JusDeFruit Posted November 28, 2022 Share Posted November 28, 2022 Hello all, I'm quite new with bash bunny and trying to work on MacOS payloads. When trying to plug the B.B on MacOS, it is automatically blocked by the system asking "Do you want to connect the USB accessory to this Mac?". I tried with many "ATTACKMODE" but the result is the same. Is there a way to bypass the system validation ? (maybe an ATTACKMODE with a PID number) (I'm running my tests on a macOS 13 with M1 ship) Cheers Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2022 Share Posted November 28, 2022 https://docs.hak5.org/bash-bunny/writing-payloads/vid-pid-man-prod-sn Quote Link to comment Share on other sites More sharing options...
JusDeFruit Posted November 28, 2022 Author Share Posted November 28, 2022 Whatever PID and VID I use, the system is always blocking the B.B asking "Allow accessory to connect?" Do you have a solution to bypass this ? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2022 Share Posted November 28, 2022 Are you using a VID and PID that is valid for an Apple keyboard? Quote Link to comment Share on other sites More sharing options...
JusDeFruit Posted November 28, 2022 Author Share Posted November 28, 2022 I tried this one for exemple: Product ID: 0x0343 Vendor ID: 0x05ac (Apple Inc.) I tried ATTACKMODE HID VID_0x05ac PID_0x0343 && ATTACKMODE HID VID_0X05ac PID_0X0343 && ATTACKMODE HID VID_0X05AC PID_0X0343 But the system blocks all 3 of them (i try one at a time of course) Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2022 Share Posted November 28, 2022 Try these PIDs: 0273 and/or 021E Quote Link to comment Share on other sites More sharing options...
JusDeFruit Posted November 28, 2022 Author Share Posted November 28, 2022 Here are the payloads that I tried LEB B DUCKY_LANG fr ATTACKMODE HID VID_0X05AC PID_0X021E LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G And LEB B DUCKY_LANG fm ATTACKMODE HID VID_0X05AC PID_0X0273 LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G But all of them fails with: Thank you for your help Quote Link to comment Share on other sites More sharing options...
JusDeFruit Posted November 28, 2022 Author Share Posted November 28, 2022 Here are the payloads that I tried LEB B DUCKY_LANG fr ATTACKMODE HID VID_0X05AC PID_0X021E LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G And LEB B DUCKY_LANG fm ATTACKMODE HID VID_0X05AC PID_0X0273 LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G But all of them fails with: Thank you for your help Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2022 Share Posted November 28, 2022 Can't help you any further. I'm not an Apple guy so I can't test/recreate/verify anything IRL since I don't have the equipment needed. Quote Link to comment Share on other sites More sharing options...
Anonee_Mouse Posted November 29, 2022 Share Posted November 29, 2022 I have been trying success with the Mac OS 13, some of the payloads bypass and some don't. I understand why you would want to bypass the Allow message, but for most of the payloads it seems you would need access to the computer anyways. That would be awesome to learn the bypass on the NEW apple silicon!!!!! Quote Link to comment Share on other sites More sharing options...
JusDeFruit Posted December 1, 2022 Author Share Posted December 1, 2022 @Anonee_Mouse I also tried with MAC_HAPPY but doesn't work Seems like apple Ventura or Silicon just block every usb input by default. To make it work you need to go in System Setting > Privacy & Setting > Allow accessories to connect, and put it to "always" But it goes against the point of using a B.B Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.