Should I get the bash bunny

[BallerG]

Hey, sorry if this counts as spam or doesn't comply with the forum rules or something, but i was wondering whether i should get it or not.

I barely know anything about hacking and feel like this would a good step to introduce me into it. I know some python and some other basic computer science knowledge. Is this a good idea for me?

[b0N3z]

yes get one

[aethernaut]

Quote

I barely know anything about hacking and feel like this would a good step to introduce me into it

That may well be true but in your question the term "hacking" is possibly just a little bit too broad. To look at it another way it's kinda like someone saying "I barely know anything about electronics, should I buy an oscilloscope?". If they have decided that the aspect of electronics they are really interested in will need them to have one, get one. If they don't know yet, no.

Similarly with "hacking" or pen-testing. If you have already decided that the aspect of pen-testing you are already interested in is what the bash bunny is good for, get one.

Hak5 itself doesn't seem to be putting out any content now, so have a view of the older Hak5 vids where they actually talk about pen-testing topics. Maybe have a rummage though Null Byte's vids as well. See if there is a particular aspect that particularly interests you. Then watch vids and read up on it a bit, download a few tools, destroy a VM or three, maybe tinker with a bit of wifi sniffing and get the feel of it. Experiment and be realistic. You are unlikely to be able to instantly (or ever) get to grips with methods of privilege escalation or exploiting current vulnerabilities and, like me, you may never want or need to.

Use your own dedicated kit (such as Raspberry Pis and / or VMs) when experimenting. This means you can control all aspects of the scenario you have set up. Also you won't get into trouble and this is important as even if you didn't intend to you could fall foul of the law just by not knowing what you are doing. Things like an unitintentionally "uncontrolled" payload can cause havoc. Additionally you won't get frustrated when current security tools on your day to day kit throws up warnings about a bash bunny payload, the presence of a LAN Turtle or light up like a christmas tree when you switch on the "man in the middle" mode on a pineapple, because you can disable any security or not even install it withot it affecting your primary system(s). All those "frustrations" have happened to me.

I am not trying to put you off or put you down, far from it. I did exactly what you are thinking of doing. I bought some Hak5 kit, plugged it in, got it working and thought "now what?" Sure I had some success but what did all this actually mean? I did not know enough to understand or make use of it. So I put it away, decided to concentrate on basic wifi as a start, got one of my Rasberry Pis, an old Alfa USB wifi device, a spare access point to be my victim, and proceeded to try to install and use Aircrack. As I went along I became more familiar with the terminology and the techniques behind what the Pineapple does and moved on from there onto other aspects.

Finally, if you are anything like me and just like gadgets, you'll probably get one anyway regardless of what anyone says 🙂

[INFOTRACE]

On 12/1/2018 at 11:33 PM, BallerG said:

Hey, sorry if this counts as spam or doesn't comply with the forum rules or something, but i was wondering whether i should get it or not.

I barely know anything about hacking and feel like this would a good step to introduce me into it. I know some python and some other basic computer science knowledge. Is this a good idea for me?

Hey,

I got one, did you? If you did, how are you getting on with it? What problems (if any) did you encounter her and how did you resolve them?

Cheers 😎

[PoSHMagiC0de]

Hmm, people always put the BB into the hacking category.  I actually been using mine more for admin stuff.  When we get new customers, a lot of the time they do not have a domain or anything setup so initial switching and stuff takes me going to each machine to run a few things and stuff since there is no real network access.  Usually that means for in the beginning creating a local admin I know and giving it local admin remote rights so I can do things remotely or installing AV and remoting software, etc.

I have even used it with my partner here where she she is going out to a site and need her to run some things but she is oblivious to powershell and what I want her to do so I script it on the bunny and tell her to just put it in this machine while signed in as admin and it does it for her.

 

So, I think we should reclassify the bunny as more of an admin tool or an "Enhanced Technician Device".

The purposes I listed above is the real reason I worked on the BBTPS.

[INFOTRACE]

1 minute ago, PoSHMagiC0de said:

Hmm, people always put the BB into the hacking category.  I actually been using mine more for admin stuff.  When we get new customers, a lot of the time they do not have a domain or anything setup so initial switching and stuff takes me going to each machine to run a few things and stuff since there is no real network access.  Usually that means for in the beginning creating a local admin I know and giving it local admin remote rights so I can do things remotely or installing AV and remoting software, etc.

I have even used it with my partner here where she she is going out to a site and need her to run some things but she is oblivious to powershell and what I want her to do so I script it on the bunny and tell her to just put it in this machine while signed in as admin and it does it for her.

 

So, I think we should reclassify the bunny as more of an admin tool or an "Enhanced Technician Device".

The purposes I listed above is the real reason I worked on the BBTPS.

Awesome response.........thank you.....I too believe that it is now an excellent admin tool, which has so many uses. I like the design and will probably get another one for different packs. I feel a couple of rubber duckies are needed for other tests.......love Hak5 products and advice.

Cheers again for your information. 😎