Introducing the Bash Bunny - Hak5 2125
HTML-код
- Опубликовано: 28 сен 2024
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
Hop on over to www.bashbunny.com to grab your Bash Bunny!
RSVP to our launch event: goo.gl/forms/3...
Hit up www.hackacrosst... to find out where we’re heading next!
Find out more about the Bash Bunny at www.bashbunny.com/
-------------------------------
Shop: www.hakshop.com
Support: / threatwire
Subscribe: / hak5
Our Site: www.hak5.org
Contact Us: / hak5
Threat Wire RSS: shannonmorse.p...
Threat Wire iTunes: itunes.apple.c...
------------------------------
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.
Elliot better have this in the next season.
But there aren't any computers in Fillory
Hack the telephones
this was my first thought as well ;)
Not Elliot From Fillory, the Elliot from Mr. Robot. lol
are you srsly smoking a bong on your avatar pic HAHA
Awwwwww Darren looks like a proud dad (23:22 - 23:39)
This is beyond evil. I need one.
HHHHHH
Hey guys i'm Indonesia
66 likes, lets keep it that way :)
@@mr.impian2733
Wow! A country on the interwebzz
@@mr.impian2733 Where is Donesia? sorry - I had to ;p
my most favorite episode. I love you two!
first
Lol, friggin troll machine
I kek'd so hard at the bunny glasses
hay snubs
.
Shannon Morse this is the best thing I've ever seen. I love you guys! Keep up this amazing work. :)
I think you missed your chance to put a rabbit's foot on the key ring. /s With the logic of bash though, This seems like a good tool for IT automation as well in places that don't have better network managed tools for common tasks. Knowing common issues and having a library of scripts to fix them that I can plug into any machine, have it know the OS and the exact steps to fix would be amazing. I would also assume you could set up detection and have Switch 1 change what Switch 2 would do.
Adam Morgan Tech support on a keyring
Absolutely. Consider that you have both a DHCP server and TFTP server. There's PXE potential here :) ~Darren
Awesome, and I was over here simply wanting a way to have multiple payloads on one USB. Awesome work!
Darren and Seb are legendary. This is insane!!!!!!
So excited for the Bash Bunny, another awesome tool from those smart guys at Hak5!
Mine is going to be here tomorrow and I cant wait to play!
The Bunny is going to become the goto Swiss Army Knife for Pentesters...
WAIT A MINUTE... DID I SEE THAT YOU CAN UPLOAD THE PAYLOADS AS .TXT?!?!?!?!?!? SUCH EASE
The idea is to be ridiculously convenient. We've gone as far as to even make it compatible with the ASCII files that Windows notepad makes regardless of its awkward carriage returns. ~Darren
Hi Darren
Thanks for the update on Bash Bunny. Just picked one up, can't wait to start hopping with the Bunny.
Great episode Darren and Shannon! You guys are so awesome!
I've never seen Darren so excited.
I want to trust my technolust... but its telling me to buy twelve and somehow I think thats overkill >.
anyone else stay up just to watch this? also can you do giveaways plz
yup
Loving this little Bunny. I ordered mine. You guys are awesome!!!
couldn't wait so had to order.
like always. you're tools are the best. thanks
Not sure if anyone has posted this yet, but as for the boot time, if there's enough room, you could squeeze in a small rechargeable battery, pre-charge it, boot it in your pocket, and the connect in hot. Then boot could suck and the vector could be hit as soon as you can get it in the jack.
Buying one right now, you guys are my hero
This looks awesome! Hope more videos on it are coming.
SHUT UP AND TAKE MY MONEY! Oh, you already did... SHUT UP AND TAKE MY MONEY AGAIN (cwl)
JUST GOT ONE IN MY HANDS SO HAPPY!!
Ever since I saw the release i couldn't wait till this came out and when i did it was the most amazing thing i have ever saw awesome job guys.
Got my Bunny and the new stickers. Much love to Hak5
At the 11:07 mark, we get a tip from Darren that the Bash Bunny also works as an Ecto-Containment System. Perfect for catching those pesky ghost images.
Hi Both, great video as usual, however, I am new to this stuff so learning and making a decision as to what kit to buy. I am gong to for the nano tact kit but then which one between bash bunny, lan turtle or ducky. While you briefly mention the "difference" between these three tools, could please explain in a little ore detail or even a video as to which may useful or why may need all three, please. I just find this stuff so interesting and want to experiment once I get the tools. Thank you.
This is probably the most cyberpunk infomercial ever. 10/10
Wow, just wow. There is much potential with Bash + trust.
