Sebkinne Posted October 23, 2017 Posted October 23, 2017 Hey everyone, Version 1.4 of the Bash Bunny firmware is now available! With it comes an important fix which will prevent the device from boot-looping when an invalid update file is put onto the root of the Bash Bunny's storage partition. A bug in the Bash Bunny's QUACK command has also been fixed and all underlying packages have been updated. Find all the fixes and features in the changelog and bounce on by to BashBunny.com/downloads for your devious device download (\_/)
Foxtrot Posted October 23, 2017 Posted October 23, 2017 ADB as in Android Development Bridge? It should already be available via apt. (Not quite sure why you would want this?)
UnLo Posted October 23, 2017 Posted October 23, 2017 Hey awesome. I successfully recovered my looping bunny. I feel only slightly bad that I now have two working bunny's for the price of one. ;P will give this update a go when I get home. I've been brushing the dust off my pineapple today! It's a good day! Squirrel on the way. Updates galore... Definitely a good day.
Dave-ee Jones Posted October 23, 2017 Posted October 23, 2017 6 hours ago, UnLo said: Hey awesome. I successfully recovered my looping bunny. I feel only slightly bad that I now have two working bunny's for the price of one. ;P will give this update a go when I get home. I've been brushing the dust off my pineapple today! It's a good day! Squirrel on the way. Updates galore... Definitely a good day. Sounds like you've made up for it with the amount of Hak5 gear you have, haha.
UnLo Posted October 23, 2017 Posted October 23, 2017 Just now, Dave-ee Jones said: Sounds like you've made up for it with the amount of Hak5 gear you have, haha. my thoughts were 'hey, they hooked it up with an extra bunny when they didn't know how to fix the loop, might as well re-invest in a company that has my back' plus Xtra Stickers! duh!
InfoSecREDD Posted October 23, 2017 Posted October 23, 2017 14 hours ago, Foxtrot said: ADB as in Android Development Bridge? It should already be available via apt. (Not quite sure why you would want this?) Reason ADB would be useful for a BashBunny would be OTG Android attacks.. You could possibly pull info just like "PasswordGrabber" if the Target Android already has Android Debugging Enabled. Can do alot more then that tho... Reset PIN Codes, Pull SMS's, Contacts, Emails, you name it.. But I'll shut up now.
Dave-ee Jones Posted October 23, 2017 Posted October 23, 2017 7 minutes ago, Ar1k88 said: Reason ADB would be useful for a BashBunny would be OTG Android attacks.. You could possibly pull info just like "PasswordGrabber" if the Target Android already has Android Debugging Enabled. Can do alot more then that tho... Reset PIN Codes, Pull SMS's, Contacts, Emails, you name it.. But I'll shut up now. That's true, but there aren't many people with debugging enabled. Those that are are either people like us (enthusiasts, pentesters, hackers) or someone who had a rooted Android (again, usually people like us) and the people like us usually know how to defend themselves or at least prevent these attacks from happening on their phone. So the chances of ADB hacking being useful is like..1 in 100, if that.
InfoSecREDD Posted October 23, 2017 Posted October 23, 2017 6 minutes ago, Dave-ee Jones said: That's true, but there aren't many people with debugging enabled. Those that are are either people like us (enthusiasts, pentesters, hackers) or someone who had a rooted Android (again, usually people like us) and the people like us usually know how to defend themselves or at least prevent these attacks from happening on their phone. So the chances of ADB hacking being useful is like..1 in 100. Also true, But with the Bashbunny and some cleaver scripting, you could make the BashBunny turn on Debugging for you if you know the model of the target phone.. *coughcough* I think I've seen a HID script to bypass lockscreens too. So really just depends on the Programmer. (P.S.- Ive used it to enabled debugging on a broken LCD screen phone using just a HID ducky script)
Dave-ee Jones Posted October 23, 2017 Posted October 23, 2017 13 minutes ago, Ar1k88 said: Also true, But with the Bashbunny and some cleaver scripting, you could make the BashBunny turn on Debugging for you if you know the model of the target phone.. *coughcough* I think I've seen a HID script to bypass lockscreens too. So really just depends on the Programmer. (P.S.- Ive used it to enabled debugging on a broken LCD screen phone using just a HID ducky script) Mmm, but then that narrows the amount of 'hackable' phones down even further because they need to have either a 4-digit PIN (spam 'em all with HID) or a password (which may not work because there's so many possibilities..). I myself have a pattern lock which (as far as I know) is unhackable with HID because..well, it's a pattern lock.
Darren Kitchen Posted October 24, 2017 Posted October 24, 2017 Actually ADB may be a possible attack vector against some IoT junk
RazerBlade Posted October 24, 2017 Posted October 24, 2017 The amazon firetv meterpeter payload, didn't it use adb? Even though I think there are slim chances that people will have debugging enabled on their phones, one more attack vector can't be that bud, huh?
Dave-ee Jones Posted October 24, 2017 Posted October 24, 2017 18 hours ago, Darren Kitchen said: Actually ADB may be a possible attack vector against some IoT junk Something like this? I've noticed some simple commands that can do some weird stuff..E.g.: 'adb connect <IP>' works on some IoT devices, though I don't see why a microphone/lamp needs an IP.. Some people are saying that there are fridges and other kitchen appliances that work on the network for remote management..seems like a bad idea, interesting to pentest if you use ADB or something, true.
Irukandji Posted November 18, 2017 Posted November 18, 2017 On 10/25/2017 at 8:31 AM, Dave-ee Jones said: Something like this? I've noticed some simple commands that can do some weird stuff..E.g.: 'adb connect <IP>' works on some IoT devices, though I don't see why a microphone/lamp needs an IP.. Some people are saying that there are fridges and other kitchen appliances that work on the network for remote management..seems like a bad idea, interesting to pentest if you use ADB or something, true. 3 There is are two Samsung fridges with full-blown Android Tablets in them. RF23M8590SG/AA and RF23M8570SG/AA.
levic08 Posted November 27, 2017 Posted November 27, 2017 Whenever i use the bashbunny updater, it says that it has updated successfully, but then when i eject and plug back in, it blinks "police" pattern, and i can not use it. I then have to go to switch one, and after the green startup goes away switch it to arming like you said. I try and update again, but the same exact thing happens!! Please help?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.