What's wrong with Firmware 1.6???

[hoppler]

I used the Bunnyupdater on a windows Machine to update my BB to the new Firmware 1.6.

Then I tried to install the Tools by copy the .deb files to the Tools Folder. Save ejecting and reinseting.

Everything seems to be o.k., BUT when I log into to linux Terminal of the BB via Putty I just have ONE Folder "udisk" and a "version.txt" File.

What's wrong here???

Please help.

 

 

[hoppler]

Well, I'll answer myself, before somebody else runs into the same problems thinking the Firmware doesn't work.

Here's the little story:

I installed Firmware  1.6. So far, so good.

But when I logged into the Bash Bunny I could only see : "udisk" and "Version.txt".

Before I made the update I could see something like "ATTACKMODE", "TOOLS" and many other Directorys/Files.

After I installed the new Firmware 1.6. there was only what I mentioned above.

 

Well, I'm not good with linux, but I'm not a quitter. so I started digging deeper into the BB.

And I got the clue!

The filesystem has changed!!!

Now I have to do a " cd .." to see the files installed in the BB. Important: See the space between "cd" and "..".

I got metasploit installed, responder, but gohttp will be ignored.

I put the files into the Tools folder - it shows magenta light, so it is installing, but no gohttp - I need it for a reverse shell.

Why I can't install gohttp ???

 

Well, I don't know if Mr Darren Kitchen is still around. But if he is, I would like to tell him:

Please, Mr. Kitchen, if you are still working on hak5 I need your help!

The Bash Bunny is a great Tool for pentesters, but unfortunally there seems to be no help, or at least very few help, to get bpayloads started.

Most of the payloads on github don't work anymore. And I'm not satisfied with it.

A video showing that the BB can show a message when plugged in or change the wallpaper (big Deal) isn't something a pentester needs to know.

I don't know if you still interested in the development of payloads for the BB. But if you do, you might want to make some tutorials - this is better then showing any uninterested stuff on hak5 for the BB.

I guess you have to be serious and not presenting anything  like "I can change your wallpaper if you plugin you BB". Wow, big deal!

No, I guess the community have to wake up! Where is the challenge? Were are the programmers who can defeat let's say UAC?

Most of the stuff shown isn't very intersting - for more than 30 minutes - yawn!!!

 

Hey, guys, wake up!!!!!!!!!!!!!!!!!!!!!!!!

 

 

 

[b0N3z]

@hoppler almost all of the payloads are developed by 3rd party developers, meaning they dont work for hak5.  hak5 does not update these payloads.   They provide the tools ( the Bashbunny ) for the pentester to do what they want to do with it.  This means for the most part, you need to have a general knowledge of how the payload works.  Myself, I have gone through different payloads and read the code and changed things to make it do what I want it to do.  Also realize that these are made for a Business style attack, meaning your home machine most likely wont work for these because some ports might not be open or you dont have the required tools setup on the BB.  I personally was able to acquire an old machine from where I work ( I bought it for cheap from them ) and a lot of the payloads do work and I have setup the payloads to work with that version of windows running.  The BB is not just a plug and play. You need to do your research on the machine your attacking and edit the payload to that.  Most people that us the BB are familiar with coding and just make there own payloads for there situation and never upload them to github because maybe they dont want to. 

[Cap_Sig]

2 hours ago, b0N3z said:

@hoppler almost all of the payloads are developed by 3rd party developers, meaning they dont work for hak5.  hak5 does not update these payloads.   They provide the tools ( the Bashbunny ) for the pentester to do what they want to do with it.  This means for the most part, you need to have a general knowledge of how the payload works.  Myself, I have gone through different payloads and read the code and changed things to make it do what I want it to do.  Also realize that these are made for a Business style attack, meaning your home machine most likely wont work for these because some ports might not be open or you dont have the required tools setup on the BB.  I personally was able to acquire an old machine from where I work ( I bought it for cheap from them ) and a lot of the payloads do work and I have setup the payloads to work with that version of windows running.  The BB is not just a plug and play. You need to do your research on the machine your attacking and edit the payload to that.  Most people that us the BB are familiar with coding and just make there own payloads for there situation and never upload them to github because maybe they dont want to. 

Well said.  The payloads provided are more for example.  They might work "out of the box" for some scenarios but recon is required to specialize them to be fully functional most of the time.

Also a lot of the payloads have not been updated for some time.  As companies catch word of the vulnerabilities posed by old payloads they can try to prevent them with updates/patches fixing the vulnerabilities.  This doesn't mean there aren't unpatched systems in the wild but usually leads to new/updated payloads being required.

If you want to learn about the use of the bash bunny start with very simple payloads like one that opens a text editor and types something.  Evaluate how it works, modify it, then move on to more complex payloads.  

[b0N3z]

also learning how linux works and the programs being used by BB is very important.  If you have no idea how nmap works, how are you going to do a scan to get the info needed.  granted this is something that the extensions that hak5 has made help you out