JusDeFruit Posted November 28, 2022 Share Posted November 28, 2022 Hello all, I'm quite new with bash bunny and trying to work on MacOS payloads. When trying to plug the B.B on MacOS, it is automatically blocked by the system asking "Do you want to connect the USB accessory to this Mac?". I tried with many "ATTACKMODE" but the result is the same. Is there a way to bypass the system validation ? (maybe an ATTACKMODE with a PID number) (I'm running my tests on a macOS 13 with M1 ship) Cheers Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2022 Share Posted November 28, 2022 https://docs.hak5.org/bash-bunny/writing-payloads/vid-pid-man-prod-sn Link to comment Share on other sites More sharing options...
JusDeFruit Posted November 28, 2022 Author Share Posted November 28, 2022 Whatever PID and VID I use, the system is always blocking the B.B asking "Allow accessory to connect?" Do you have a solution to bypass this ? Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2022 Share Posted November 28, 2022 Are you using a VID and PID that is valid for an Apple keyboard? Link to comment Share on other sites More sharing options...
JusDeFruit Posted November 28, 2022 Author Share Posted November 28, 2022 I tried this one for exemple: Product ID: 0x0343 Vendor ID: 0x05ac (Apple Inc.) I tried ATTACKMODE HID VID_0x05ac PID_0x0343 && ATTACKMODE HID VID_0X05ac PID_0X0343 && ATTACKMODE HID VID_0X05AC PID_0X0343 But the system blocks all 3 of them (i try one at a time of course) Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2022 Share Posted November 28, 2022 Try these PIDs: 0273 and/or 021E Link to comment Share on other sites More sharing options...
JusDeFruit Posted November 28, 2022 Author Share Posted November 28, 2022 Here are the payloads that I tried LEB B DUCKY_LANG fr ATTACKMODE HID VID_0X05AC PID_0X021E LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G And LEB B DUCKY_LANG fm ATTACKMODE HID VID_0X05AC PID_0X0273 LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G But all of them fails with: Thank you for your help Link to comment Share on other sites More sharing options...
JusDeFruit Posted November 28, 2022 Author Share Posted November 28, 2022 Here are the payloads that I tried LEB B DUCKY_LANG fr ATTACKMODE HID VID_0X05AC PID_0X021E LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G And LEB B DUCKY_LANG fm ATTACKMODE HID VID_0X05AC PID_0X0273 LED R Q DELAY 200 Q GUI SPACE q DELAY 200 Q STRING item Q DELAY 200 Q ENTER LED G But all of them fails with: Thank you for your help Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2022 Share Posted November 28, 2022 Can't help you any further. I'm not an Apple guy so I can't test/recreate/verify anything IRL since I don't have the equipment needed. Link to comment Share on other sites More sharing options...
Anonee_Mouse Posted November 29, 2022 Share Posted November 29, 2022 I have been trying success with the Mac OS 13, some of the payloads bypass and some don't. I understand why you would want to bypass the Allow message, but for most of the payloads it seems you would need access to the computer anyways. That would be awesome to learn the bypass on the NEW apple silicon!!!!! Link to comment Share on other sites More sharing options...
JusDeFruit Posted December 1, 2022 Author Share Posted December 1, 2022 @Anonee_Mouse I also tried with MAC_HAPPY but doesn't work Seems like apple Ventura or Silicon just block every usb input by default. To make it work you need to go in System Setting > Privacy & Setting > Allow accessories to connect, and put it to "always" But it goes against the point of using a B.B Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.