Status of the Project?

[LowValueTarget]

I've noticed the forums kinda died and the Github pull requests haven't been accepted/reviewed in months. What's the deal?

[RazerBlade]

Don know. At this point, it's kinda dead as the payloads are not updated and thus have begun to fail. Sad to see such an awsome project die down.

[MattJ]

Agreed - would be good to know, pretty much all the payloads are now failing.

[PoSHMagiC0de]

The project is still going as far as I know.

There has always been a issue with updates submitted by contributors to the payload library being pulled into the main repo in a timely manner so do not use that as a guideline for the status of the project.

People who use the BashBunny still peek over the forums.  You will see almost every post gets a response from someone.

Payloads were contributed by the community.  Hak5 doesn't maintain them, users do.  Most payloads that use exploits are going to quit working when the developer of the item it is exploiting patches it out.  Payloads like quickcreds has stopped working a few patches back since trusted domains.  Just because some payloads stop working doesn't mean the project is dead.  It means the industry is doing their job.  The BB is just there to help deliver and/or automate it.

 

Ultimately, the BashBunny as sold is a device with a preset framework for you to write your own payloads on.  Hak5 is not obligated to issue and maintain payloads, just the device and its firmware so you can write your own.  They offer a repo for community members to share their payloads they made for the device...but Hak5 does not maintain them when they begin to fail, that is what the developer of the payload is supposed to do.  Those devs are not Hak5 employees.

 

Last, Hak5 devices are not magical skeleton keys capable of hacking anything.

[RazerBlade]

No. But if they would try to maintain the payloads to have working exploits, their sales would properly go up. Just sad to see that firmware updates have stopped coming to the Bash bunny. What happend to mouse support for instance. 

[Darren Kitchen]

There are new features on the roadmap but right now the focus of the development team is on Hak5 Cloud C2.

There is obviously room for improvement in terms of payload repository moderation - which is hindered due to labour - and it's a problem I expect to tackle next with a solution more complete than our current system.

[Dave-ee Jones]

On 9/11/2018 at 8:20 AM, PoSHMagiC0de said:

Just because some payloads stop working doesn't mean the project is dead.  It means the industry is doing their job.  The BB is just there to help deliver and/or automate it.

I agree with most of what you said except what I quoted..to which I have to say: "Yerrrrrrrr keep telling yourself that" ?

The amount of posts/comments says otherwise, but I agree with the fact that there are still posts/comments being made. "Dead" doesn't necessarily mean that there has to be 0 activity.

[MrMyFriend]

i just bought one so i hope i didn't make a mistake ahah

[icarus255]

On 9/27/2018 at 11:29 AM, MrMyFriend said:

i just bought one so i hope i didn't make a mistake ahah

You have not, amigo. I've owned my BB for about a year now and yes, the forum activity has decreased over those months but I can only blame people like myself for not contributing more to the discussions/ideas. That being said, I hop on regularly to check what's new as well as answer any PMs I may get. The platform itself continues to work despite the decreased forum activity.

As far as new content goes, I am happy with what has been provided already. The content delivered so far has given me plenty of my own ideas to work on and more importantly I now have a tool to exploit attack vectors that I wasn't familiar with before.

The BB is an excellent delivery platform with many payloads that still work despite what some are saying. I guess stealing creds is what most people are excited about when they first see the BB but that also happens to be on the top of every vendor’s list of shit to patch so yea those payloads have always had varying success but that's not to say they can't be modified to your needs.

The BB is limited only by your skills and your imagination.

[Spectre32787]

Personally I see the BB as a means to bridge the gap between non-tech-savvy users and their IT department.  I'm using it to pull basic device data for cataloging a simple systemtools, Set, and ipconfig output to a csv makes life tremendously easy.  Can pass the BB to someone, already configured to do the work, and I don't need to spend a week in programming training with them.