Jump to content
0dyss3us

[PAYLOAD] Mac Persistent Reverse Shell

Recommended Posts

Reverse Shell Mac for Bash Bunny

  • Author: 0dyss3us (KeenanV)
  • Version: 1.0

Description

Opens a persistent reverse shell on victim's mac and connects it back to host attacker over TCP.

  • Targets MacOS (OSX may work but has not been tested)
  • Connection can be closed and reconnected at any time
  • Deploys in roughly 30 sec (working on making it faster)
  • Works well with NetCat as the listener

Requirements

Have a working Bash Bunny :) and a victim with MacOS

STATUS

LED STATUS
Purple Setup
Amber (Single Blink) Installing connect.sh script
Amber (Double Blink) Creating cron job
White (Fast Blink) Cleaning up
Green Finished

Installation and Execution

  1. Plug in Bash Bunny in arming mode
  2. Move files from MacPersistentReverseShell to either switch folder
  3. Edit the connect.sh file and replace the placeholder IP with attacker's IP and the port with whichever port you like to use (I use 1337 ?)
  4. Save the connect.sh file
  5. Unplug Bash Bunny and switch it to the position the payload is loaded on
  6. Plug the Bash Bunny into your victim's Mac and wait until the final light turns green (about 30 sec)
  7. Unplug the Bash Bunny and go to attacker's machine
  8. Listen on the port you chose in the connect.sh file on whichever program you'd like (I use NetCat)
    • If using NetCat, run the command nc -nlvp 1337 (replace the port with the port in connect.sh)
  9. Wait for connection (Should take no longer than 1 minute as the cron job runs every minute)
  10. Once a bash shell prompt appears...YOU'RE DONE!! ? and you can disconnect and reconnect at any time as long as the user is logged in

Download

Click here to download.

Share this post


Link to post
Share on other sites

ok im new to this github stuff,got my bash a week ago. how can i only download the changes you made and not the whole master repo with it? does everyone do it with the git app?

Share this post


Link to post
Share on other sites

There doesn't appear to be an easy way to do it by default (you would have to re-save each file individually), but there is a Chrome extension called GitZip that will allow you to select directories/files on the Github website and download them as zip files. I haven't tested it myself but others seem to have had success with it.

Share this post


Link to post
Share on other sites

Quick question and a suggestion.

Why do you need ATTACKMODE HID STORAGE, and not just HID?

And the suggestion, you should run "history -c", to clear the command history

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...