I think you missed your chance to put a rabbit's foot on the key ring. /s With the logic of bash though, This seems like a good tool for IT automation as well in places that don't have better network managed tools for common tasks. Knowing common issues and having a library of scripts to fix them that I can plug into any machine, have it know the OS and the exact steps to fix would be amazing. I would also assume you could set up detection and have Switch 1 change what Switch 2 would do.
Muchas gracias chicos, Por tanto esfuerzo. Y por hacer que la emoción llegue hasta los que no sabemos. Estoy contento por probarlo en mis equipos. A ver se lo consigo😅
So excited for the Bash Bunny, another awesome tool from those smart guys at Hak5! Mine is going to be here tomorrow and I cant wait to play! The Bunny is going to become the goto Swiss Army Knife for Pentesters...
The idea is to be ridiculously convenient. We've gone as far as to even make it compatible with the ASCII files that Windows notepad makes regardless of its awkward carriage returns. ~Darren
Not sure if anyone has posted this yet, but as for the boot time, if there's enough room, you could squeeze in a small rechargeable battery, pre-charge it, boot it in your pocket, and the connect in hot. Then boot could suck and the vector could be hit as soon as you can get it in the jack.
At the 11:07 mark, we get a tip from Darren that the Bash Bunny also works as an Ecto-Containment System. Perfect for catching those pesky ghost images.
I RSVP'd for tonight and I can't make it 😭 ...I wish I was going to be there to witness greatness with everyone. Can't wait to get my hands on one, Have fun!
I think I will read the support forums and see just how smooth the ride is for others. Always research a products performance based on end user experiences and not the ADVERTISEMENT.
Absolutely. Feel free to check out our forums at: forums.hak5.org/index.php?/forum/92-bash-bunny/ where the developers have been actively helping out new users.
You should definitely make a NTC Pocket Chip type screen keyboard peripheral for the bash bunny that would be sweet. Great work crazy cool hardware love it.
So I don't work for a bank, but I do work for a company where I need to store sensitive data on my computer, and where my computer has implicit trust on the network for access to sensitive data stored on the network. It's been ingrained in me to lock my work computer whenever I get up from it, like the employee at the bank should have been doing in the clip shown. Locking a computer isn't the be all and end all (a LAN Turtle can still attack a locked computer), but it quickly and easily cuts down on the attack vectors available.
Hi Both, great video as usual, however, I am new to this stuff so learning and making a decision as to what kit to buy. I am gong to for the nano tact kit but then which one between bash bunny, lan turtle or ducky. While you briefly mention the "difference" between these three tools, could please explain in a little ore detail or even a video as to which may useful or why may need all three, please. I just find this stuff so interesting and want to experiment once I get the tools. Thank you.
very cool indeed, crazy what you came with i had a fought in my had if this is what you can do what is out there that government has in possession to use. It is a next level device for shore.
Would be great to use as a "plug in" VPN client. Just plug it in and it tunnels all traffic through your VPN server. It would be similar to what Darren does with the Pineapple via wifi, but done by just plugging the BB into an open USB port. Instant secure web browsing everywhere you go on any machine with no configuration!
I've seen a TOR/VPN router that uses a RPI and Darrent did cover using a Pineapple to make an openVPN access point. I'm looking more towards having the BB be a "plug in the USB, be on the VPN" type device.
It can do the same things once it's booted up, however it takes longer to boot, and it isn't as covert. The Rubber Ducky is a specialized tool while the Bash Bunny is a general tool that does the same thing slower. That is if you aren't talking exfiltration.
Basically, what he said. Basically, speed, price and form-factor. Also, features. USB Rubber Ducky is HID only - or HID + (slow) flash storage with 3rd party firmware. The Bash Bunny features HID as one of its 5 current attack modes and flash storage is tremendously faster. The USB Rubber Ducky will always execute payloads faster (0.1 seconds vs 7), more economically (less than half the cost), and more covertly (with its generic flash drive case). For social engineering ops, USB drops and attacks which require the target to plug in the drive, the USB Rubber Ducky is still the gold standard. ~Darren
What's the difference in comparison to rubber ducky? Apart from the look and speed mentioned in the video...i feel Bunny is kind of adv version of ducky emulating a variety of trusted devices. Was planning to buy ducky...but now i am confused.
bari khan The Bunny also simulates and LAN-Adapter like the LAN Turtle, so you have many more attack posslibilities, the Ducky, in compatibility, simulates only a Keyboard (the Bunny can so this too) but is way faster than the bunny
Do you think something like this would be possible with an Android phone? As in, writing an app for an Android phone which would essentially let you choose your payload from a list (or even connect to a server to pull the payload you wanna use) while in the middle of an attack (with a mode to run in a similar manner to the Bash Bunny so you don't need to unlock the device to execute a payload). And if doing it that way, you could even connect to a smart watch to get updates about the attack without looking too suspicious. :p I also feel like doing it from an Android phone opens up more possibilities in terms of social engineering as you could potentially ask if you could plug your phone into their computer to "charge". 'w' Whereas asking to plug in a USB is an immediate red flag. Although I'm not sure how doable that would be, and I certainly doubt it could be done on a non-rooted device, but it would certainly be cool.
Am I missing something, I see links to RSVP I see links that point to the sales page, but I don't see any link that takes me to this repository they talk about containing the library of code?
Kewl. This device seems to be awesome. I also got all excited when he got into how this device works! Hehe.. Need to check out that library! Keep it up. Peace! (Trust your technolust.)
Can you do an episode on the Raz Reverse shell. I tried this one on a windows 10 machine I got the solid white color which indicated that the payload completed successfully. However when i ran netstat on the windows box i did not see the open port, nor didi see it on my linux box when i did the netcat. Also the powershell window was supposed to be hidden, well it was not as i saw it open. And could also uses the clean up at the end to remover the powershell code from the run line.
![เจ็บที่ยังฮัก - ม่อน วรวิทย์ [ Official Mv ] จอนนี่มิวสิค](http://i.ytimg.com/vi/KALIGSRSjFs/mqdefault.jpg)
Elliot better have this in the next season.
But there aren't any computers in Fillory
Hack the telephones
this was my first thought as well ;)
Not Elliot From Fillory, the Elliot from Mr. Robot. lol
are you srsly smoking a bong on your avatar pic HAHA
This is beyond evil. I need one.
HHHHHH
Hey guys i'm Indonesia
66 likes, lets keep it that way :)
@@mr.impian2733
Wow! A country on the interwebzz
@@mr.impian2733 Where is Donesia? sorry - I had to ;p
This is totally going to appear in Mr Robot Season 3.
Turns out it didn't
"I heard a great disturbance in the force, as if millions of IT drones had massive coronaries..."
Awwwwww Darren looks like a proud dad (23:22 - 23:39)
I think you missed your chance to put a rabbit's foot on the key ring. /s With the logic of bash though, This seems like a good tool for IT automation as well in places that don't have better network managed tools for common tasks. Knowing common issues and having a library of scripts to fix them that I can plug into any machine, have it know the OS and the exact steps to fix would be amazing. I would also assume you could set up detection and have Switch 1 change what Switch 2 would do.
Adam Morgan Tech support on a keyring
Absolutely. Consider that you have both a DHCP server and TFTP server. There's PXE potential here :) ~Darren
Awesome, and I was over here simply wanting a way to have multiple payloads on one USB. Awesome work!
my most favorite episode. I love you two!
first
Lol, friggin troll machine
I kek'd so hard at the bunny glasses
hay snubs
.
Shannon Morse this is the best thing I've ever seen. I love you guys! Keep up this amazing work. :)
Thanks for the update on Bash Bunny. Just picked one up, can't wait to start hopping with the Bunny.
Muchas gracias chicos, Por tanto esfuerzo. Y por hacer que la emoción llegue hasta los que no sabemos. Estoy contento por probarlo en mis equipos. A ver se lo consigo😅
Darren and Seb are legendary. This is insane!!!!!!
anyone else stay up just to watch this? also can you do giveaways plz
yup
So excited for the Bash Bunny, another awesome tool from those smart guys at Hak5!
Mine is going to be here tomorrow and I cant wait to play!
The Bunny is going to become the goto Swiss Army Knife for Pentesters...
yay just purchased mine, can't wait to see what the community develops. yay thank you HAK5
Great episode Darren and Shannon! You guys are so awesome!
I've never seen Darren so excited.
WAIT A MINUTE... DID I SEE THAT YOU CAN UPLOAD THE PAYLOADS AS .TXT?!?!?!?!?!? SUCH EASE
The idea is to be ridiculously convenient. We've gone as far as to even make it compatible with the ASCII files that Windows notepad makes regardless of its awkward carriage returns. ~Darren
Hi Darren
just ordered one. gotta add this to my bag of tricks. love all your hard work and products!!
Loving this little Bunny. I ordered mine. You guys are awesome!!!
Not sure if anyone has posted this yet, but as for the boot time, if there's enough room, you could squeeze in a small rechargeable battery, pre-charge it, boot it in your pocket, and the connect in hot. Then boot could suck and the vector could be hit as soon as you can get it in the jack.
I'M SO EXCITED!! I want to learn so much more about this! Please more vidzzzz!!
This is nuts, already got my head titling all possible degrees. Preorder complete.
couldn't wait so had to order.
like always. you're tools are the best. thanks
SHUT UP AND TAKE MY MONEY! Oh, you already did... SHUT UP AND TAKE MY MONEY AGAIN (cwl)
Had to order TWO while watching video.. Can't wait!
I want to trust my technolust... but its telling me to buy twelve and somehow I think thats overkill >.
This is probably the most cyberpunk infomercial ever. 10/10
Buying one right now, you guys are my hero
JUST GOT ONE IN MY HANDS SO HAPPY!!
This looks awesome! Hope more videos on it are coming.
At the 11:07 mark, we get a tip from Darren that the Bash Bunny also works as an Ecto-Containment System. Perfect for catching those pesky ghost images.
I RSVP'd for tonight and I can't make it 😭
...I wish I was going to be there to witness greatness with everyone. Can't wait to get my hands on one, Have fun!
03:55 - One must have nerves of steel, to pull that off. No mercy
Wow, just wow. There is much potential with Bash + trust.
I think I will read the support forums and see just how smooth the ride is for others. Always research a products performance based on end user experiences and not the ADVERTISEMENT.
Absolutely. Feel free to check out our forums at: forums.hak5.org/index.php?/forum/92-bash-bunny/ where the developers have been actively helping out new users.
The make it look way more exiting than it actually is. Like in an informercial. I guess this is an infomercial.
You should definitely make a NTC Pocket Chip type screen keyboard peripheral for the bash bunny that would be sweet. Great work crazy cool hardware love it.
Got my Bunny and the new stickers. Much love to Hak5
I just bought the elite field kit ughhh. I wish this came with it!
All I need now money is money to buy it.
already ordered. great work.
Ever since I saw the release i couldn't wait till this came out and when i did it was the most amazing thing i have ever saw awesome job guys.
Just ordered mine!
You flip the switch and it does The Thing!
i love looking at you guys
Can you make an episode on all the really technical details of how the BashBunny works that would be really interesting, thank you!
So I don't work for a bank, but I do work for a company where I need to store sensitive data on my computer, and where my computer has implicit trust on the network for access to sensitive data stored on the network. It's been ingrained in me to lock my work computer whenever I get up from it, like the employee at the bank should have been doing in the clip shown. Locking a computer isn't the be all and end all (a LAN Turtle can still attack a locked computer), but it quickly and easily cuts down on the attack vectors available.
All you need now is to stick a wifi chipset on the thing, so it can be left in place and exfiltreate/controlled remotely.
Sounds like an essential component of a Hacker EDC (Everyday Carry Kit) ;)
Hi Both, great video as usual, however, I am new to this stuff so learning and making a decision as to what kit to buy. I am gong to for the nano tact kit but then which one between bash bunny, lan turtle or ducky. While you briefly mention the "difference" between these three tools, could please explain in a little ore detail or even a video as to which may useful or why may need all three, please. I just find this stuff so interesting and want to experiment once I get the tools. Thank you.
Ordered! Oh the places we will go.... :D
This is dope af Darren - getting one for sure
very cool indeed, crazy what you came with i had a fought in my had if this is what you can do what is out there that government has in possession to use. It is a next level device for shore.
Awesome can't wait to get one
Thumbs up 5 seconds into the video just for the bunny glasses.
You guys continue to be the best.
I'm just waiting for a RPI zero mock up of this to emerge
daily dose of technolust!!!!!!
damn, gunna have to wait till next payday now! Cant wait to get my hands on this baby
Would be great to use as a "plug in" VPN client. Just plug it in and it tunnels all traffic through your VPN server. It would be similar to what Darren does with the Pineapple via wifi, but done by just plugging the BB into an open USB port. Instant secure web browsing everywhere you go on any machine with no configuration!
0150r have u not seen same thing for TOR?
I've seen a TOR/VPN router that uses a RPI and Darrent did cover using a Pineapple to make an openVPN access point. I'm looking more towards having the BB be a "plug in the USB, be on the VPN" type device.
Amazing work!
Been working on this with a RpiZ for a little while. I want one.
My little Digispark seems like nothing to this now ahah
You guys are awesome!
I can see super glue being used as a security measure until your remove the side of the case and go to the pads.
looved her description of the cdc
just In time for Easter
Is the bash bunny sponsored by playboy?
Yes.
14:29 "Esta bien" , genial...
I am excited!
I can see super glue being used as a security measure until you remove the side of the case and go to the pads.
This is kinda like all the hak5 tools in one :O
NOO I JUST SPENT $100 DOLLARS ON PARTS FOR A ROBOT AND NOW YOU RELEASED THIS I NEED TO GET A ACTING JOB NOW BECAUSE IM ONLY 12!
