Jump to content

MacOS blocks bash bunny connection


JusDeFruit

Recommended Posts

Hello all,

I'm quite new with bash bunny and trying to work on MacOS payloads.

 

When trying to plug the B.B on MacOS, it is automatically blocked by the system asking "Do you want to connect the USB accessory to this Mac?".

I tried with many "ATTACKMODE" but the result is the same.

 

Is there a way to bypass the system validation ? (maybe an ATTACKMODE with a PID number)

(I'm running my tests on a macOS 13 with M1 ship)

 

Cheers 

Link to comment
Share on other sites

I tried this one for exemple:

Product ID: 0x0343
Vendor ID: 0x05ac (Apple Inc.)

I tried

ATTACKMODE HID VID_0x05ac PID_0x0343
&&
ATTACKMODE HID VID_0X05ac PID_0X0343
&&
ATTACKMODE HID VID_0X05AC PID_0X0343

But the system blocks all 3 of them (i try one at a time of course)

 

 

Link to comment
Share on other sites

Here are the payloads that I tried

LEB B
DUCKY_LANG fr
ATTACKMODE HID VID_0X05AC PID_0X021E

LED R
Q DELAY 200
Q GUI SPACE
q DELAY 200
Q STRING item
Q DELAY 200
Q ENTER
LED G

And

LEB B
DUCKY_LANG fm
ATTACKMODE HID VID_0X05AC PID_0X0273

LED R
Q DELAY 200
Q GUI SPACE
q DELAY 200
Q STRING item
Q DELAY 200
Q ENTER
LED G

But all of them fails with:

Screenshot-2022-11-28-at-17-06-40.png

 

Thank you for your help

Link to comment
Share on other sites

Here are the payloads that I tried

LEB B
DUCKY_LANG fr
ATTACKMODE HID VID_0X05AC PID_0X021E

LED R
Q DELAY 200
Q GUI SPACE
q DELAY 200
Q STRING item
Q DELAY 200
Q ENTER
LED G

And

LEB B
DUCKY_LANG fm
ATTACKMODE HID VID_0X05AC PID_0X0273

LED R
Q DELAY 200
Q GUI SPACE
q DELAY 200
Q STRING item
Q DELAY 200
Q ENTER
LED G

But all of them fails with:

Screenshot-2022-11-28-at-17-06-40.png

 

Thank you for your help

Link to comment
Share on other sites

I have been trying success with the Mac OS 13, some of the payloads bypass and some don't. I understand why you would want to bypass the Allow message, but for most of the payloads it seems you would need access to the computer anyways. That would  be awesome to learn the bypass on the NEW apple silicon!!!!!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...