Jump to content

[RELEASE] Bash Bunny Firmware v1.5


Sebkinne

Recommended Posts

Hey everyone,

I just wanted to post a quick update to let you know that we have launched firmware version 1.5 for the Bash Bunny.

This firmware comes packaged with exciting new features such as a new ATTACKMODE called AUTO_ETHERNET, and a way to send ALT codes using the QUACK command.

Find all the fixes and features in the changelog and bounce on by to BashBunny.com/downloads for your devious device download (\_/).

Link to comment
Share on other sites

8 hours ago, Struthian said:

For AUTO_ETHERNET, it would be great if there was a result or environmental variable which told us which type it selected.  That would be a hint on which operating system.

Uhm..What? Are you throwing the BB across the room hoping it will land in some random USB port, not knowing what the OS is?

Since the BB only really works when a computer is logged in, you'll know which OS it is before you even put the BB in it. AUTO_ETHERNET is just so you're payload can work with other OS' rather than just 2 (or in the case of Windows, 1), saving the annoyance of having 2 payload switches for the 1 payload for 2 different OS'.

Link to comment
Share on other sites

2 minutes ago, DeepDavid said:

I upgraded to 1.5 but had not loaded any tools before then.

When I drop any .deb files in the tools folder, then reinsert in arming mode, the tool boots up in arming mode but doesn't load the tool.

Has this function changed????

Strange. Are the tools still in the /tools folder or have the disappeared? If they're still there it probably didn't work - if not it probably worked.

What version were you on previously?

Link to comment
Share on other sites

4 hours ago, Dave-ee Jones said:

Uhm..What? Are you throwing the BB across the room hoping it will land in some random USB port, not knowing what the OS is?

Since the BB only really works when a computer is logged in, you'll know which OS it is before you even put the BB in it. AUTO_ETHERNET is just so you're payload can work with other OS' rather than just 2 (or in the case of Windows, 1), saving the annoyance of having 2 payload switches for the 1 payload for 2 different OS'.

No, not doing that.   I am doing something far more interesting.  A payload that does the same thing in different OS environments is quite desirable and would be easy with the features I requested. Actually in dedicated or kiosk set ups, you don't know what the OS beneath is all the time.   I also can't imagine they would be hard to add.

Link to comment
Share on other sites

On 12/7/2017 at 2:24 PM, Dave-ee Jones said:

Uhm..What? Are you throwing the BB across the room hoping it will land in some random USB port, not knowing what the OS is?

Since the BB only really works when a computer is logged in, you'll know which OS it is before you even put the BB in it. AUTO_ETHERNET is just so you're payload can work with other OS' rather than just 2 (or in the case of Windows, 1), saving the annoyance of having 2 payload switches for the 1 payload for 2 different OS'.

Correction: BB does work when a computer is logged off and/or locked, just some attack modes are more useful than others in those states.

I agree it would be nice to know what Ethernet type was selected. We'll see about exposing that somehow.

This is my quick and dirty OS detection payload scaffolding.

LED SETUP
ATTACKMODE AUTO_ETHERNET
LED ATTACK
GET TARGET_OS
case "$TARGET_OS" in
	WINDOWS)
		# Windows payload goes here
		LED R
		;;
	MACOS)
		# Mac OS payload goes here
		LED G
		;;
	LINUX)
		# Linux payload goes here
		LED B
		;;
esac

 

Link to comment
Share on other sites

On 12/12/2017 at 4:35 AM, Darren Kitchen said:

Correction: BB does work when a computer is logged off and/or locked, just some attack modes are more useful than others in those states.

I agree it would be nice to know what Ethernet type was selected. We'll see about exposing that somehow.

This is my quick and dirty OS detection payload scaffolding.

-snip-

I apologise - I wasn't being clear. I meant it is most effective on unlocked machines. There's a limited amount of things you can do with a locked machine.

Link to comment
Share on other sites

  • 1 month later...
On 12/11/2017 at 9:35 AM, Darren Kitchen said:

Correction: BB does work when a computer is logged off and/or locked, just some attack modes are more useful than others in those states.

I agree it would be nice to know what Ethernet type was selected. We'll see about exposing that somehow.

This is my quick and dirty OS detection payload scaffolding.


