How to Get a Reverse Shell on macOS Using A Flipper Zero as a BadUSB

Using a Flipper Zero, a short 12-line DuckyScript text file, and a remote listener on my Ubuntu server I was able to gain a shell on my fully patched, up-to-date Ventura macOS computer.

In my lab environment, I use Flipper Zero as a pentesting device to test vulnerabilities in my servers and desktop systems.

The Flipper Zero is our preferred ethical hacking tool because it offers an endless number of available payloads, has an on-screen menu selection tool, and uses a progress display to provide feedback.

This article is an example of how to use the Flipper Zero as an Ethical Pentesting BadUSB device and how to avoid becoming a victim of such an exploit. Do not use this on computers that you do not own or have permission to use. This code does not make an effort to hide from Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Network Detection Systems, Firewalls, or Anti-Virus (AV) software.

BadUSB Payloads

The Flipper Zero BadUSB as well as several other BadUSB devices use payloads written in DuckyScript. A simple scripting language for performing keystrokes resulting in a keyboard injection attack.

A good starting reference point for Duckyscript Payloads is the Official Hak5 website:

https://shop.hak5.org/blogs/payloads/tagged/usb-rubber-ducky. Here you will find examples and documentation for using DuckScript.

Let’s Write Some DuckyScript

You can use a ready-made script, or you can learn to write your own. We’ll show you how to exploit a reverse shell on a macOS computer in a simple step-by-step walkthrough.

Use your favorite

Read more

Explore the site

More from the blog

Latest News