Just ordered mine!
i love looking at you guys
I think I will read the support forums and see just how smooth the ride is for others. Always research a products performance based on end user experiences and not the ADVERTISEMENT.
Absolutely. Feel free to check out our forums at: forums.hak5.org/index.php?/forum/92-bash-bunny/ where the developers have been actively helping out new users.
So more colors coming soon, whats in the yellow and orange bags?
So I don't work for a bank, but I do work for a company where I need to store sensitive data on my computer, and where my computer has implicit trust on the network for access to sensitive data stored on the network. It's been ingrained in me to lock my work computer whenever I get up from it, like the employee at the bank should have been doing in the clip shown. Locking a computer isn't the be all and end all (a LAN Turtle can still attack a locked computer), but it quickly and easily cuts down on the attack vectors available.
You flip the switch and it does The Thing!
wait so do you still have to encode the rubber ducky payloads for bash bunny or no?
already ordered. great work.
This is dope af Darren - getting one for sure
Ordered! Oh the places we will go.... :D
Can you make an episode on all the really technical details of how the BashBunny works that would be really interesting, thank you!
daily dose of technolust!!!!!!
Will there be updated Field kits including the BashBunny at some time?
Yes, no specified date yet.
very cool indeed, crazy what you came with i had a fought in my had if this is what you can do what is out there that government has in possession to use. It is a next level device for shore.
All you need now is to stick a wifi chipset on the thing, so it can be left in place and exfiltreate/controlled remotely.
You guys continue to be the best.
This is kinda like all the hak5 tools in one :O
Would be great to use as a "plug in" VPN client. Just plug it in and it tunnels all traffic through your VPN server. It would be similar to what Darren does with the Pineapple via wifi, but done by just plugging the BB into an open USB port. Instant secure web browsing everywhere you go on any machine with no configuration!
0150r have u not seen same thing for TOR?
I've seen a TOR/VPN router that uses a RPI and Darrent did cover using a Pineapple to make an openVPN access point. I'm looking more towards having the BB be a "plug in the USB, be on the VPN" type device.
Is the bash bunny sponsored by playboy?
Yes.
How does it not replace the 'Rubber Ducky'?
Speed, Price and formfactor
It can do the same things once it's booted up, however it takes longer to boot, and it isn't as covert. The Rubber Ducky is a specialized tool while the Bash Bunny is a general tool that does the same thing slower. That is if you aren't talking exfiltration.
Chewie They literally explained that in the video.
I was thinking the same thing since it can straight up run ducky script.
Basically, what he said. Basically, speed, price and form-factor. Also, features. USB Rubber Ducky is HID only - or HID + (slow) flash storage with 3rd party firmware. The Bash Bunny features HID as one of its 5 current attack modes and flash storage is tremendously faster.
The USB Rubber Ducky will always execute payloads faster (0.1 seconds vs 7), more economically (less than half the cost), and more covertly (with its generic flash drive case). For social engineering ops, USB drops and attacks which require the target to plug in the drive, the USB Rubber Ducky is still the gold standard. ~Darren
Can you do an episode on the Raz Reverse shell. I tried this one on a windows 10 machine I got the solid white color which indicated that the payload completed successfully. However when i ran netstat on the windows box i did not see the open port, nor didi see it on my linux box when i did the netcat. Also the powershell window was supposed to be hidden, well it was not as i saw it open. And could also uses the clean up at the end to remover the powershell code from the run line.
Wich are the computer models that you are using, and with Wich OS ?
damn, gunna have to wait till next payday now! Cant wait to get my hands on this baby
looved her description of the cdc
Where do we summit our payloads for the bash bunny competition?
github.com/hak5/bashbunny-payloads
Thank you :)
When will you guys have more to sell, it the keysly be in????
Dumb question. Do y'all plan on any USB-C variants? Obviously Bash Bunny isn't really made for random drops. Will the rubber ducky ever have a USB-C version because they are awesome for hiding in random cases. Trying to avoid dongle hell with these things.
What's the difference in comparison to rubber ducky?
Apart from the look and speed mentioned in the video...i feel Bunny is kind of adv version of ducky emulating a variety of trusted devices.
Was planning to buy ducky...but now i am confused.
bari khan The Bunny also simulates and LAN-Adapter like the LAN Turtle, so you have many more attack posslibilities, the Ducky, in compatibility, simulates only a Keyboard (the Bunny can so this too) but is way faster than the bunny
Vinc viert YT Account thanks... It's only the time of execution that gives ducky the upper hand.. Got it.
