Vert

its normal for the bunny to operate at 60-65C the chip is capable of over 100C.

as things stand with microsoft accounts and the bunny there is not really a way to do that but it is possible using the scripting system of the bunny as it can literally do anything a person can. i made a payload that exploits the inactive admin account on most win10 systems by simply activating it and putting a password on it but this requires admin access for at least a few seconds. i quickly realized the payloads that are provided are nothing more then examples & old proof of concepts and not to expect to walk up to any system and walk off with everything. not to say that you cant make your own scripts that can do anything you want them to. honestly it would be rather irresponsible for them to provide fully functional tools capable of breaking in to the latest security not to say the platform it self is not capable of such a thing. since they do not deliver the device ready to use with all the tools required built in to the firmware and everything ready to go the only conclusion is they have do so to protect them self's my distancing the product from its full capability's requiring you the end user to complete the process making it your responsibility for how its used. if you bought the bunny thinking there would be all these great payloads to use and you would not be making any of your own you may be in for a long wait the community is not very big, yet at least.

looking over the wiki and realizing you where a linux user i though it might be a bit confusing.

local accounts are on the system it self only microsoft accounts are linked to an email account and are regularly used in win10 as doing so links the account to the device and allows restoring of activation on multi devices. microsoft has pushed hard to make people use microsoft accounts generally the only way someone has a local account is if they don't have internet service but there are exceptions.

it should be noted none of the creds payloads work on microsoft accounts only local accounts. also note there are many ways to exploit systems with microsoft accounts but none in the official payloads.

are you copying the firmware to your system / or the bunny's / directory? when they say the root of the bunny there talking about where the payloads are same directory as where the version.txt is stored. i could imagine it getting confusing on a linux box let me know if you got it working i could think of several more possibility.

did you 2. Verify that the SHA256 checksum of the downloaded firmware files matches the checksum listed at bashbunny.com ?

agreed > https://wiki.bashbunny.com/#!downloads.md

whats your version.txt say?

when i got my bunny i upgraded directly to 1.3 and had no issues running any of the payloads besides missing dependency but it clearly lists them for each payload.

cool

any resin we don't use all the official sources for jessy? https://wiki.debian.org/SourcesList i added them to my bunny and several updated packages where offered. the aptitude package manager is also very handy for browsing any repo it offers both text and gui access.

hak5 is literally inviting people in there videos to do this kind of stuff and share it with the community and i did.

i personally installed Gnome/KDE/matchbox/cinnamon/xfce as i did not see any others in the repo and not one of them had any effect on reflashing several simply didnt work properly. i had intended to post screen shots of all the working GUIs but xfce is the only one that works mind you after 5 mins all connections are terminated likely due to a configuration not being where it should (common issue). not sure why the subject bothers you so much did you not state there never was a warranty anyways but i would note this is not a nooby friendly idea but then again i have 15 years+ experience with the linux platform and i never even consider these things. i find the outrage laughable this is nothing id hate to see the reaction to the cooling system & sdcard reader and a few other mods would be lol. is it hard to breath inside the box? o no i did unintended things with something i own maybe ill brush my teeth with it later who knows.

Ive installed several other desktop environments on the bunny also and all but xfce break the normal function of the bunny. (Gnome/KDE/matchbox/cinnamon) Its a simple fix drop the firmware file on the bunny and flash it again makes it like new again.

just installing packages from apt-get can void the warranty O.o use of any of the tools should do the same then as there not even part of the repo. fairly sure i voided the warranty anyway who can resist not cracking things open to see whats under the hood. Warning these 2 commands apparently void your warranty..... ------------------------------------------------------------------------------------------------------------------------------------------------------------------ apt-get install xfce4 tightvncserver vncserver

So after installing xfce & vnc from apt-get and running vncserver from console the result is access to desktop for about 5 mins then it locks up still not sure exactly why. I would note there are many posts from people with the same issue on many other platforms its not an issue limited to this platform.

sounds interesting and i welcome others to improve on what i started it seems like a good jumping off point / proof of concept.

im running a full xcfe on vnc right now with my bunny working just fine and a temp of 60-65 isn't very high for this chip. with a few apt-get install commands it works yes but it also has some problems that should be fixable with some configuration.

running 1.3 when i first plug in its around 50 but after a short time and running commands its 60-65 and once i seen it at 75. It likely does not help i have install a bunch of things and been fiddling with rdp in to the bunny with a full xfce desktop. perhaps rdp options could be added in later firmware versions all the packages seem to be in the repo.

if your wondering what the cpu temp of your bunny is you can run the following command in bash to find out. cat /sys/class/thermal/thermal_zone0/temp my bunny is generally 60-65 and feels rather warm to the touch.

the bunny is just automation tool it isn't good nor evil by it self its how you use it much like a hammer most use it for putting in nails but others have been known to cave in skulls with it the person using a tool is its master the tool is useless with out you to control it.

when you connect over rdp it pops a 30 sec window saying ok or cancel that another user is logging in it isn't very sneaky the way this is setup. if someone knows a better sneakier method it could be interesting as i noted my intent was legit usage for system repairs. my testing was performed on 2 windows 10 pro systems but i did add some older commands that should work with older versions of windows as far back as xp they remain untested.

The bat files posted above are the exact same as the compiled .exes in the final result so if you would rather compile the bats your self your welcome to do so. It might even be possible to use the bat files rather then the .exes with some changes to the payload but i did not test any of the payloads in this way.