3

I've been tasked with an onsite engagement to see what I can find from one of their laptops. They have a policy in place to block USB access through the Active Directory, e.g. When you try to access the USB drive, you will get an access denied, see here for more information.

Is there any way to bypass this? Will tools like Bash Bunny still execute the payload, regardless if I can access it or not?

Anderson
  • 475
  • 6
  • 12
  • 1
    This post may have something: https://security.stackexchange.com/questions/65869/bypass-usb-gpo-with-iphone-and-probably-other-mobile – M. A. Jun 12 '18 at 11:09

1 Answers1

2

If you can plug a keyboard in and it works, you can use a tool like a Rubber Ducky (I'm assuming the bash bunny is similar, but I haven't played with it.) The Rubber Ducky appears to the computer as a Human Interface Device (HID). Keyboards announce themselves to computers as HID devices and are in turn automatically recognized and accepted.

Mrdeep
  • 546
  • 4
  • 12
  • 1
    This probably won't work, as Windows will only accept a keyboard or mouse, not a Mass Storage device. – ThoriumBR Jun 12 '18 at 13:36
  • Not sure what you mean. The Rubber Ducky impersonates a keyboard or mouse (Human Interface Device). It doesn't pop up as a mass storage device. – Mrdeep Jun 12 '18 at 13:41
  • 2
    I think OP needs to exfiltrate something via USB mass storage device, or execute something from it, not simply connecting any device. I am yet to see any security policy blacklisting mouses and keyboards. As a HID impersonating a keyboard, Rubber Ducky cannot execute anything the user could not execute by hand. – ThoriumBR Jun 12 '18 at 14:04