Do you think something like this would be possible with an Android phone? As in, writing an app for an Android phone which would essentially let you choose your payload from a list (or even connect to a server to pull the payload you wanna use) while in the middle of an attack (with a mode to run in a similar manner to the Bash Bunny so you don't need to unlock the device to execute a payload). And if doing it that way, you could even connect to a smart watch to get updates about the attack without looking too suspicious. :p
I also feel like doing it from an Android phone opens up more possibilities in terms of social engineering as you could potentially ask if you could plug your phone into their computer to "charge". 'w' Whereas asking to plug in a USB is an immediate red flag.
Although I'm not sure how doable that would be, and I certainly doubt it could be done on a non-rooted device, but it would certainly be cool.
Been working on this with a RpiZ for a little while. I want one.
just 4 info - 13:49 use the windows command "mode" - its faster
Amazing work!
You guys are awesome!
Any good books/resources for learning to write scripting languages??
I'm just waiting for a RPI zero mock up of this to emerge
for some reason Bashbunny on Device Manager Port com does not show up just says CDC serial but no com port displayed
holy bunny's THIS IS AWESOMMEEEEEE
So what is the difference between this and the ducky?
YEAH!
WOW!, Please send me one, with pineapples on top. j/k but really if you feel especially generous I'd be happy.
Could you imagine putting metasploit on this, or even payloads for metasploit, use the storage to automatically send those payloads to the victim pc. not only do you now have the functionality of the Bunny, but that machine is now vulnerable to whatever metasploit payload you put on it. All without anyone having a fuzzy tailed clue.
I've been wanting to put together a free demo for local businesses using the pineapple (The mach V rocks btw) and now I've just seen the future of mass paranoia for that demo.
Great job! Keep up the great work, it's projects like this that really emphasize how vulnerabilities have changed over the lat 20-30 years and how just having an anti-virus and firewall, and updated OS is only a minor step in security.
I don't even have one yet and I'm already geeking out on the possibilities.
dose it work even when a user is not logged in?
@omnicorpsec made something like your pineapple core, but its called a #frenchmartini
4:27 Keep on Keeping on💪👊 props😎🍻
Can it work as a keylogger?
Will this be available in India?
Big fan of bash bunny.
I can see super glue being used as a security measure until you remove the side of the case and go to the pads.
What does the packaging look like? Like is it obvious that it is a hacking device?
Nope, it comes in a carrier envelops -- so if you ship via DHL, UPS or USPS it'll come in one of their bubble mailers. The actual product packaging inside the shipping material is a red envelope with a cute Bash Bunny logo.
Hak5 are you guys going to come out with a field kit that include the bash bunny?
Yes
what laptop do you use?
So what's the difference between this and rubber ducky? Besides the price
you-are-not-real watch til the end of the episode. We go over this!
OMG you guys are the best
root access to the linux stuff... If I were to brick/bork the software, is it possible to re-flash from usb?
It auto-recovers from a special partition if it fails to boot more than 3 times.
What's the difference between this and the USB Rubbery Ducky? Is this better because it's newer?
It can imitate more than just a keyboard, lots of other stuff too ;)
i would like get one but you are not shipping in Croatia
where is the repo ??
Having it being a .txt file is extremely useful... :D IT BYPASSES SOOO WELL :D :D :D
You should have made Darren wear those glasses.
running the same code onto a phone will be fun.....(using the full spectrum 3G 4G wifi bluetooth)
More stuff! Hop to it.
how can I get this bash bunny
Can it be traced back to owner/attacker if you leave it and it's found by the attackee..
Can someone explain the difference between the Bash Bunny and the Rubber Ducky?
all hak5 tools are awesome. its a pitty they are so expensive (im from the third world, so everithyng comes with importation taxes)
plus months of paperwork
very awesome :) im going to give it a few month before i buy so there are more pre created payloads. time to get rid of my rubberducky and move on
cool!
yea, but how to plug in the bunny to fakebooc data-centre, (where it deserve to be) cause using this to joke a friend can be fun?....
WANT!
"DRINK ALL THE BOOZE! HACK ALL THE THINGS!!!"
Specs?
What's better bash bunny or USB rubber ducky?
They're very different, but the Bash Bunny can do more
NOO I JUST SPENT $100 DOLLARS ON PARTS FOR A ROBOT AND NOW YOU RELEASED THIS I NEED TO GET A ACTING JOB NOW BECAUSE IM ONLY 12!
Jonathan Emery When I was 12 I was playing outside.. But hey..
Pr0ton Haha Yeah Thats What Most Of My Friends Do
Pr0ton playing hoop stick?
what is an acting job?
steven hubbard Like Tv Shows.