Bash Bunny Hak5 Setup and Exploit

In this article, I will show you how to set up your Bash Bunny and how to run your first payload!

Initial Setup

Plug in the Bash Bunny

Go to the device manager and see what COM it is running on

Open PuTTY an make a serial connection to the COM

Now, you can download all the payloads from the Hak5 Github all at once or you can pick and choose via the Hak5 website. Whichever you prefer. I won’t tell you how to live your life.

Download these tools and move them to the tools folder on your Bash Bunny

Safely eject Bash Bunny and plug it back in. The LED light will be purple while it is installing the tools.

Now all tools are installed we can test out a payload. Copy and paste the payloads into Switch 1 or Switch 2, whichever you prefer. I won’t tell you how to live your life.

After you have added your desired payload, safely eject it from the PC, go to Switch 1 or 2 on the Bash Bunny, then plug it into the PC. Your payload will now execute!

All findings will be in the /loot folder.

Demo

Below is a video demo of the WifiPass payload:

“A bit of a fork from WiFiCreds, this uses the same Powershell attack to get wifi networks and their passwords.

WifiPass starts with getting the list of wireless networks saved on the device, and storing those to a file. With a little bit of logic, it runs through the networks, only saving out networks that have a Key Content of anything besides 1 (1 being used in the case of WEP and open networks). NOTE: this will give you network names of university/college networks that pass user accounts to log into them. They won't give you the password with this attack.

It stores all those in a loot file with the name of the computer. Eject, sync, Ghostbusters reference, then you're good to go.”