LED SETUP
ATTACKMODE AUTO_ETHERNET
LED ATTACK
GET TARGET_OS
case "$TARGET_OS" in
	WINDOWS)
		# Windows payload goes here
		LED R
		;;
	MACOS)
		# Mac OS payload goes here
		LED G
		;;
	LINUX)
		# Linux payload goes here
		LED B
		;;
esac

 

not sure what I'm doing wrong , used the code with lates firmware , it dose not detect OS , tried on windows 10,7 and MAC OS.

Link to comment
Share on other sites

9 hours ago, C1PH3R said:

After last update commands like RUN WIN Powershell do not work anymore! 

 

Ducky language does work kinda things like:

Q GUI r

Q STRING notepad

Q ENTER

do work. But other things do not.

 

ROLLBACK NEEDED! (or bugfix!)

Just out of curiosity, what language is the PS typing in, do you know? It should be 'us' by default.

Link to comment
Share on other sites

14 hours ago, C1PH3R said:

Yes it is US, and the language on my computer is also US, I've not changed anything since last update but now my payloads won't work.

Please explain exactly what doesn't work and any symptoms, as I can't help you when you just say "it's not working", unfortunately.

Link to comment
Share on other sites

20 hours ago, Dave-ee Jones said:

Please explain exactly what doesn't work and any symptoms, as I can't help you when you just say "it's not working", unfortunately.

It is fixed, the problem was that the bunnyupdater did not actually updated, but after a manual update it worked, so no problem here anymore

 

Link to comment
Share on other sites

Just did another factory revert (3 quick pullouts) ran the updater a few times, everything is showing updated to 1.5_298 now but with the new firmware I'm not seeing tools being installed from the tools directory when booting in arming mode. A few have mention the same issue, has anyone probed into it more or are you just installing them manually now?

 

 

Link to comment
Share on other sites

On 1/28/2018 at 12:13 PM, Cau5tic said:

Just did another factory revert (3 quick pullouts) ran the updater a few times, everything is showing updated to 1.5_298 now but with the new firmware I'm not seeing tools being installed from the tools directory when booting in arming mode. A few have mention the same issue, has anyone probed into it more or are you just installing them manually now?

You won't notice the tools have installed unless you SSH/Serial into the Bunny and look in the root "tools" folder. The tools folder in the root USB directory is emptied every restart, but if you put tools in there they are still installed.

Link to comment
Share on other sites

  • 2 weeks later...

Oh man this is the first time i had issues with updating the firmware. Had no issues with 1.2, 1.3, and 1.4. It was stuck in green skittles mode for over an hour. I just pulled it out and did the bricking mode steps. Then it finally executed the firmware skittle code.... Green, ..., Red/Blue, ..., Blue/Blue, ..., Auto Reboot, ..., Violet, ..., Blue/Blue, ..., Taste the Bunny rainbow!!!

Not sure if it hung up the first time because i always use the Bash Bunny with the usb extension cable that came with the field kit. Some of the PC's I connect too have molding around the USB port that is hard for the Bunny to connect up too because of its thick love handles. Any how back to bash scripting so my bash bunny can get its skittles on!

Keep up the good work Hak5 team!

Link to comment
Share on other sites

On 10/02/2018 at 6:10 PM, 93K_Test_Junkie said:

Some of the PC's I connect too have molding around the USB port that is hard for the Bunny to connect up too because of its thick love handles.

Sorry. I have Giggle about that one. Gets a little annoying around Raspberry Pi's 

Link to comment
Share on other sites

20 hours ago, Jtyle6 said:

Sorry. I have Giggle about that one. Gets a little annoying around Raspberry Pi's 

Worst is when power leads have a port that has wings, and you're trying to plug it into a powerboard and you have to use up to 3 ports on a powerboard just for the extra room.

An angle grinder or drop-saw fixes that most of the time though.

Link to comment
Share on other sites

  • 2 weeks later...
43 minutes ago, schwasskin said:

I updated to this firmware and now my serial connection is very slow and reports "login incorrect" every time I try to authenticate as root over serial. Im on ubuntu connecting with "sudo screen /dev/tty/ACM0"

 

Thanks

Just tried to reflash same results. I have done a reset by plugging it in 3 times ,etc ,etc

 

and my console output when connecting to serial.. when I finally get it is like this:

 

 

 


                                                Password:

 

                                                          Login incorrect

                                                                         bunny login:

      Login timed out after 60 seconds.

 


                                       Debian GNU/Linux 8 bunny ttyGS0

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...