Introducing the Bash Bunny - Hak5 2125

Elliot better have this in the next season.

This is totally going to appear in Mr Robot Season 3.

This is beyond evil. I need one.

"I heard a great disturbance in the force, as if millions of IT drones had massive coronaries..."

Awwwwww Darren looks like a proud dad (23:22 - 23:39)

first

Muchas gracias chicos, Por tanto esfuerzo. Y por hacer que la emoción llegue hasta los que no sabemos. Estoy contento por probarlo en mis equipos. A ver se lo consigo😅

Thanks for the update on Bash Bunny. Just picked one up, can't wait to start hopping with the Bunny.

Awesome, and I was over here simply wanting a way to have multiple payloads on one USB. Awesome work!

I think you missed your chance to put a rabbit's foot on the key ring. /s With the logic of bash though, This seems like a good tool for IT automation as well in places that don't have better network managed tools for common tasks. Knowing common issues and having a library of scripts to fix them that I can plug into any machine, have it know the OS and the exact steps to fix would be amazing. I would also assume you could set up detection and have Switch 1 change what Switch 2 would do.

So excited for the Bash Bunny, another awesome tool from those smart guys at Hak5!
Mine is going to be here tomorrow and I cant wait to play!
The Bunny is going to become the goto Swiss Army Knife for Pentesters...

my most favorite episode. I love you two!

just ordered one. gotta add this to my bag of tricks. love all your hard work and products!!

Darren and Seb are legendary. This is insane!!!!!!

Not sure if anyone has posted this yet, but as for the boot time, if there's enough room, you could squeeze in a small rechargeable battery, pre-charge it, boot it in your pocket, and the connect in hot. Then boot could suck and the vector could be hit as soon as you can get it in the jack.

Great episode Darren and Shannon! You guys are so awesome!

yay just purchased mine, can't wait to see what the community develops. yay thank you HAK5

This is nuts, already got my head titling all possible degrees. Preorder complete.

Loving this little Bunny. I ordered mine. You guys are awesome!!!

couldn't wait so had to order.
like always. you're tools are the best. thanks

I'M SO EXCITED!! I want to learn so much more about this! Please more vidzzzz!!

Buying one right now, you guys are my hero

I've never seen Darren so excited.

This is probably the most cyberpunk infomercial ever. 10/10

Had to order TWO while watching video.. Can't wait!

Wow, just wow. There is much potential with Bash + trust.

This looks awesome! Hope more videos on it are coming.

The make it look way more exiting than it actually is. Like in an informercial. I guess this is an infomercial.

WAIT A MINUTE... DID I SEE THAT YOU CAN UPLOAD THE PAYLOADS AS .TXT?!?!?!?!?!? SUCH EASE

Hi Both, great video as usual, however, I am new to this stuff so learning and making a decision as to what kit to buy. I am gong to for the nano tact kit but then which one between bash bunny, lan turtle or ducky. While you briefly mention the "difference" between these three tools, could please explain in a little ore detail or even a video as to which may useful or why may need all three, please. I just find this stuff so interesting and want to experiment once I get the tools. Thank you.

At the 11:07 mark, we get a tip from Darren that the Bash Bunny also works as an Ecto-Containment System. Perfect for catching those pesky ghost images.

Ever since I saw the release i couldn't wait till this came out and when i did it was the most amazing thing i have ever saw awesome job guys.

03:55 - One must have nerves of steel, to pull that off. No mercy

already ordered. great work.

JUST GOT ONE IN MY HANDS SO HAPPY!!

I just bought the elite field kit ughhh. I wish this came with it!

I think I will read the support forums and see just how smooth the ride is for others. Always research a products performance based on end user experiences and not the ADVERTISEMENT.

anyone else stay up just to watch this? also can you do giveaways plz

Got my Bunny and the new stickers. Much love to Hak5

SHUT UP AND TAKE MY MONEY! Oh, you already did... SHUT UP AND TAKE MY MONEY AGAIN (cwl)

I RSVP'd for tonight and I can't make it 😭
...I wish I was going to be there to witness greatness with everyone. Can't wait to get my hands on one, Have fun!

Just ordered mine!

i love looking at you guys

You should definitely make a NTC Pocket Chip type screen keyboard peripheral for the bash bunny that would be sweet. Great work crazy cool hardware love it.

very cool indeed, crazy what you came with i had a fought in my had if this is what you can do what is out there that government has in possession to use. It is a next level device for shore.

Thumbs up 5 seconds into the video just for the bunny glasses.

So I don't work for a bank, but I do work for a company where I need to store sensitive data on my computer, and where my computer has implicit trust on the network for access to sensitive data stored on the network. It's been ingrained in me to lock my work computer whenever I get up from it, like the employee at the bank should have been doing in the clip shown. Locking a computer isn't the be all and end all (a LAN Turtle can still attack a locked computer), but it quickly and easily cuts down on the attack vectors available.

I want to trust my technolust... but its telling me to buy twelve and somehow I think thats overkill >.

