File Exfiltration with the Bash Bunny

Bash Bunny - out of the box.
Bash Bunny - out of the box.

Hak5's Bash Bunny came out a few days ago, and I ordered one the day it was released. 


It's a USB device that emulates other devices - like a HID (keyboard) or a storage device (flash drive). Within two hours of getting the Bash Bunny in the mail, I was able to set up a Document Exfiltration attack with it. The Bash Bunny will emulate a keyboard, and inject keystrokes onto a target computer. These keystrokes open up a Windows Powershell and copy documents over to the Bash Bunny.


I've also been wanting to make videos for a while, so here goes...