Results 1 to 4 of 4

Thread: HID Attack against OSX + root privilege escalation + post persistent payload

  1. #1
    Junior Member
    Join Date
    Feb 2015
    Posts
    24

    Post HID Attack against OSX + root privilege escalation + post persistent payload

    Hi, everyone, this week I just tried googling and managing to make a own script for conducting the HID payload against OSX, as I am using Macbook, and I think that nethunter should provide the attack panel for both win and OSX. Also, I do consider the persistence payload as well...

    1. =======HID payload script========

    python shell script in ducky: (or make your own script)
    https://drive.google.com/open?id=0B-...lg4VElWa1pwd1U

    2. =======Root Privilege Escalation=======
    My edited rsh_libmalloc.rb. You can place it into the same path as the original one, and then grant it the same permission.
    Note: This only works not greater than 10.10.5.
    https://drive.google.com/open?id=0B-...mVXZWR4YjdJcm8

    3. ==== Create persistent python meterpreter backdoor on rooted/non rooted target machine ====

    My edited persistence.rb which I renamed it as smart_persistence.rb. You can either keep or replace the original one as you like, just put it in the same path and set the same permissions.

    For the settings, it uses the payload python/meterpreter/reverse_tcp as default, but you can only adjust the period of time that how long you want to the check with the connection status between you and the target.
    For example, I have set to 30 seconds, then the persistent payload will launch in every 30 seconds, and each launch will check whether the host network is up or down, the payload is running or not. If Host network is down, it will launched the payload again until the network is resumed. If network is up, but the payload is not yet launched, then it will launched the payload again.
    Note: As I am using nethunter to receive the payload, and the connection status seems to be determined by your phone screen, which means the session will die if you leave your phone screen off, and then it will keep trying to re-connect to the attacker and open a new session.
    https://drive.google.com/file/d/0B-c...ew?usp=sharing

    So, my steps:

    1. Get the first shell by using HID attack to the target.

    2. Try to escalate the target system and get another root shell using rsh_libmalloc.rb.

    3. Use smart_persistence.rb module to install a persistent python meterpreter payload to the target. if you have already got a root shell from the second step, then next you may have root persistent payload installed on your target forever. if not, it will be just a normal persistent payload.



    Thank you very much. And still, any other better suggestion would be much appreciated!!!pls let me know!
    Attached Images Attached Images
    Last edited by simonpunk2016; 2016-01-10 at 05:54 AM. Reason: updated link resource

  2. #2
    Junior Member
    Join Date
    Jan 2016
    Posts
    1
    Hey there, just want to say that the persistent python meterpreter file has been removed on google drive. Is there an alternate link to get the file? Thanks, been trying to get it working on my OSX system with no luck. Much appreciated!

  3. #3
    Junior Member
    Join Date
    Feb 2015
    Posts
    24
    Quote Originally Posted by phressh_81 View Post
    Hey there, just want to say that the persistent python meterpreter file has been removed on google drive. Is there an alternate link to get the file? Thanks, been trying to get it working on my OSX system with no luck. Much appreciated!
    Sorry, just accidently remove the file, I have uploaded again, you may try, and please leave some feedback! thank you very much

  4. #4
    Junior Member
    Join Date
    Nov 2014
    Posts
    9
    It looks like it got removed, could you put it on pastebin? or Github?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •