When talking to a customer we identified the company uses the standard Apple Mail program to manage their emails. In order to test for a social engineering attack we intended to leave some Rubber Duckies around the building and have them send an email to the security officer once they were inserted in the machines.
I've looked at a couple of the "send with Gmail" payloads, but they were all based on PowerShell as far as I can tell. And after a failed attempt going at it the straightforward route, I got to thinking... Why not just script it up in Mac as well?
I could've gone the Python route here, but it seemed simpeler to go Apple Script since I wanted to use the builtin Mail function as a quick Proof of Concept. Also, it's hardly stealthy, but hey! It gets the job done :)
Anyways, you can find it below. Maybe it can help someone else in the future.
Tested on 10.10.4 Yosemite.
DELAY 200
GUI SPACE
DELAY 200
STRING script editor
ENTER
DELAY 200
GUI n
DELAY 500
STRING tell application "Mail"
ENTER
STRING set objMessage to make new outgoing message with properties {subject:”I put random USB sticks in my computer“}
ENTER
STRING tell objMessage
ENTER
STRING make new to recipient with properties {name:"Security Officer", address:"cso@maildomain.com"}
ENTER
STRING send
ENTER
STRING end tell
ENTER
STRING end tell
ENTER
GUI r
DELAY 200
GUI a
BACKSPACE
DELAY 100
STRING Thank you for all your stuff! Bye!
ENTER
ENTER
TAB
STRING - Evil Hacker