Need some ideas for a Mac OSX payload

[shemer77]

All the payloads I've seen for macs for the rubber ducky have been catching netcat shells and I was wondering if anybody out there has something better. Basically I'm trying to create a payload that will allow me to navigate the victims computer and download files from them.

My idea was to get ducky to write a python script that would basically be an ftp server, however theres a lot of logistical issues such as downloading the module, running it, not very secure, and the time it takes to do all this.

Anybody have any better ideas?

[no42]

possible through native commands : http://www.itworld.com/software/191971/enable-ftp-server-mac-os-x-lion

not sure about creds though, I'm sure you need the users password ???

unless you combine it with latest sudo priv-esc; to somehow dump all hashes and record to sdcard? to be cracked later.... again unsure if this would work?

Edited October 19, 2013 by midnitesnake

[shemer77]

yea I'm not sure if creds are required for that, ill have to check.

[shemer77]

it seems that user creds are required, so i guess that idea goes out the window. Any others?

[mosca1337]

All the payloads I've seen for macs for the rubber ducky have been catching netcat shells and I was wondering if anybody out there has something better. Basically I'm trying to create a payload that will allow me to navigate the victims computer and download files from them.

My idea was to get ducky to write a python script that would basically be an ftp server, however theres a lot of logistical issues such as downloading the module, running it, not very secure, and the time it takes to do all this.

Anybody have any better ideas?

If you catch a netcat shell, you should be able to navigate their file sysytem and download files.