Jump to content

Recommended Posts

Other then a a separate shell, what makes this better then a couple duckys? It has 8gb of storage and two states of attack which cut the storage more, just curious what ppl have to say about this device not having native support for extra memory, is it an issue? Forget the shell for a min how is this better then a couple duckys?

Link to comment
Share on other sites

The Bash Bunny differs from the USB Rubber Ducky in a number of ways.

While it's compatible with Ducky Script and supports a HID attack mode, that's only one of the 5 current attack vectors it supports.  

The USB Rubber Ducky is capable of executing payloads faster than the Bash Bunny (0.1 seconds vs 7 seconds).

It's also more economically (less than half the cost thanks to economies of scale).

And very importantly, the USB Rubber Ducky is far more covert (with its generic flash drive case).

For social engineering ops, USB drops and attacks which require the target to plug in the drive, I'd say the USB Rubber Ducky will continue to be the gold standard.

But don't take my word for it - just ask the CIA ;) #HarpyEagle https://wikileaks.org/ciav7p1/cms/page_20873532.html

  • Upvote 2
Link to comment
Share on other sites

I can have multiple payloads that I can swap on the fly without having to organize with a bunch of duckies. I can improvise based on the needs of the operation. In theory, I can have the bunbun react to the situation because it has some thought power behind what it's doing. In theory, I could decrypt hashes and modify my attack vector in front of the machine without having to make a second pass at the target.

 

Besides, go try and run a webserver on a Ducky. Let me know how that works out for you. One runs Linux, the other is a microcontroller.

 

 

Edited by incendiarySolution
added Snark
Link to comment
Share on other sites

3 hours ago, Darren Kitchen said:

The Bash Bunny differs from the USB Rubber Ducky in a number of ways.

While it's compatible with Ducky Script and supports a HID attack mode, that's only one of the 5 current attack vectors it supports.  

The USB Rubber Ducky is capable of executing payloads faster than the Bash Bunny (0.1 seconds vs 7 seconds).

It's also more economically (less than half the cost thanks to economies of scale).

And very importantly, the USB Rubber Ducky is far more covert (with its generic flash drive case).

For social engineering ops, USB drops and attacks which require the target to plug in the drive, I'd say the USB Rubber Ducky will continue to be the gold standard.

But don't take my word for it - just ask the CIA ;) #HarpyEagle https://wikileaks.org/ciav7p1/cms/page_20873532.html

" The USBRubberDucky is well crafted both through its software and hardware. The software has a nice interface for users and comes with a good amount of documentation/examples online. "

Congratulations Darren! What a glowing endorsement!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...