Skr3w Posted November 3, 2019 Share Posted November 3, 2019 Hey all 🙂 I have been pretty interested in getting a bash bunny and was wandering if it’s still a good buy? Only reason I ask is because after looking through the forums I’ve seen people saying it gets whiped when put into a machine with certain anti virus software. Just looking for some opinions on what the bash bunny is like tbh. Thanks, -S 🤘🏻 Link to comment Share on other sites More sharing options...
Skr3w Posted November 3, 2019 Author Share Posted November 3, 2019 *wiped oops 😛 Link to comment Share on other sites More sharing options...
kuyaya Posted November 4, 2019 Share Posted November 4, 2019 I think it's still worth it, because you can easily turn the av off or just make an exclusion. I would still buy one Link to comment Share on other sites More sharing options...
Skr3w Posted November 4, 2019 Author Share Posted November 4, 2019 12 hours ago, bunnylover said: I think it's still worth it, because you can easily turn the av off or just make an exclusion. I would still buy one Okay thanks 🙂 definitely think I’m going to get one of these and the new shark jack Link to comment Share on other sites More sharing options...
kuyaya Posted November 5, 2019 Share Posted November 5, 2019 Idk about the shark jack. Newer isn't better. I mean, the bb is a ethernet adapter, keyboard, mass storage all at once. Just think about what you want to do and then choose the right one. Maybe the right one is the rubber ducky, idk what you want to do with those tools. Just think about what you want to do before buying it. (im not saying the shark jack is bad) Link to comment Share on other sites More sharing options...
x_0 Posted December 6, 2019 Share Posted December 6, 2019 I love the bunny. I've run it on a slew of machines and have never had AV issues. Link to comment Share on other sites More sharing options...
kuyaya Posted December 10, 2019 Share Posted December 10, 2019 On 12/6/2019 at 2:35 AM, x_0 said: I love the bunny. I've run it on a slew of machines and have never had AV issues. Try running the passwordgrabber payload. If you still have no av issues, then something is wrong. LaZagne get's always detected by an AV (my experience).A way to bypass that is to make an exclusion or just turn the av off by hand (takes about 5 sec). Link to comment Share on other sites More sharing options...
dmetron Posted January 24, 2020 Share Posted January 24, 2020 On 12/10/2019 at 9:45 AM, kuyaya said: Try running the passwordgrabber payload. If you still have no av issues, then something is wrong. LaZagne get's always detected by an AV (my experience).A way to bypass that is to make an exclusion or just turn the av off by hand (takes about 5 sec). Actually changing the lazagne code up a bit bypasses most avs. Just add some comments and add and call some dummy functions for good measure. Also make sure to search-replace all occurrences of the actual term 'lazagne' and you're good to go. Some avs do warn about a suspect executable file but report it safe after a quick scan and let it execute anyway. Link to comment Share on other sites More sharing options...
kuyaya Posted January 24, 2020 Share Posted January 24, 2020 2 hours ago, dmetron said: Actually changing the lazagne code up a bit bypasses most avs. Just add some comments and add and call some dummy functions for good measure. Also make sure to search-replace all occurrences of the actual term 'lazagne' and you're good to go. Some avs do warn about a suspect executable file but report it safe after a quick scan and let it execute anyway. Really? Have you managed to modify lazagne so it doesn't get spotted but still works as good as before? Link to comment Share on other sites More sharing options...
Sizzlik Posted February 3, 2020 Share Posted February 3, 2020 On 1/24/2020 at 4:37 PM, kuyaya said: Really? Have you managed to modify lazagne so it doesn't get spotted but still works as good as before? Thats what polymorphing virii do Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.