Awesome can't wait to get one

You flip the switch and it does The Thing!

Sounds like an essential component of a Hacker EDC (Everyday Carry Kit) ;)

Ordered! Oh the places we will go.... :D

This is dope af Darren - getting one for sure

You guys continue to be the best.

All you need now is to stick a wifi chipset on the thing, so it can be left in place and exfiltreate/controlled remotely.

wait so do you still have to encode the rubber ducky payloads for bash bunny or no?

All I need now money is money to buy it.

Would be great to use as a "plug in" VPN client. Just plug it in and it tunnels all traffic through your VPN server. It would be similar to what Darren does with the Pineapple via wifi, but done by just plugging the BB into an open USB port. Instant secure web browsing everywhere you go on any machine with no configuration!

damn, gunna have to wait till next payday now! Cant wait to get my hands on this baby

You guys are awesome!

Can you do an episode on the Raz Reverse shell. I tried this one on a windows 10 machine I got the solid white color which indicated that the payload completed successfully. However when i ran netstat on the windows box i did not see the open port, nor didi see it on my linux box when i did the netcat. Also the powershell window was supposed to be hidden, well it was not as i saw it open. And could also uses the clean up at the end to remover the powershell code from the run line.

Amazing work!

Am I missing something, I see links to RSVP I see links that point to the sales page, but I don't see any link that takes me to this repository they talk about containing the library of code?

This is kinda like all the hak5 tools in one :O

So more colors coming soon, whats in the yellow and orange bags?

Can you tell me what camera was used to record the rubber duck drop? I've been looking for something to do those kinds of videos but have come up short on quality hidden cameras.

I am excited!

Sooooo the bash bunny can be used for keyboard scripts like a rubber ducky USB right? so if I get one I no longer need my rubber ducky?

My little Digispark seems like nothing to this now ahah

NOO I JUST SPENT $100 DOLLARS ON PARTS FOR A ROBOT AND NOW YOU RELEASED THIS I NEED TO GET A ACTING JOB NOW BECAUSE IM ONLY 12!

Can you make an episode on all the really technical details of how the BashBunny works that would be really interesting, thank you!

Been working on this with a RpiZ for a little while. I want one.

Kewl.
This device seems to be awesome. I also got all excited when he got into how this device works! Hehe.. Need to check out that library! Keep it up. Peace!
(Trust your technolust.)

looved her description of the cdc

this is ridiculously limitless, I like this over rubber duckies because it does what a rubber duckie can do and more

I'm just waiting for a RPI zero mock up of this to emerge

Dumb question. Do y'all plan on any USB-C variants? Obviously Bash Bunny isn't really made for random drops. Will the rubber ducky ever have a USB-C version because they are awesome for hiding in random cases. Trying to avoid dongle hell with these things.

When will you guys have more to sell, it the keysly be in????

just In time for Easter

for some reason Bashbunny on Device Manager Port com does not show up just says CDC serial but no com port displayed

What is the usb controller speed of the device? I can't find it so I assume it's only 2.0 since I believe you also said it's not usb 1.1

Will there be updated Field kits including the BashBunny at some time?

just 4 info - 13:49 use the windows command "mode" - its faster

What's the difference in comparison to rubber ducky?
Apart from the look and speed mentioned in the video...i feel Bunny is kind of adv version of ducky emulating a variety of trusted devices.
Was planning to buy ducky...but now i am confused.

Wich are the computer models that you are using, and with Wich OS ?

Do you think something like this would be possible with an Android phone? As in, writing an app for an Android phone which would essentially let you choose your payload from a list (or even connect to a server to pull the payload you wanna use) while in the middle of an attack (with a mode to run in a similar manner to the Bash Bunny so you don't need to unlock the device to execute a payload). And if doing it that way, you could even connect to a smart watch to get updates about the attack without looking too suspicious. :p
I also feel like doing it from an Android phone opens up more possibilities in terms of social engineering as you could potentially ask if you could plug your phone into their computer to "charge". 'w' Whereas asking to plug in a USB is an immediate red flag.
Although I'm not sure how doable that would be, and I certainly doubt it could be done on a non-rooted device, but it would certainly be cool.

I can see super glue being used as a security measure until your remove the side of the case and go to the pads.

How long did it take you to develop the BashBunny?

So what im getting is the power of Wi-Fi pinapple + bash bunny = doing attack without being on the physical device?

There is no white hat hacking unless you only hack yourself :) So if auto play off is not enough! Can't add any Adapters, hard to cover all the angles :P

holy bunny's THIS IS AWESOMMEEEEEE

More stuff! Hop to it.

very awesome :) im going to give it a few month before i buy so there are more pre created payloads. time to get rid of my rubberducky and move on

"HIER NIET POEPEN A.U.B."
Omg I'm dying

I can see super glue being used as a security measure until you remove the side of the case and go to the pads.

4:27 Keep on Keeping on💪👊 props😎🍻

Where do we summit our payloads for the bash bunny competition?

when i try to open the terminal on the bash bunny its a empty blank screen

Ordered mine...