Vert

its normal for the bunny to operate at 60-65C the chip is capable of over 100C.

as things stand with microsoft accounts and the bunny there is not really a way to do that but it is possible using the scripting system of the bunny as it can literally do anything a person can. i made a payload that exploits the inactive admin account on most win10 systems by simply activating it and putting a password on it but this requires admin access for at least a few seconds. i quickly realized the payloads that are provided are nothing more then examples & old proof of concepts and not to expect to walk up to any system and walk off with everything. not to say that you cant make your own scripts that can do anything you want them to. honestly it would be rather irresponsible for them to provide fully functional tools capable of breaking in to the latest security not to say the platform it self is not capable of such a thing. since they do not deliver the device ready to use with all the tools required built in to the firmware and everything ready to go the only conclusion is they have do so to protect them self's my distancing the product from its full capability's requiring you the end user to complete the process making it your responsibility for how its used. if you bought the bunny thinking there would be all these great payloads to use and you would not be making any of your own you may be in for a long wait the community is not very big, yet at least.

looking over the wiki and realizing you where a linux user i though it might be a bit confusing.

local accounts are on the system it self only microsoft accounts are linked to an email account and are regularly used in win10 as doing so links the account to the device and allows restoring of activation on multi devices. microsoft has pushed hard to make people use microsoft accounts generally the only way someone has a local account is if they don't have internet service but there are exceptions.

it should be noted none of the creds payloads work on microsoft accounts only local accounts. also note there are many ways to exploit systems with microsoft accounts but none in the official payloads.

are you copying the firmware to your system / or the bunny's / directory? when they say the root of the bunny there talking about where the payloads are same directory as where the version.txt is stored. i could imagine it getting confusing on a linux box let me know if you got it working i could think of several more possibility.

did you 2. Verify that the SHA256 checksum of the downloaded firmware files matches the checksum listed at bashbunny.com ?

agreed > https://wiki.bashbunny.com/#!downloads.md

whats your version.txt say?

when i got my bunny i upgraded directly to 1.3 and had no issues running any of the payloads besides missing dependency but it clearly lists them for each payload.

cool

any resin we don't use all the official sources for jessy? https://wiki.debian.org/SourcesList i added them to my bunny and several updated packages where offered. the aptitude package manager is also very handy for browsing any repo it offers both text and gui access.

hak5 is literally inviting people in there videos to do this kind of stuff and share it with the community and i did.

i personally installed Gnome/KDE/matchbox/cinnamon/xfce as i did not see any others in the repo and not one of them had any effect on reflashing several simply didnt work properly. i had intended to post screen shots of all the working GUIs but xfce is the only one that works mind you after 5 mins all connections are terminated likely due to a configuration not being where it should (common issue). not sure why the subject bothers you so much did you not state there never was a warranty anyways but i would note this is not a nooby friendly idea but then again i have 15 years+ experience with the linux platform and i never even consider these things. i find the outrage laughable this is nothing id hate to see the reaction to the cooling system & sdcard reader and a few other mods would be lol. is it hard to breath inside the box? o no i did unintended things with something i own maybe ill brush my teeth with it later who knows.