Jump to content

MacOS blocks bash bunny connection


JusDeFruit
 Share

Recommended Posts

Hello all,

I'm quite new with bash bunny and trying to work on MacOS payloads.

 

When trying to plug the B.B on MacOS, it is automatically blocked by the system asking "Do you want to connect the USB accessory to this Mac?".

I tried with many "ATTACKMODE" but the result is the same.

 

Is there a way to bypass the system validation ? (maybe an ATTACKMODE with a PID number)

(I'm running my tests on a macOS 13 with M1 ship)

 

Cheers 

Link to comment
Share on other sites

I tried this one for exemple:

Product ID: 0x0343
Vendor ID: 0x05ac (Apple Inc.)

I tried

ATTACKMODE HID VID_0x05ac PID_0x0343
&&
ATTACKMODE HID VID_0X05ac PID_0X0343
&&
ATTACKMODE HID VID_0X05AC PID_0X0343

But the system blocks all 3 of them (i try one at a time of course)

 

 

Link to comment
Share on other sites

Here are the payloads that I tried

LEB B
DUCKY_LANG fr
ATTACKMODE HID VID_0X05AC PID_0X021E

LED R
Q DELAY 200
Q GUI SPACE
q DELAY 200
Q STRING item
Q DELAY 200
Q ENTER
LED G

And

LEB B
DUCKY_LANG fm
ATTACKMODE HID VID_0X05AC PID_0X0273

LED R
Q DELAY 200
Q GUI SPACE
q DELAY 200
Q STRING item
Q DELAY 200
Q ENTER
LED G

But all of them fails with:

Screenshot-2022-11-28-at-17-06-40.png

 

Thank you for your help

Link to comment
Share on other sites

Here are the payloads that I tried

LEB B
DUCKY_LANG fr
ATTACKMODE HID VID_0X05AC PID_0X021E

LED R
Q DELAY 200
Q GUI SPACE
q DELAY 200
Q STRING item
Q DELAY 200
Q ENTER
LED G

And

LEB B
DUCKY_LANG fm
ATTACKMODE HID VID_0X05AC PID_0X0273

LED R
Q DELAY 200
Q GUI SPACE
q DELAY 200
Q STRING item
Q DELAY 200
Q ENTER
LED G

But all of them fails with:

Screenshot-2022-11-28-at-17-06-40.png

 

Thank you for your help

Link to comment
Share on other sites

I have been trying success with the Mac OS 13, some of the payloads bypass and some don't. I understand why you would want to bypass the Allow message, but for most of the payloads it seems you would need access to the computer anyways. That would  be awesome to learn the bypass on the NEW apple silicon!!!!!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...