Jump to content

[RELEASE] Bash Bunny Firmware v1.4

Sebkinne

By Sebkinne
in Bash Bunny

 Share

Recommended Posts

Sebkinne Grand Master

Sebkinne

Posted
Posted

Hey everyone,

Version 1.4 of the Bash Bunny firmware is now available!

With it comes an important fix which will prevent the device from boot-looping when an invalid update file is put onto the root of the Bash Bunny's storage partition.

A bug in the Bash Bunny's QUACK command has also been fixed and all underlying packages have been updated.

Find all the fixes and features in the changelog and bounce on by to BashBunny.com/downloads for your devious device download (\_/)

  • Like 6
Link to comment
Share on other sites
UnLo Newbie

UnLo

Posted
Posted

Hey awesome. I successfully recovered my looping bunny. I feel only slightly bad that I now have two working bunny's for the price of one. ;P will give this update a go when I get home. I've been brushing the dust off my pineapple today! It's a good day! Squirrel on the way. Updates galore... Definitely a good day. 

Link to comment
Share on other sites
Dave-ee Jones Newbie

Dave-ee Jones

Posted
Posted
6 hours ago, UnLo said:

Hey awesome. I successfully recovered my looping bunny. I feel only slightly bad that I now have two working bunny's for the price of one. ;P will give this update a go when I get home. I've been brushing the dust off my pineapple today! It's a good day! Squirrel on the way. Updates galore... Definitely a good day. 

Sounds like you've made up for it with the amount of Hak5 gear you have, haha.

Link to comment
Share on other sites
UnLo Newbie

UnLo

Posted
Posted
Just now, Dave-ee Jones said:

Sounds like you've made up for it with the amount of Hak5 gear you have, haha.

my thoughts were 'hey, they hooked it up with an extra bunny when they didn't know how to fix the loop, might as well re-invest in a company that has my back' plus Xtra Stickers! duh!

Link to comment
Share on other sites
InfoSecREDD Newbie

InfoSecREDD

Posted
Posted (edited)
14 hours ago, Foxtrot said:

ADB as in Android Development Bridge? It should already be available via apt.

 

(Not quite sure why you would want this?)

Reason ADB would be useful for a BashBunny would be OTG Android attacks.. You could possibly pull info just like "PasswordGrabber" if the Target Android already has Android Debugging Enabled. Can do alot more then that tho... Reset PIN Codes, Pull SMS's, Contacts, Emails, you name it.. 

But I'll shut up now. :happy:

Edited by Ar1k88
  • Like 1
Link to comment
Share on other sites
Dave-ee Jones Newbie

Dave-ee Jones

Posted
Posted (edited)
7 minutes ago, Ar1k88 said:

Reason ADB would be useful for a BashBunny would be OTG Android attacks.. You could possibly pull info just like "PasswordGrabber" if the Target Android already has Android Debugging Enabled. Can do alot more then that tho... Reset PIN Codes, Pull SMS's, Contacts, Emails, you name it.. 

But I'll shut up now. :happy:

That's true, but there aren't many people with debugging enabled. Those that are are either people like us (enthusiasts, pentesters, hackers) or someone who had a rooted Android (again, usually people like us) and the people like us usually know how to defend themselves or at least prevent these attacks from happening on their phone.

So the chances of ADB hacking being useful is like..1 in 100, if that.

Edited by Dave-ee Jones
Link to comment
Share on other sites
InfoSecREDD Newbie

InfoSecREDD

Posted
Posted (edited)
6 minutes ago, Dave-ee Jones said:

That's true, but there aren't many people with debugging enabled. Those that are are either people like us (enthusiasts, pentesters, hackers) or someone who had a rooted Android (again, usually people like us) and the people like us usually know how to defend themselves or at least prevent these attacks from happening on their phone.

So the chances of ADB hacking being useful is like..1 in 100.

Also true, But with the Bashbunny and some cleaver scripting, you could make the BashBunny turn on Debugging for you if you know the model of the target phone.. *coughcough*

I think I've seen a HID script to bypass lockscreens too. So really just depends on the Programmer.

(P.S.- Ive used it to enabled debugging on a broken LCD screen phone using just a HID ducky script)

Edited by Ar1k88
Link to comment
Share on other sites
Dave-ee Jones Newbie

Dave-ee Jones

Posted
Posted
13 minutes ago, Ar1k88 said:

Also true, But with the Bashbunny and some cleaver scripting, you could make the BashBunny turn on Debugging for you if you know the model of the target phone.. *coughcough*

I think I've seen a HID script to bypass lockscreens too. So really just depends on the Programmer.

(P.S.- Ive used it to enabled debugging on a broken LCD screen phone using just a HID ducky script)

Mmm, but then that narrows the amount of 'hackable' phones down even further because they need to have either a 4-digit PIN (spam 'em all with HID) or a password (which may not work because there's so many possibilities..). I myself have a pattern lock which (as far as I know) is unhackable with HID because..well, it's a pattern lock.

Link to comment
Share on other sites
Dave-ee Jones Newbie

Dave-ee Jones

Posted
Posted
18 hours ago, Darren Kitchen said:

Actually ADB may be a possible attack vector against some IoT junk

Something like this?

I've noticed some simple commands that can do some weird stuff..E.g.:

'adb connect <IP>' works on some IoT devices, though I don't see why a microphone/lamp needs an IP..:blink:
Some people are saying that there are fridges and other kitchen appliances that work on the network for remote management..seems like a bad idea, interesting to pentest if you use ADB or something, true.

Link to comment
Share on other sites
  • 4 weeks later...
Irukandji Proficient

Irukandji

Posted
Posted
On 10/25/2017 at 8:31 AM, Dave-ee Jones said:

Something like this?

I've noticed some simple commands that can do some weird stuff..E.g.:

'adb connect <IP>' works on some IoT devices, though I don't see why a microphone/lamp needs an IP..:blink:
Some people are saying that there are fridges and other kitchen appliances that work on the network for remote management..seems like a bad idea, interesting to pentest if you use ADB or something, true.

3

There is are two Samsung fridges with full-blown Android Tablets in them. RF23M8590SG/AA and RF23M8570SG/AA.

Link to comment
Share on other sites
  • 2 weeks later...
levic08 Newbie

levic08

Posted
Posted

Whenever i use the bashbunny updater, it says that it has updated successfully, but then when i eject and plug back in, it blinks "police" pattern, and i can not use it. I then have to go to switch one, and after the green startup goes away switch it to arming like you said. I try and update again, but the same exact thing happens!! Please help?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...