Sebkinne Posted May 5, 2017 Share Posted May 5, 2017 Hey everyone, I wanted to see what the Bash Bunny community thinks about a tool (Win, MacOS, Linux) that would automatically update your payload repository on the Bash Bunny's mass storage partition. It would be run from your computer when the Bash Bunny is plugged in and automatically download the latest payloads, extensions, and languages. As a bonus, it could automatically download firmware upgrades to the mass storage partition to ensure the Bash Bunny is always up-to-date and that the updates are performed correctly. What do you currently do to update your payloads? Git clone + copy? Git clone directly to the partition? Download a .Zip of the repository? How regularly do you do this? Edit: Just to clear some things up: The tool would not run automatically when the Bash Bunny is plugged in, but would have to explicitly be launched by the user. The tool would be downloaded, placed on the root of the mass storage partition and executed from there. 1 Quote Link to comment Share on other sites More sharing options...
CynicalHeck Posted May 5, 2017 Share Posted May 5, 2017 For me I just usually copy the payloads I download from github onto my BB while its in arming mode, I regularly check to see if there are any new payloads and download them. Having a tool that can do that for me would be amazing, hopefully it will happen. :) Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 5, 2017 Share Posted May 5, 2017 (edited) Are you joking @Sebkinne?! I was trying so hard to do this with my WabbitWeb payload! I even made a forum post of how to download a specific folder in a Github repo so I could make an 'Updates' page that could automatically update the payloads library and WabbitWeb..Now I can! :D DO ITTTT! WabbitWeb - Pocket Knife edition here we come! Edited May 5, 2017 by Dave-ee Jones Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted May 5, 2017 Share Posted May 5, 2017 I git clone to my linux machine and pull over what I plan on using the most. Since I been working on the BBTPS I have been slowly converting those payloads to BunnyAgent compliant payloads and lining them up as job queues for different types of attack series to see what makes sense and what needs more tweaking. Quote Link to comment Share on other sites More sharing options...
b0N3z Posted May 5, 2017 Share Posted May 5, 2017 Usually just download the .zip when I notice a couple payloads have been updated and then trim down the payloads that I dont use and copy the library to the bunny. Quote Link to comment Share on other sites More sharing options...
hermanbreden Posted May 5, 2017 Share Posted May 5, 2017 usefull Quote Link to comment Share on other sites More sharing options...
RazerBlade Posted May 5, 2017 Share Posted May 5, 2017 Just do it. DO IT! Quote Link to comment Share on other sites More sharing options...
Niceday Posted May 5, 2017 Share Posted May 5, 2017 I download the zip sporadically as I try different ideas and each idea may use different tools (pineapple, VPS, VPN, BB, turtle, etc.) individually or in conjunction. So I find it easy to miss updates if not concentrating on BB. Auto download and manual implement is perfect, especially with firmware updates that may break some scripts. Quote Link to comment Share on other sites More sharing options...
Torrey Posted May 6, 2017 Share Posted May 6, 2017 (edited) Since I'm the only one that voted 'no', I'll admit it. I didn't think the idea brings enough value to spend time on it. There's already several ways to do what's being proposed, including a payload or two from the community. On the other hand if you're getting a ton of support requests from people breaking their bunny or being generally confused on how to update it may be worth the time investment. Edited May 6, 2017 by Torrey Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 6, 2017 Share Posted May 6, 2017 54 minutes ago, Torrey said: Since I'm the only one that voted 'no', I'll admit it. I didn't think the idea brings enough value to spend time on it. There's already several ways to do what's being proposed, including a payload or two from the community. On the other hand if you're getting a ton of support requests from people breaking their bunny or being generally confused on how to update it may be worth the time investment. We're posting on a forum that specialises in theoretical hacks. Not enough time for it either I guess... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.