Jump to content

[RELEASE] Bash Bunny 1.1


Darren Kitchen

Recommended Posts

Introducing Bash Bunny firmware v1.1
A feature packed firmware awaits Bash Bunny users just one month after release. We've excited to announce version 1.1, including many new features, conveniences, bug fixes and refined experiences.

The newly improved LED command adds patterns in addition to variable blinks, as well as standardized payload states for common stages such as setup, attack, cleanup and finish.

The Bash Bunny framework now includes support for extensions which augment the bunny scripting language with new commands and functions.

Tools can now be installed with ease by copying .deb packages or entire directories to the dedicated /tools folder on the flash drive in arming mode.

Updating ducky languages is now just a matter of copying json files to the dedicated /languages folder on the flash drive in arming mode.

Many more features, fixes and experiences in the full changelog - so hop on over to BashBunny.com/downloads and nab version 1.1 today! (\_/)

 

 

  • Upvote 12
Link to comment
Share on other sites

downlowd and flash as advertized,

thanks 1e6 Darren and Sebastian and all the unamed legion

anything to watch out for with regard of legacy payloads? or just go ahead and see how it turns out?

tools and laguages remained empty?

yak

Edited by Yak
Link to comment
Share on other sites

Pattern blinks?  I need this.  My dynamic payload deliverer I have run out of ideas for what status lights to have..at the same time I maybe overdoing it.  I call them from within the nodejs server to give statuses going on while the server is running so you know if something went booboo.

Link to comment
Share on other sites

Nice.  i was waiting for the DUCKY_LANG option, but there is still only us.json  .  :(

i need de.json

 


root@bunny:~# find / -name "*.json"
/usr/local/go/src/cmd/vendor/vendor.json
/usr/local/go/misc/chrome/gophertool/manifest.json
/usr/local/bunny/lib/languages/us.json
/usr/lib/python2.7/dist-packages/wheel/test/pydist-schema.json

 

Link to comment
Share on other sites

4 minutes ago, W4X7 said:

Nice.  i was waiting for the DUCKY_LANG option, but there is still only us.json  .  :(

i need de.json

 



root@bunny:~# find / -name "*.json"
/usr/local/go/src/cmd/vendor/vendor.json
/usr/local/go/misc/chrome/gophertool/manifest.json
/usr/local/bunny/lib/languages/us.json
/usr/lib/python2.7/dist-packages/wheel/test/pydist-schema.json

 

Create your own and place in languages folder ;)

Link to comment
Share on other sites

6 minutes ago, quack said:

it seems that the procedure to install the tools has changed. The script looks for /root/udisk/tools/*.deb

 

Great except that impacket and responder are not in .deb format .

 

You can simply take the contents of the tools_to_install folder in the tools_install payload.

You'll have this directory structure on your bash bunny (USB Storage):

tools -->
    ./responder/
    ./impacket/

Safely eject, make sure the device is in arming mode and insert. The BB will automatically copy the contents of the folder to /tools/. If you throw a deb in there, it will run `dpkg -i <your deb files>`

Link to comment
Share on other sites

3 minutes ago, Bryfi said:

Before I upgrade my BB, do previous 1.0 payloads become deprecated and unusable or you can still use Quack and Delay and GUI r

Don't worry about the payloads. All previous payloads should work. As far as I could tell, all LED statuses may not work; those that combine colors. (e.g. LED R B). Everything else seemed to worked fine. 

I updated my payload and pull request to make it more 'compatible' with the new firmware.

Edited by LowValueTarget
Link to comment
Share on other sites

is there a way to tell the version from within putty as I don't think my device is updating correctly?

I'm thinking something like a version command which would show current firmware installed. 

My banner is currently 

Linux bunny 3.4.39 #130 SMP PREEMPT Fri Feb 10 14:24:25 CST 2017 armv7l
           _____  _____  _____  _____     _____  _____  _____  _____  __ __
 (\___/)  | __  ||  _  ||   __||  |  |   | __  ||  |  ||   | ||   | ||  |  |
 (='.'=)  | __ -||     ||__   ||     |   | __ -||  |  || | | || | | ||_   _|
 (")_(")  |_____||__|__||_____||__|__|   |_____||_____||_|___||_|___|  |_|
 Bash Bunny by Hak5     USB Attack/Automation Platform
 

Link to comment
Share on other sites

Just now, LowValueTarget said:

Don't worry about the payloads. All previous payloads should work. As far as I could tell, all LED statuses may not work; those that combine colors. (e.g. LED R B). Everything else seemed to worked fine. 

I updated my payload and pull request to make it more 'compatible' with the new firmware.

Good to hear. I am still holding back upgrading temporarily due to the LED situation you mentioned. But I will upgrade eventually. Thank you!

Link to comment
Share on other sites

1 minute ago, zoro25 said:

is there a way to tell the version from within putty as I don't think my device is updating correctly?

I'm thinking something like a version command which would show current firmware installed. 

My banner is currently 

Linux bunny 3.4.39 #130 SMP PREEMPT Fri Feb 10 14:24:25 CST 2017 armv7l
           _____  _____  _____  _____     _____  _____  _____  _____  __ __
 (\___/)  | __  ||  _  ||   __||  |  |   | __  ||  |  ||   | ||   | ||  |  |
 (='.'=)  | __ -||     ||__   ||     |   | __ -||  |  || | | || | | ||_   _|
 (")_(")  |_____||__|__||_____||__|__|   |_____||_____||_|___||_|___|  |_|
 Bash Bunny by Hak5     USB Attack/Automation Platform
 

There should be a version.txt file in the root of the USB storage. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...