Para Posted August 12, 2015 Posted August 12, 2015 When talking to a customer we identified the company uses the standard Apple Mail program to manage their emails. In order to test for a social engineering attack we intended to leave some Rubber Duckies around the building and have them send an email to the security officer once they were inserted in the machines. I've looked at a couple of the "send with Gmail" payloads, but they were all based on PowerShell as far as I can tell. And after a failed attempt going at it the straightforward route, I got to thinking... Why not just script it up in Mac as well? I could've gone the Python route here, but it seemed simpeler to go Apple Script since I wanted to use the builtin Mail function as a quick Proof of Concept. Also, it's hardly stealthy, but hey! It gets the job done :) Anyways, you can find it below. Maybe it can help someone else in the future. Tested on 10.10.4 Yosemite. DELAY 200 GUI SPACE DELAY 200 STRING script editor ENTER DELAY 200 GUI n DELAY 500 STRING tell application "Mail" ENTER STRING set objMessage to make new outgoing message with properties {subject:”I put random USB sticks in my computer“} ENTER STRING tell objMessage ENTER STRING make new to recipient with properties {name:"Security Officer", address:"cso@maildomain.com"} ENTER STRING send ENTER STRING end tell ENTER STRING end tell ENTER GUI r DELAY 200 GUI a BACKSPACE DELAY 100 STRING Thank you for all your stuff! Bye! ENTER ENTER TAB STRING - Evil Hacker Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.