Jonathan Emery When I was 12 I was playing outside.. But hey..
Pr0ton Haha Yeah Thats What Most Of My Friends Do
Pr0ton playing hoop stick?
what is an acting job?
steven hubbard Like Tv Shows.
How does it not replace the 'Rubber Ducky'?
Speed, Price and formfactor
It can do the same things once it's booted up, however it takes longer to boot, and it isn't as covert. The Rubber Ducky is a specialized tool while the Bash Bunny is a general tool that does the same thing slower. That is if you aren't talking exfiltration.
Chewie They literally explained that in the video.
I was thinking the same thing since it can straight up run ducky script.
Basically, what he said. Basically, speed, price and form-factor. Also, features. USB Rubber Ducky is HID only - or HID + (slow) flash storage with 3rd party firmware. The Bash Bunny features HID as one of its 5 current attack modes and flash storage is tremendously faster.
The USB Rubber Ducky will always execute payloads faster (0.1 seconds vs 7), more economically (less than half the cost), and more covertly (with its generic flash drive case). For social engineering ops, USB drops and attacks which require the target to plug in the drive, the USB Rubber Ducky is still the gold standard. ~Darren
now i am just waiting for seytonic to make one for $17
So more colors coming soon, whats in the yellow and orange bags?
holy bunny's THIS IS AWESOMMEEEEEE
now
when a skid gets access to this and that huge repository of scripts....
Will there be updated Field kits including the BashBunny at some time?
Yes, no specified date yet.
What's the difference in comparison to rubber ducky?
Apart from the look and speed mentioned in the video...i feel Bunny is kind of adv version of ducky emulating a variety of trusted devices.
Was planning to buy ducky...but now i am confused.
bari khan The Bunny also simulates and LAN-Adapter like the LAN Turtle, so you have many more attack posslibilities, the Ducky, in compatibility, simulates only a Keyboard (the Bunny can so this too) but is way faster than the bunny
Vinc viert YT Account thanks... It's only the time of execution that gives ducky the upper hand.. Got it.
It would be amazing if the bashbunny could be encrypted so one couldn't easily access it's contents in case it gets lost.
YEAH!
@42 seconds... they melted the poor bunny
I need to calm my curiosity, I put the video to 0.25 speed at 3:01, because I thought the flicker was some *secret*...nope, just a camera glitch...
It was an editing glitch, I assume they use Sony Vegas and during a clipping they created an overlap when merging the clips together.
Ordered mine...
just 4 info - 13:49 use the windows command "mode" - its faster
So what im getting is the power of Wi-Fi pinapple + bash bunny = doing attack without being on the physical device?
Where do we summit our payloads for the bash bunny competition?
github.com/hak5/bashbunny-payloads
Thank you :)
Do you think something like this would be possible with an Android phone? As in, writing an app for an Android phone which would essentially let you choose your payload from a list (or even connect to a server to pull the payload you wanna use) while in the middle of an attack (with a mode to run in a similar manner to the Bash Bunny so you don't need to unlock the device to execute a payload). And if doing it that way, you could even connect to a smart watch to get updates about the attack without looking too suspicious. :p
I also feel like doing it from an Android phone opens up more possibilities in terms of social engineering as you could potentially ask if you could plug your phone into their computer to "charge". 'w' Whereas asking to plug in a USB is an immediate red flag.
Although I'm not sure how doable that would be, and I certainly doubt it could be done on a non-rooted device, but it would certainly be cool.
Am I missing something, I see links to RSVP I see links that point to the sales page, but I don't see any link that takes me to this repository they talk about containing the library of code?
Sooooo the bash bunny can be used for keyboard scripts like a rubber ducky USB right? so if I get one I no longer need my rubber ducky?
More stuff! Hop to it.
how come there are so fewer subscribers to this channel
Kewl.
This device seems to be awesome. I also got all excited when he got into how this device works! Hehe.. Need to check out that library! Keep it up. Peace!
(Trust your technolust.)
running the same code onto a phone will be fun.....(using the full spectrum 3G 4G wifi bluetooth)
HELL YES
Can you do an episode on the Raz Reverse shell. I tried this one on a windows 10 machine I got the solid white color which indicated that the payload completed successfully. However when i ran netstat on the windows box i did not see the open port, nor didi see it on my linux box when i did the netcat. Also the powershell window was supposed to be hidden, well it was not as i saw it open. And could also uses the clean up at the end to remover the powershell code from the run line.
Hak5 need to know about attiny85 and Arduino or raspberry Pi 🙄🙄