ju663rn4u7 Posted August 18, 2017 Share Posted August 18, 2017 Ran the BlackBackup payload and I might have pulled the BB while it was doing stuff. I think the loot folder got corrupted and now nothing will delete from the directory. Any help would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
ju663rn4u7 Posted August 18, 2017 Author Share Posted August 18, 2017 Even just some Restore/Recovery instructions would be handy. I can't seem to find any. Quote Link to comment Share on other sites More sharing options...
ju663rn4u7 Posted August 18, 2017 Author Share Posted August 18, 2017 This needs to be in the wiki. Restore the Bash Bunny from the recovery partition: Set the Bash Bunny switch to position 3 (arming mode) Plug the Bash Bunny into a USB power source. The LED will momentarily light green. As soon as the LED goes off, unplug the Bash Bunny. Repeat the previous step twice more (for a total of 3 times) Plug the Bash Bunny into a USB power source and leave for 4 minutes. The LED will light RED to indicate recovery. When the light returns to BLUE blinking, the Bash Bunny has recovered. Quote Link to comment Share on other sites More sharing options...
ju663rn4u7 Posted August 18, 2017 Author Share Posted August 18, 2017 Ok, that didn't fix my problem. But I got the bright idea to jump on OSX and it deleted. Problem solved. Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted August 21, 2017 Share Posted August 21, 2017 On 8/19/2017 at 7:33 AM, ju663rn4u7 said: This needs to be in the wiki. Restore the Bash Bunny from the recovery partition: Set the Bash Bunny switch to position 3 (arming mode) Plug the Bash Bunny into a USB power source. The LED will momentarily light green. As soon as the LED goes off, unplug the Bash Bunny. Repeat the previous step twice more (for a total of 3 times) Plug the Bash Bunny into a USB power source and leave for 4 minutes. The LED will light RED to indicate recovery. When the light returns to BLUE blinking, the Bash Bunny has recovered. That is in the wiki XD Quote Link to comment Share on other sites More sharing options...
ju663rn4u7 Posted August 21, 2017 Author Share Posted August 21, 2017 No, it's not. This is: Firmware Recovery If the Bash Bunny fails to boot more than 3 times, it will automatically enter recovery mode. The LED will blink red while the file system is replaced by the backup partition. DO NOT UNPLUG THE BASH BUNNY DURING RECOVERY This process takes about 3 minutes. When complete, the Bash Bunny will reboot as indicated by the blinking green LED. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted August 21, 2017 Share Posted August 21, 2017 Anyone is welcome to make changes to the wiki by sending a PR to https://github.com/hak5/bashbunny-wiki. Quote Link to comment Share on other sites More sharing options...
ju663rn4u7 Posted August 21, 2017 Author Share Posted August 21, 2017 25 minutes ago, Sebkinne said: Anyone is welcome to make changes to the wiki by sending a PR to https://github.com/hak5/bashbunny-wiki. Thanks! Quote Link to comment Share on other sites More sharing options...
RayMan Posted August 30, 2017 Share Posted August 30, 2017 So wondering if someone can help on this same topic. I'm new to the BB. First day I got it. I ran the USB_Exfiltration on my home system (win7). It worked after a couple of tries. But now I do not have any write or delete permissions to the BB. I can't delete the loot folder or anything inside it. I put it in my kali system and was able to delete the folders. Reinserted into my windows box and a .Trash-0 folder now shows up with all the looted directories and files which cannot be deleted. I tried to perform the recovery. It goes through the process according to the LED's and when completed and blinking blue all the directories are still in tack to include the loot directory and I still do not have access to the BB. I tried to copy of the updater in windows and in Linux both will not run and give me an error that the BB is write protected. Any help would be great. I hope I did not brick this thing. Quote Link to comment Share on other sites More sharing options...
RayMan Posted August 30, 2017 Share Posted August 30, 2017 Ok I wanted to give an update on this. Maybe it can help some?? I was working on my BB at work, our system drives are encrypted and USB disabled via group policy. The bunny was able to be seen in the system as a drive for our systems. Which is normal. But if you use a normal usb drive you will not be able to access it. I was able to access the BB partition and write to it. But that's where the problem started. Once it was written too the drive became write protected and nothing could be added, removed or renamed. I took the drive home and was able to add, remove, rename anything I wanted to a certain extent. I did move the drive while at work to a kali box which allowed me to remove some files and folders. But once I plugged it back into a windows box I now had a .Trash-0 folder of which I can not remove on a windows system. It does not show up on a linux system. But at least I was able to figure out the BB is not a brick. Quote Link to comment Share on other sites More sharing options...
Alienwithin Posted March 5, 2019 Share Posted March 5, 2019 This worked for me I simply opened the drive on deleting checking debug info you would see an error with the following reference 🙂 0x80004005; So This error requires you to simply repair disk so right click on the bunny->properties->tools->Error Cheking->Check; when complete you should be able to delete. 🙂 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.