Jump to content

[RELEASE] Bash Bunny Firmware v1.4


Sebkinne

Recommended Posts

Posted

Hey everyone,

Version 1.4 of the Bash Bunny firmware is now available!

With it comes an important fix which will prevent the device from boot-looping when an invalid update file is put onto the root of the Bash Bunny's storage partition.

A bug in the Bash Bunny's QUACK command has also been fixed and all underlying packages have been updated.

Find all the fixes and features in the changelog and bounce on by to BashBunny.com/downloads for your devious device download (\_/)

Posted

Wonderful work you guys. :)

Posted

Hey awesome. I successfully recovered my looping bunny. I feel only slightly bad that I now have two working bunny's for the price of one. ;P will give this update a go when I get home. I've been brushing the dust off my pineapple today! It's a good day! Squirrel on the way. Updates galore... Definitely a good day. 

Posted
6 hours ago, UnLo said:

Hey awesome. I successfully recovered my looping bunny. I feel only slightly bad that I now have two working bunny's for the price of one. ;P will give this update a go when I get home. I've been brushing the dust off my pineapple today! It's a good day! Squirrel on the way. Updates galore... Definitely a good day. 

Sounds like you've made up for it with the amount of Hak5 gear you have, haha.

Posted
Just now, Dave-ee Jones said:

Sounds like you've made up for it with the amount of Hak5 gear you have, haha.

my thoughts were 'hey, they hooked it up with an extra bunny when they didn't know how to fix the loop, might as well re-invest in a company that has my back' plus Xtra Stickers! duh!

Posted
14 hours ago, Foxtrot said:

ADB as in Android Development Bridge? It should already be available via apt.

 

(Not quite sure why you would want this?)

Reason ADB would be useful for a BashBunny would be OTG Android attacks.. You could possibly pull info just like "PasswordGrabber" if the Target Android already has Android Debugging Enabled. Can do alot more then that tho... Reset PIN Codes, Pull SMS's, Contacts, Emails, you name it.. 

But I'll shut up now. :happy:

Posted
7 minutes ago, Ar1k88 said:

Reason ADB would be useful for a BashBunny would be OTG Android attacks.. You could possibly pull info just like "PasswordGrabber" if the Target Android already has Android Debugging Enabled. Can do alot more then that tho... Reset PIN Codes, Pull SMS's, Contacts, Emails, you name it.. 

But I'll shut up now. :happy:

That's true, but there aren't many people with debugging enabled. Those that are are either people like us (enthusiasts, pentesters, hackers) or someone who had a rooted Android (again, usually people like us) and the people like us usually know how to defend themselves or at least prevent these attacks from happening on their phone.

So the chances of ADB hacking being useful is like..1 in 100, if that.

Posted
6 minutes ago, Dave-ee Jones said:

That's true, but there aren't many people with debugging enabled. Those that are are either people like us (enthusiasts, pentesters, hackers) or someone who had a rooted Android (again, usually people like us) and the people like us usually know how to defend themselves or at least prevent these attacks from happening on their phone.

So the chances of ADB hacking being useful is like..1 in 100.

Also true, But with the Bashbunny and some cleaver scripting, you could make the BashBunny turn on Debugging for you if you know the model of the target phone.. *coughcough*

I think I've seen a HID script to bypass lockscreens too. So really just depends on the Programmer.

(P.S.- Ive used it to enabled debugging on a broken LCD screen phone using just a HID ducky script)

Posted
13 minutes ago, Ar1k88 said:

Also true, But with the Bashbunny and some cleaver scripting, you could make the BashBunny turn on Debugging for you if you know the model of the target phone.. *coughcough*

I think I've seen a HID script to bypass lockscreens too. So really just depends on the Programmer.

(P.S.- Ive used it to enabled debugging on a broken LCD screen phone using just a HID ducky script)

Mmm, but then that narrows the amount of 'hackable' phones down even further because they need to have either a 4-digit PIN (spam 'em all with HID) or a password (which may not work because there's so many possibilities..). I myself have a pattern lock which (as far as I know) is unhackable with HID because..well, it's a pattern lock.

Posted

The amazon firetv meterpeter payload, didn't it use adb? Even though I think there are slim chances that people will have debugging enabled on their phones, one more attack vector can't be that bud, huh?

Posted
18 hours ago, Darren Kitchen said:

Actually ADB may be a possible attack vector against some IoT junk

Something like this?

I've noticed some simple commands that can do some weird stuff..E.g.:

'adb connect <IP>' works on some IoT devices, though I don't see why a microphone/lamp needs an IP..:blink:
Some people are saying that there are fridges and other kitchen appliances that work on the network for remote management..seems like a bad idea, interesting to pentest if you use ADB or something, true.

  • 4 weeks later...
Posted
On 10/25/2017 at 8:31 AM, Dave-ee Jones said:

Something like this?

I've noticed some simple commands that can do some weird stuff..E.g.:

'adb connect <IP>' works on some IoT devices, though I don't see why a microphone/lamp needs an IP..:blink:
Some people are saying that there are fridges and other kitchen appliances that work on the network for remote management..seems like a bad idea, interesting to pentest if you use ADB or something, true.

3

There is are two Samsung fridges with full-blown Android Tablets in them. RF23M8590SG/AA and RF23M8570SG/AA.

  • 2 weeks later...
Posted

Whenever i use the bashbunny updater, it says that it has updated successfully, but then when i eject and plug back in, it blinks "police" pattern, and i can not use it. I then have to go to switch one, and after the green startup goes away switch it to arming like you said. I try and update again, but the same exact thing happens!! Please help?

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...