Jump to content
Sebkinne

[RELEASE] Bash Bunny Firmware v1.4

Recommended Posts

Hey everyone,

Version 1.4 of the Bash Bunny firmware is now available!

With it comes an important fix which will prevent the device from boot-looping when an invalid update file is put onto the root of the Bash Bunny's storage partition.

A bug in the Bash Bunny's QUACK command has also been fixed and all underlying packages have been updated.

Find all the fixes and features in the changelog and bounce on by to BashBunny.com/downloads for your devious device download (\_/)

  • Like 6

Share this post


Link to post
Share on other sites

Wonderful work you guys. :)

Share this post


Link to post
Share on other sites

ADB as in Android Development Bridge? It should already be available via apt.

 

(Not quite sure why you would want this?)

Share this post


Link to post
Share on other sites

Thanks for the update!!!

 

Edited by Just_a_User

Share this post


Link to post
Share on other sites

Hey awesome. I successfully recovered my looping bunny. I feel only slightly bad that I now have two working bunny's for the price of one. ;P will give this update a go when I get home. I've been brushing the dust off my pineapple today! It's a good day! Squirrel on the way. Updates galore... Definitely a good day. 

Share this post


Link to post
Share on other sites
6 hours ago, UnLo said:

Hey awesome. I successfully recovered my looping bunny. I feel only slightly bad that I now have two working bunny's for the price of one. ;P will give this update a go when I get home. I've been brushing the dust off my pineapple today! It's a good day! Squirrel on the way. Updates galore... Definitely a good day. 

Sounds like you've made up for it with the amount of Hak5 gear you have, haha.

Share this post


Link to post
Share on other sites
Just now, Dave-ee Jones said:

Sounds like you've made up for it with the amount of Hak5 gear you have, haha.

my thoughts were 'hey, they hooked it up with an extra bunny when they didn't know how to fix the loop, might as well re-invest in a company that has my back' plus Xtra Stickers! duh!

Share this post


Link to post
Share on other sites
14 hours ago, Foxtrot said:

ADB as in Android Development Bridge? It should already be available via apt.

 

(Not quite sure why you would want this?)

Reason ADB would be useful for a BashBunny would be OTG Android attacks.. You could possibly pull info just like "PasswordGrabber" if the Target Android already has Android Debugging Enabled. Can do alot more then that tho... Reset PIN Codes, Pull SMS's, Contacts, Emails, you name it.. 

But I'll shut up now. :happy:

Edited by Ar1k88
  • Like 1

Share this post


Link to post
Share on other sites
7 minutes ago, Ar1k88 said:

Reason ADB would be useful for a BashBunny would be OTG Android attacks.. You could possibly pull info just like "PasswordGrabber" if the Target Android already has Android Debugging Enabled. Can do alot more then that tho... Reset PIN Codes, Pull SMS's, Contacts, Emails, you name it.. 

But I'll shut up now. :happy:

That's true, but there aren't many people with debugging enabled. Those that are are either people like us (enthusiasts, pentesters, hackers) or someone who had a rooted Android (again, usually people like us) and the people like us usually know how to defend themselves or at least prevent these attacks from happening on their phone.

So the chances of ADB hacking being useful is like..1 in 100, if that.

Edited by Dave-ee Jones

Share this post


Link to post
Share on other sites
6 minutes ago, Dave-ee Jones said:

That's true, but there aren't many people with debugging enabled. Those that are are either people like us (enthusiasts, pentesters, hackers) or someone who had a rooted Android (again, usually people like us) and the people like us usually know how to defend themselves or at least prevent these attacks from happening on their phone.

So the chances of ADB hacking being useful is like..1 in 100.

Also true, But with the Bashbunny and some cleaver scripting, you could make the BashBunny turn on Debugging for you if you know the model of the target phone.. *coughcough*

I think I've seen a HID script to bypass lockscreens too. So really just depends on the Programmer.

(P.S.- Ive used it to enabled debugging on a broken LCD screen phone using just a HID ducky script)

Edited by Ar1k88

Share this post


Link to post
Share on other sites
13 minutes ago, Ar1k88 said:

Also true, But with the Bashbunny and some cleaver scripting, you could make the BashBunny turn on Debugging for you if you know the model of the target phone.. *coughcough*

I think I've seen a HID script to bypass lockscreens too. So really just depends on the Programmer.

(P.S.- Ive used it to enabled debugging on a broken LCD screen phone using just a HID ducky script)

Mmm, but then that narrows the amount of 'hackable' phones down even further because they need to have either a 4-digit PIN (spam 'em all with HID) or a password (which may not work because there's so many possibilities..). I myself have a pattern lock which (as far as I know) is unhackable with HID because..well, it's a pattern lock.

Share this post


Link to post
Share on other sites

The amazon firetv meterpeter payload, didn't it use adb? Even though I think there are slim chances that people will have debugging enabled on their phones, one more attack vector can't be that bud, huh?

Share this post


Link to post
Share on other sites
18 hours ago, Darren Kitchen said:

Actually ADB may be a possible attack vector against some IoT junk

Something like this?

I've noticed some simple commands that can do some weird stuff..E.g.:

'adb connect <IP>' works on some IoT devices, though I don't see why a microphone/lamp needs an IP..:blink:
Some people are saying that there are fridges and other kitchen appliances that work on the network for remote management..seems like a bad idea, interesting to pentest if you use ADB or something, true.

Share this post


Link to post
Share on other sites
On 10/25/2017 at 8:31 AM, Dave-ee Jones said:

Something like this?

I've noticed some simple commands that can do some weird stuff..E.g.:

'adb connect <IP>' works on some IoT devices, though I don't see why a microphone/lamp needs an IP..:blink:
Some people are saying that there are fridges and other kitchen appliances that work on the network for remote management..seems like a bad idea, interesting to pentest if you use ADB or something, true.

3

There is are two Samsung fridges with full-blown Android Tablets in them. RF23M8590SG/AA and RF23M8570SG/AA.

Share this post


Link to post
Share on other sites

Whenever i use the bashbunny updater, it says that it has updated successfully, but then when i eject and plug back in, it blinks "police" pattern, and i can not use it. I then have to go to switch one, and after the green startup goes away switch it to arming like you said. I try and update again, but the same exact thing happens!! Please help?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...