[RELEASE] Bash Bunny 1.1

[Darren Kitchen]

Introducing Bash Bunny firmware v1.1
A feature packed firmware awaits Bash Bunny users just one month after release. We've excited to announce version 1.1, including many new features, conveniences, bug fixes and refined experiences.

The newly improved LED command adds patterns in addition to variable blinks, as well as standardized payload states for common stages such as setup, attack, cleanup and finish.

The Bash Bunny framework now includes support for extensions which augment the bunny scripting language with new commands and functions.

Tools can now be installed with ease by copying .deb packages or entire directories to the dedicated /tools folder on the flash drive in arming mode.

Updating ducky languages is now just a matter of copying json files to the dedicated /languages folder on the flash drive in arming mode.

Many more features, fixes and experiences in the full changelog - so hop on over to BashBunny.com/downloads and nab version 1.1 today! (\_/)

 

 

[Sebkinne]

First! :)

[b0N3z]

Cant wait to flash it. 

[Just_a_User]

Nice one, cheers!

[qdba]

Very nice!!  Now let us rewrite some payloads ;-)

[korang]

OK, flash went smoothly...

[Yak]

downlowd and flash as advertized,

thanks 1e6 Darren and Sebastian and all the unamed legion

anything to watch out for with regard of legacy payloads? or just go ahead and see how it turns out?

tools and laguages remained empty?

yak

Edited April 6, 2017 by Yak

[CastleBrav0]

will there be backwards compatibility issues with 1.0v written payloads?

[nwlutz]

Could a flash-able version of firmware 1.1 be posted so those wanting to go back can, or is this not something planned?

[PoSHMagiC0de]

Pattern blinks?  I need this.  My dynamic payload deliverer I have run out of ideas for what status lights to have..at the same time I maybe overdoing it.  I call them from within the nodejs server to give statuses going on while the server is running so you know if something went booboo.

[LowValueTarget]

What does a solid blue light after the red blinking light mean?

EDIT: Assuming that means it failed. I believe the file wasn't 100% copied.

Edited April 6, 2017 by LowValueTarget

[W4X7]

Nice.  i was waiting for the DUCKY_LANG option, but there is still only us.json  .  :(

i need de.json

 

root@bunny:~# find / -name "*.json"
/usr/local/go/src/cmd/vendor/vendor.json
/usr/local/go/misc/chrome/gophertool/manifest.json
/usr/local/bunny/lib/languages/us.json
/usr/lib/python2.7/dist-packages/wheel/test/pydist-schema.json

 

[WatskeBart]

4 minutes ago, W4X7 said:

Nice.  i was waiting for the DUCKY_LANG option, but there is still only us.json  .  :(

i need de.json

 

root@bunny:~# find / -name "*.json"
/usr/local/go/src/cmd/vendor/vendor.json
/usr/local/go/misc/chrome/gophertool/manifest.json
/usr/local/bunny/lib/languages/us.json
/usr/lib/python2.7/dist-packages/wheel/test/pydist-schema.json

 

Create your own and place in languages folder ;)

[W4X7]

its so mutch work.... no one else with more time to create one for me ?  ^_^'

[WatskeBart]

7 minutes ago, W4X7 said:

its so mutch work.... no one else with more time to create one for me ?  ^_^'

If you do want to start making your own de.json, look at this thread from @elkentaro

[quack]

it seems that the procedure to install the tools has changed. The script looks for /root/udisk/tools/*.deb

 

Great except that impacket and responder are not in .deb format .

 

[Bryfi]

Before I upgrade my BB, do previous 1.0 payloads become deprecated and unusable or you can still use Quack and Delay and GUI r

[Idefix]

Hello

Great work!

Why is the RUN Variable for Linux OS UNITY and not simply LINUX or GNOME or ....

Unity is dead

Kali Linux use Gnome!

I'm confused

[LowValueTarget]

6 minutes ago, quack said:

it seems that the procedure to install the tools has changed. The script looks for /root/udisk/tools/*.deb

 

Great except that impacket and responder are not in .deb format .

 

You can simply take the contents of the tools_to_install folder in the tools_install payload.

You'll have this directory structure on your bash bunny (USB Storage):

tools -->
    ./responder/
    ./impacket/

Safely eject, make sure the device is in arming mode and insert. The BB will automatically copy the contents of the folder to /tools/. If you throw a deb in there, it will run `dpkg -i <your deb files>`

[henri67]

Hi all, I have a problem.
I have the new firmware on my Bash Bunny
But he does nothing.
How can I restore the old firmware?

[LowValueTarget]

3 minutes ago, Bryfi said:

Before I upgrade my BB, do previous 1.0 payloads become deprecated and unusable or you can still use Quack and Delay and GUI r

Don't worry about the payloads. All previous payloads should work. As far as I could tell, all LED statuses may not work; those that combine colors. (e.g. LED R B). Everything else seemed to worked fine. 

I updated my payload and pull request to make it more 'compatible' with the new firmware.

Edited April 6, 2017 by LowValueTarget

[zoro25]

is there a way to tell the version from within putty as I don't think my device is updating correctly?

I'm thinking something like a version command which would show current firmware installed. 

My banner is currently 

Linux bunny 3.4.39 #130 SMP PREEMPT Fri Feb 10 14:24:25 CST 2017 armv7l
           _____  _____  _____  _____     _____  _____  _____  _____  __ __
 (\___/)  | __  ||  _  ||   __||  |  |   | __  ||  |  ||   | ||   | ||  |  |
 (='.'=)  | __ -||     ||__   ||     |   | __ -||  |  || | | || | | ||_   _|
 (")_(")  |_____||__|__||_____||__|__|   |_____||_____||_|___||_|___|  |_|
 Bash Bunny by Hak5     USB Attack/Automation Platform
 

[Bryfi]

Just now, LowValueTarget said:

Don't worry about the payloads. All previous payloads should work. As far as I could tell, all LED statuses may not work; those that combine colors. (e.g. LED R B). Everything else seemed to worked fine. 

I updated my payload and pull request to make it more 'compatible' with the new firmware.

Good to hear. I am still holding back upgrading temporarily due to the LED situation you mentioned. But I will upgrade eventually. Thank you!

[LowValueTarget]

1 minute ago, zoro25 said:

is there a way to tell the version from within putty as I don't think my device is updating correctly?

I'm thinking something like a version command which would show current firmware installed. 

My banner is currently 

Linux bunny 3.4.39 #130 SMP PREEMPT Fri Feb 10 14:24:25 CST 2017 armv7l
           _____  _____  _____  _____     _____  _____  _____  _____  __ __
 (\___/)  | __  ||  _  ||   __||  |  |   | __  ||  |  ||   | ||   | ||  |  |
 (='.'=)  | __ -||     ||__   ||     |   | __ -||  |  || | | || | | ||_   _|
 (")_(")  |_____||__|__||_____||__|__|   |_____||_____||_|___||_|___|  |_|
 Bash Bunny by Hak5     USB Attack/Automation Platform
 

There should be a version.txt file in the root of the USB storage. 

[zoro25]

Nope that's missing. :-(