version of libpcap with a new firmware that'll fix the issue.

Currently we only have us.json in our repository, but we'd be happy to accept any Pull Requests for new languages to our repository.

If you want to do this the easy way, simply serial / SSH into your Bash Bunny and execute the following command: For firmware v1.1: reformat_udisk For Firmware v1.2+: udisk reformat That will ensure that the partition is cleaned and formatted correctly. Please note that it will delete all files that are not there by default from the mass storage partition.

Hi Runnerinmask, The Bash Bunny is usually used with a combination of attackmodes. One example would be HID and storage. You would not directly get execution on the target machine, but execute some code using the HID attack first, possibly launching code from the mass storage partition of the Bash Bunny.

Currently, you can update from any firmware to a higher version without having to go through the update chain. This MAY change in the future but is highly unlikely. We do not allow downgrades through the update mechanism, but factory resetting your Bash Bunny will always restore firmware v1.0. Again, this may change in the future for newly produced Bash Bunnies, but currently this is not planned.

A fix is in the works for v1.3. Firmware v1.2 is currently undergoing some last testing.

We are currently catching up on tickets, sorry for the delay.

The Bash Bunny should not overheat under normal conditions. The Bash Bunny has a some heat dispersing gel on some of the chips, a heatsink is not required (the units in seen in the video are pre-production units to which I badly soldered some serial leads). There should be no need to drill holes in the case. I have also made this PSA before, but putting the Bash Bunny into a new case can be risky because of the high heat. 3D printing for example is probably not a good idea as that will most likely melt or warp under normal operating temperature. Saying that, if your Bash Bunny melted, that's probably due to a hardware defect and it should be exchanged (https://hakshop.com/contact). We'll of course replace them.

Serial / ssh into the bash bunny and run the "reformat_udisk" command. WARNING: this erases all files on the device, but it will fix any mounting issues (at least if the issue lies with the bash bunny).

Nope, it's still there and works for me. I tested using a few different connections too.

You also need to set the systemd kill mode to process instead or the default process group. Should have the update out tomorrow with these fixes in place.

We are in the process of doing this.

Setting a hard timeout means that we have to decide on a ceiling number and I don't really want to limit payload developers. If you want to make a payload that runs for days, that should be possible without getting killed.. Other than that, we could check the return code of a payload and inform the user that there was an issue.

Would love to get a PR from you with the ja.json :)

Hi Basi, Please see the following thread for more information: