Introducing the Bash Bunny - Hak5 2125

Поделиться
HTML-код
  • Опубликовано: 24 дек 2024

Комментарии • 413

  • @ChristAlmightyJesus
    @ChristAlmightyJesus 7 лет назад +329

    Elliot better have this in the next season.

    • @Jeffiechan
      @Jeffiechan 7 лет назад +11

      But there aren't any computers in Fillory

    • @DrewryPope
      @DrewryPope 7 лет назад +2

      Hack the telephones

    • @Cpgeekorg
      @Cpgeekorg 7 лет назад +2

      this was my first thought as well ;)

    • @Blakhawk1703
      @Blakhawk1703 7 лет назад +3

      Not Elliot From Fillory, the Elliot from Mr. Robot. lol

    • @GabREAL1983
      @GabREAL1983 7 лет назад

      are you srsly smoking a bong on your avatar pic HAHA

  • @aortizc82
    @aortizc82 7 лет назад +43

    This is totally going to appear in Mr Robot Season 3.

  • @JonesAndGriesmann
    @JonesAndGriesmann 7 лет назад +83

    This is beyond evil. I need one.

    • @fahadalkamli
      @fahadalkamli 7 лет назад

      HHHHHH

    • @mr.impian2733
      @mr.impian2733 6 лет назад

      Hey guys i'm Indonesia

    • @Blue-we5sm
      @Blue-we5sm 4 года назад

      66 likes, lets keep it that way :)

    • @PNCNDNOB
      @PNCNDNOB 3 года назад

      @@mr.impian2733
      Wow! A country on the interwebzz

    • @user-hy2ry3if8h
      @user-hy2ry3if8h 3 года назад

      @@mr.impian2733 Where is Donesia? sorry - I had to ;p

  • @whollymindless
    @whollymindless 7 лет назад +34

    "I heard a great disturbance in the force, as if millions of IT drones had massive coronaries..."

  • @greedsin555
    @greedsin555 7 лет назад +15

    Awwwwww Darren looks like a proud dad (23:22 - 23:39)

  • @digitaltinker7813
    @digitaltinker7813 7 лет назад +21

    I think you missed your chance to put a rabbit's foot on the key ring. /s With the logic of bash though, This seems like a good tool for IT automation as well in places that don't have better network managed tools for common tasks. Knowing common issues and having a library of scripts to fix them that I can plug into any machine, have it know the OS and the exact steps to fix would be amazing. I would also assume you could set up detection and have Switch 1 change what Switch 2 would do.

    • @IncendiarySolution
      @IncendiarySolution 7 лет назад +1

      Adam Morgan Tech support on a keyring

    • @hak5
      @hak5  7 лет назад +7

      Absolutely. Consider that you have both a DHCP server and TFTP server. There's PXE potential here :) ~Darren

  • @RRASGUYS
    @RRASGUYS 7 лет назад +4

    Darren and Seb are legendary. This is insane!!!!!!

  • @brianchandler3346
    @brianchandler3346 7 лет назад

    Not sure if anyone has posted this yet, but as for the boot time, if there's enough room, you could squeeze in a small rechargeable battery, pre-charge it, boot it in your pocket, and the connect in hot. Then boot could suck and the vector could be hit as soon as you can get it in the jack.

  • @PosiP
    @PosiP 7 лет назад

    Thanks for the update on Bash Bunny. Just picked one up, can't wait to start hopping with the Bunny.

  • @rayerdinc2441
    @rayerdinc2441 7 лет назад +1

    Hi Both, great video as usual, however, I am new to this stuff so learning and making a decision as to what kit to buy. I am gong to for the nano tact kit but then which one between bash bunny, lan turtle or ducky. While you briefly mention the "difference" between these three tools, could please explain in a little ore detail or even a video as to which may useful or why may need all three, please. I just find this stuff so interesting and want to experiment once I get the tools. Thank you.

  • @pmc3027
    @pmc3027 7 лет назад +24

    WAIT A MINUTE... DID I SEE THAT YOU CAN UPLOAD THE PAYLOADS AS .TXT?!?!?!?!?!? SUCH EASE

    • @hak5
      @hak5  7 лет назад +38

      The idea is to be ridiculously convenient. We've gone as far as to even make it compatible with the ASCII files that Windows notepad makes regardless of its awkward carriage returns. ~Darren

    • @ericmin6055
      @ericmin6055 7 лет назад

      Hi Darren

  • @makezi7
    @makezi7 7 лет назад +5

    my most favorite episode. I love you two!

  • @BuddyJesus
    @BuddyJesus 7 лет назад +3

    Awesome, and I was over here simply wanting a way to have multiple payloads on one USB. Awesome work!

  • @ShannonMorse
    @ShannonMorse 7 лет назад +381

    first

    • @epicguitar1602
      @epicguitar1602 7 лет назад

      Lol, friggin troll machine

    • @theboffin2474
      @theboffin2474 7 лет назад +2

      I kek'd so hard at the bunny glasses

    • @tedmosby9409
      @tedmosby9409 7 лет назад

      hay snubs

    • @RuleC
      @RuleC 7 лет назад

      .

    • @SilvianDragan
      @SilvianDragan 7 лет назад

      Shannon Morse this is the best thing I've ever seen. I love you guys! Keep up this amazing work. :)

  • @JHarkness80
    @JHarkness80 7 лет назад +1

    So excited for the Bash Bunny, another awesome tool from those smart guys at Hak5!
    Mine is going to be here tomorrow and I cant wait to play!
    The Bunny is going to become the goto Swiss Army Knife for Pentesters...

  • @ahut10
    @ahut10 7 лет назад

    yay just purchased mine, can't wait to see what the community develops. yay thank you HAK5

  • @tylorbray
    @tylorbray 7 лет назад

    So more colors coming soon, whats in the yellow and orange bags?

  • @NateCrownwell
    @NateCrownwell 7 лет назад +1

    Great episode Darren and Shannon! You guys are so awesome!

  • @danking9974
    @danking9974 7 лет назад

    Can you tell me what camera was used to record the rubber duck drop? I've been looking for something to do those kinds of videos but have come up short on quality hidden cameras.

    • @DarrenKitchen
      @DarrenKitchen 7 лет назад

      I don't know for sure -- it was Nat Geo's button camera. I do know it was a custom made job. Something from "a guy in a garage" using a similar SONY chip found in the RX100 line -- IIRC. Could be wrong.

  • @skiddietech3654
    @skiddietech3654 7 лет назад

    This is nuts, already got my head titling all possible degrees. Preorder complete.

  • @milsonhq6330
    @milsonhq6330 7 лет назад

    Am I missing something, I see links to RSVP I see links that point to the sales page, but I don't see any link that takes me to this repository they talk about containing the library of code?

  • @pgbilbo
    @pgbilbo 7 лет назад

    Will there be updated Field kits including the BashBunny at some time?

    • @hak5
      @hak5  7 лет назад

      Yes, no specified date yet.

  • @JustinHyneswashplant26
    @JustinHyneswashplant26 7 лет назад

    Where do we summit our payloads for the bash bunny competition?

  • @Jeffreysuper61McELroy
    @Jeffreysuper61McELroy 7 лет назад

    just ordered one. gotta add this to my bag of tricks. love all your hard work and products!!

  • @jotto917
    @jotto917 7 лет назад +14

    I want to trust my technolust... but its telling me to buy twelve and somehow I think thats overkill >.

  • @smokingiscool599
    @smokingiscool599 7 лет назад

    This is probably the most cyberpunk infomercial ever. 10/10

  • @Illuminati242
    @Illuminati242 7 лет назад

    Can you do an episode on the Raz Reverse shell. I tried this one on a windows 10 machine I got the solid white color which indicated that the payload completed successfully. However when i ran netstat on the windows box i did not see the open port, nor didi see it on my linux box when i did the netcat. Also the powershell window was supposed to be hidden, well it was not as i saw it open. And could also uses the clean up at the end to remover the powershell code from the run line.

  • @fsevilla1
    @fsevilla1 7 лет назад

    couldn't wait so had to order.
    like always. you're tools are the best. thanks

  • @SteveJones172pilot
    @SteveJones172pilot 7 лет назад +1

    Had to order TWO while watching video.. Can't wait!

  • @animalitosynaturaleza8769
    @animalitosynaturaleza8769 5 лет назад +1

    Muchas gracias chicos, Por tanto esfuerzo. Y por hacer que la emoción llegue hasta los que no sabemos. Estoy contento por probarlo en mis equipos. A ver se lo consigo😅

  • @zacharywentworth7844
    @zacharywentworth7844 4 года назад

    When will you guys have more to sell, it the keysly be in????

  • @barikhan
    @barikhan 7 лет назад +1

    What's the difference in comparison to rubber ducky?
    Apart from the look and speed mentioned in the video...i feel Bunny is kind of adv version of ducky emulating a variety of trusted devices.
    Was planning to buy ducky...but now i am confused.

    • @vincviertytaccount2608
      @vincviertytaccount2608 7 лет назад

      bari khan The Bunny also simulates and LAN-Adapter like the LAN Turtle, so you have many more attack posslibilities, the Ducky, in compatibility, simulates only a Keyboard (the Bunny can so this too) but is way faster than the bunny

    • @barikhan
      @barikhan 7 лет назад

      Vinc viert YT Account thanks... It's only the time of execution that gives ducky the upper hand.. Got it.

  • @neoninsv
    @neoninsv 7 лет назад +1

    At the 11:07 mark, we get a tip from Darren that the Bash Bunny also works as an Ecto-Containment System. Perfect for catching those pesky ghost images.

  • @magneto417x
    @magneto417x 7 лет назад

    Loving this little Bunny. I ordered mine. You guys are awesome!!!

  • @DavidBusby
    @DavidBusby 7 лет назад +1

    There is NO repository on gihub?! I assume that's why there's been no link in the description?

    • @AbdulAziz-dt5qo
      @AbdulAziz-dt5qo 7 лет назад

      I think the Github repository will be coming live at the release party on 2nd March as they announced in the video.

    • @hak5
      @hak5  7 лет назад +2

      Correct. March 2nd. ~Darren

    • @DavidBusby
      @DavidBusby 7 лет назад

      Thanks for the information, I misheard the video perhaps

    • @DavidBusby
      @DavidBusby 7 лет назад

      Thanks for the confirmation, will look out for the repo appearing!

  • @Braedley
    @Braedley 7 лет назад

    So I don't work for a bank, but I do work for a company where I need to store sensitive data on my computer, and where my computer has implicit trust on the network for access to sensitive data stored on the network. It's been ingrained in me to lock my work computer whenever I get up from it, like the employee at the bank should have been doing in the clip shown. Locking a computer isn't the be all and end all (a LAN Turtle can still attack a locked computer), but it quickly and easily cuts down on the attack vectors available.

  • @ByDesignation
    @ByDesignation 7 лет назад

    wait so do you still have to encode the rubber ducky payloads for bash bunny or no?

  • @GaryIV
    @GaryIV 7 лет назад

    Sooooo the bash bunny can be used for keyboard scripts like a rubber ducky USB right? so if I get one I no longer need my rubber ducky?

  • @hectorsandoval7810
    @hectorsandoval7810 7 лет назад

    when i try to open the terminal on the bash bunny its a empty blank screen

  • @a2ashraf
    @a2ashraf 7 лет назад

    Wow, just wow. There is much potential with Bash + trust.

  • @tgfasmo
    @tgfasmo 7 лет назад

    for some reason Bashbunny on Device Manager Port com does not show up just says CDC serial but no com port displayed

  • @scriptkiddie2677
    @scriptkiddie2677 7 лет назад +1

    JUST GOT ONE IN MY HANDS SO HAPPY!!

  • @TechnomancerTheWise
    @TechnomancerTheWise 7 лет назад

    Buying one right now, you guys are my hero

  • @Agent_Orange_Peel
    @Agent_Orange_Peel 7 лет назад +1

    This looks awesome! Hope more videos on it are coming.

  • @Corvid117
    @Corvid117 7 лет назад

    I'M SO EXCITED!! I want to learn so much more about this! Please more vidzzzz!!

  • @jeremiahnoval7098
    @jeremiahnoval7098 7 лет назад +8

    How does it not replace the 'Rubber Ducky'?

    • @IncendiarySolution
      @IncendiarySolution 7 лет назад +7

      Speed, Price and formfactor

    • @mr.bloopbloop5400
      @mr.bloopbloop5400 7 лет назад +10

      It can do the same things once it's booted up, however it takes longer to boot, and it isn't as covert. The Rubber Ducky is a specialized tool while the Bash Bunny is a general tool that does the same thing slower. That is if you aren't talking exfiltration.

    • @GiQQ
      @GiQQ 7 лет назад +9

      Chewie They literally explained that in the video.

    • @stealthrob2
      @stealthrob2 7 лет назад

      I was thinking the same thing since it can straight up run ducky script.

    • @hak5
      @hak5  7 лет назад +25

      Basically, what he said. Basically, speed, price and form-factor. Also, features. USB Rubber Ducky is HID only - or HID + (slow) flash storage with 3rd party firmware. The Bash Bunny features HID as one of its 5 current attack modes and flash storage is tremendously faster.
      The USB Rubber Ducky will always execute payloads faster (0.1 seconds vs 7), more economically (less than half the cost), and more covertly (with its generic flash drive case). For social engineering ops, USB drops and attacks which require the target to plug in the drive, the USB Rubber Ducky is still the gold standard. ~Darren

  • @PyraxV
    @PyraxV 7 лет назад +1

    I just bought the elite field kit ughhh. I wish this came with it!

  • @st00ch
    @st00ch 7 лет назад +3

    I've never seen Darren so excited.

  • @kevindelbegue6403
    @kevindelbegue6403 7 лет назад

    Wich are the computer models that you are using, and with Wich OS ?

  • @mercxi
    @mercxi 7 лет назад

    is this a replacement for the rubber ducky?

  • @AJMansfield1
    @AJMansfield1 7 лет назад

    All you need now is to stick a wifi chipset on the thing, so it can be left in place and exfiltreate/controlled remotely.

  • @PosiP
    @PosiP 7 лет назад

    Got my Bunny and the new stickers. Much love to Hak5

  • @DJZofPCB
    @DJZofPCB 7 лет назад

    I think I will read the support forums and see just how smooth the ride is for others. Always research a products performance based on end user experiences and not the ADVERTISEMENT.

    • @hak5
      @hak5  7 лет назад

      Absolutely. Feel free to check out our forums at: forums.hak5.org/index.php?/forum/92-bash-bunny/ where the developers have been actively helping out new users.

  • @cziegl3r
    @cziegl3r 6 лет назад

    Any good books/resources for learning to write scripting languages??

  • @matthewmulloy815
    @matthewmulloy815 6 лет назад

    So what is the difference between this and the ducky?

  • @NateCrownwell
    @NateCrownwell 7 лет назад

    How long did it take you to develop the BashBunny?

  • @frankescu
    @frankescu 7 лет назад

    The make it look way more exiting than it actually is. Like in an informercial. I guess this is an infomercial.

  • @voiceoftreason1760
    @voiceoftreason1760 7 лет назад

    What is the usb controller speed of the device? I can't find it so I assume it's only 2.0 since I believe you also said it's not usb 1.1

  • @spaid1988
    @spaid1988 7 лет назад

    dose it work even when a user is not logged in?

  • @ZeroCool-1995
    @ZeroCool-1995 7 лет назад

    Dumb question. Do y'all plan on any USB-C variants? Obviously Bash Bunny isn't really made for random drops. Will the rubber ducky ever have a USB-C version because they are awesome for hiding in random cases. Trying to avoid dongle hell with these things.

  • @JustinHyneswashplant26
    @JustinHyneswashplant26 7 лет назад

    how do you submit the your payload for the competition on GitHub?

  • @TheVivaLatrina
    @TheVivaLatrina 7 лет назад

    root access to the linux stuff... If I were to brick/bork the software, is it possible to re-flash from usb?

    • @DarrenKitchen
      @DarrenKitchen 7 лет назад +1

      It auto-recovers from a special partition if it fails to boot more than 3 times.

  • @yonomas84
    @yonomas84 7 лет назад

    So what's the difference between this and rubber ducky? Besides the price

    • @ShannonMorse
      @ShannonMorse 7 лет назад +1

      you-are-not-real watch til the end of the episode. We go over this!

  • @vincviertytaccount2608
    @vincviertytaccount2608 7 лет назад +10

    SHUT UP AND TAKE MY MONEY! Oh, you already did... SHUT UP AND TAKE MY MONEY AGAIN (cwl)

  • @juliocg112
    @juliocg112 7 лет назад

    where is the repo ??

  • @bigpinar89
    @bigpinar89 7 лет назад

    So what im getting is the power of Wi-Fi pinapple + bash bunny = doing attack without being on the physical device?

  • @sgtfoose8842
    @sgtfoose8842 5 лет назад

    Can it work as a keylogger?

  • @MindMeetMaker
    @MindMeetMaker 7 лет назад

    You should definitely make a NTC Pocket Chip type screen keyboard peripheral for the bash bunny that would be sweet. Great work crazy cool hardware love it.

  • @greedsin555
    @greedsin555 7 лет назад +6

    All I need now money is money to buy it.

  • @00Jimmy00
    @00Jimmy00 7 лет назад

    i would like get one but you are not shipping in Croatia

  • @Kenny-xz4gw
    @Kenny-xz4gw 7 лет назад

    I don't see the documentation or the GitHub repository. Am I just blind?

  • @Sularus76
    @Sularus76 7 лет назад

    Can it be traced back to owner/attacker if you leave it and it's found by the attackee..

  • @probablyshadman
    @probablyshadman 7 лет назад

    How can I get the bash bunny in Bangladesh?

  • @lukereed2066
    @lukereed2066 7 лет назад

    Hak5 are you guys going to come out with a field kit that include the bash bunny?

  • @IDOMIN3CRAFT
    @IDOMIN3CRAFT 7 лет назад

    What does the packaging look like? Like is it obvious that it is a hacking device?

    • @DarrenKitchen
      @DarrenKitchen 7 лет назад

      Nope, it comes in a carrier envelops -- so if you ship via DHL, UPS or USPS it'll come in one of their bubble mailers. The actual product packaging inside the shipping material is a red envelope with a cute Bash Bunny logo.

  • @russwickless7332
    @russwickless7332 7 лет назад +1

    Just ordered mine!

  • @pmc3027
    @pmc3027 7 лет назад +28

    anyone else stay up just to watch this? also can you do giveaways plz

  • @o.t.powell1142
    @o.t.powell1142 7 лет назад

    What's the difference between this and the USB Rubbery Ducky? Is this better because it's newer?

    • @sanjacobs6261
      @sanjacobs6261 7 лет назад

      It can imitate more than just a keyboard, lots of other stuff too ;)

  • @hiehavoc
    @hiehavoc 7 лет назад

    already ordered. great work.

  • @gishi5087
    @gishi5087 7 лет назад

    nice tool butt it would be cool if there was a way to use poisontap with The Bash Bunny.... it looks like there may be since it has a way to ssh in to it.

    • @bobkmak3470
      @bobkmak3470 7 лет назад

      Gishi I am pretty sure someone is going to fork and port it over. Anytime soon!

  •  7 лет назад

    Is Hak5 in Seattle? I live in Seattle

  • @carlwcampbell
    @carlwcampbell 7 лет назад +2

    03:55 - One must have nerves of steel, to pull that off. No mercy

  • @nitinsingh00
    @nitinsingh00 7 лет назад

    how can I get this bash bunny

  • @Yahelj6
    @Yahelj6 7 лет назад

    what laptop do you use?

  • @0150r
    @0150r 7 лет назад +1

    Would be great to use as a "plug in" VPN client. Just plug it in and it tunnels all traffic through your VPN server. It would be similar to what Darren does with the Pineapple via wifi, but done by just plugging the BB into an open USB port. Instant secure web browsing everywhere you go on any machine with no configuration!

    • @andrewtowell6074
      @andrewtowell6074 7 лет назад

      0150r have u not seen same thing for TOR?

    • @0150r
      @0150r 7 лет назад

      I've seen a TOR/VPN router that uses a RPI and Darrent did cover using a Pineapple to make an openVPN access point. I'm looking more towards having the BB be a "plug in the USB, be on the VPN" type device.

  • @JuergenJueSe
    @JuergenJueSe 7 лет назад +3

    Will it make a good stew

  • @patrickgauthier5580
    @patrickgauthier5580 7 лет назад

    I can see super glue being used as a security measure until your remove the side of the case and go to the pads.

  • @IncendiarySolution
    @IncendiarySolution 7 лет назад

    Been working on this with a RpiZ for a little while. I want one.

  • @oldlyswansea
    @oldlyswansea 7 лет назад

    please please someone tell me that there will be a payload generator tools like they have with the ducky

    • @hak5
      @hak5  7 лет назад +1

      Indeed. I've been talking to the folks behind the duck toolkit and it's already in the works. ~Darren

  • @hosfit
    @hosfit 7 лет назад +1

    any coupon codes?

  • @PitFighter2007
    @PitFighter2007 7 лет назад

    Custom built hardware or can we build one?

    • @carrotman
      @carrotman 7 лет назад +1

      DunJen_Knives They're selling them. It might be worth you checking out the poison tap.

    • @carrotman
      @carrotman 7 лет назад +1

      if you want to build one.

  • @jmortproductions8704
    @jmortproductions8704 7 лет назад

    Ever since I saw the release i couldn't wait till this came out and when i did it was the most amazing thing i have ever saw awesome job guys.

  • @NateCrownwell
    @NateCrownwell 7 лет назад

    Can you make an episode on all the really technical details of how the BashBunny works that would be really interesting, thank you!

  • @devzero8562
    @devzero8562 6 лет назад

    What is the capacity of the internal memory

  • @StillTrustNo1
    @StillTrustNo1 7 лет назад

    just 4 info - 13:49 use the windows command "mode" - its faster

  • @lebouski
    @lebouski 7 лет назад

    i love looking at you guys

  • @TheYowzerr78
    @TheYowzerr78 7 лет назад

    so @ 19:33 you had to wait 11 minutes for the bb to do it's thing? if I look at your computers time 11 minutes went past after you plugged it in?

  • @patrickgauthier5580
    @patrickgauthier5580 7 лет назад

    I can see super glue being used as a security measure until you remove the side of the case and go to the pads.

  • @MidnightCoup
    @MidnightCoup 7 лет назад

    This is dope af Darren - getting one for sure

  • @amoconote181
    @amoconote181 4 года назад

    looved her description of the cdc