Your Cart is Empty
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.
Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.
Unleash your hacking creativity with the online payload editor: PayloadStudio
Link to your collections, sales and even external links
Add up to five columns
Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.
Unleash your hacking creativity with the online payload editor: PayloadStudio
Link to your collections, sales and even external links
Add up to five columns
Throughout the history of personal computers, serial has been a mainstay for file transfer and console access. To this day it’s widely used, from headless servers to embedded microcontrollers. With the Bash Bunny, we’ve made it convenient as ever – without the need for a serial-to-USB converter.
With dedicated shell access from the arming mode, dropping to the Bash Bunny Linux terminal is simple over serial from any OS. When combined with advanced payloads, using the serial attack mode, there’s limitless potential for creativity with this often overlooked interface.
Find the COM# from Device Manager > Ports (COM & LPT) and look for USB Serial Device (COM#). Example: COM3
Alternatively, run the following powershell command to list ports:
[System.IO.Ports.SerialPort]::getportnames()
Open PuTTY and select Serial. Enter COM# for serial line and 115200 for Speed. Click Open.
ls /dev/tty*" or "dmesg | grep ttyUsually on a Linux host, the Bash Bunny will register as either /dev/ttyUSB0 or /dev/ttyACM0. On an OSX/macOS host, the Bash Bunny will register as /dev/tty.usbmodemch000001.
If screen is not installed it can usually be found from your distributions package manager.sudo apt-get install screenConnecting with screensudo screen /dev/ttyACM0 115200Disconnect with keyboard combo: CTRL+a followed by CTRL+\
Hotplug attacks are great, until they're not — which is why it's important to limit the scope of engagement. Thankfully the Bash Bunny Mark II can do this with a geofencing feature using bluetooth signals to prevent payloads from running unless it's certain to be in the defined area.
