shemer77 Posted October 19, 2013 Share Posted October 19, 2013 All the payloads I've seen for macs for the rubber ducky have been catching netcat shells and I was wondering if anybody out there has something better. Basically I'm trying to create a payload that will allow me to navigate the victims computer and download files from them. My idea was to get ducky to write a python script that would basically be an ftp server, however theres a lot of logistical issues such as downloading the module, running it, not very secure, and the time it takes to do all this. Anybody have any better ideas? Quote Link to comment Share on other sites More sharing options...
no42 Posted October 19, 2013 Share Posted October 19, 2013 (edited) possible through native commands : http://www.itworld.com/software/191971/enable-ftp-server-mac-os-x-lion not sure about creds though, I'm sure you need the users password ??? unless you combine it with latest sudo priv-esc; to somehow dump all hashes and record to sdcard? to be cracked later.... again unsure if this would work? Edited October 19, 2013 by midnitesnake Quote Link to comment Share on other sites More sharing options...
shemer77 Posted October 19, 2013 Author Share Posted October 19, 2013 yea I'm not sure if creds are required for that, ill have to check. Quote Link to comment Share on other sites More sharing options...
shemer77 Posted October 22, 2013 Author Share Posted October 22, 2013 it seems that user creds are required, so i guess that idea goes out the window. Any others? Quote Link to comment Share on other sites More sharing options...
mosca1337 Posted January 10, 2014 Share Posted January 10, 2014 All the payloads I've seen for macs for the rubber ducky have been catching netcat shells and I was wondering if anybody out there has something better. Basically I'm trying to create a payload that will allow me to navigate the victims computer and download files from them. My idea was to get ducky to write a python script that would basically be an ftp server, however theres a lot of logistical issues such as downloading the module, running it, not very secure, and the time it takes to do all this. Anybody have any better ideas? If you catch a netcat shell, you should be able to navigate their file sysytem and download files. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.