EvilOSX : A Remote Administration Tool (RAT) for macOS / OS X - Tutorial Boy -->

EvilOSX : A Remote Administration Tool (RAT) for macOS / OS X


    EvilOSx


EvilOSX is a pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.
Features of EvilOSX:
 
Emulate a simple terminal instance
This means we can input commands directly as though we were sitting behind the machine’s terminal interface.
Sockets are encrypted with CSR via OpenSSL
Our communications to our infected hosts is encrypted, ensuring our communications remain secure.
  • No dependencies (pure python)
  • No dependencies, aside from standard Python libraries, meaning nothing extra to install.
  • Persistence
  • The ability to migrate to an in-memory process so that it can survive after the terminal it’s launched in is closed.
  •  Retrieve Chrome passwords
  • No bot dependencies (pure python)
  • Undetected by anti-virus (OpenSSL AES-256 encrypted payloads)
  • Persistent
  • GUI and CLI support
  • Retrieve Chrome passwords
  • Retrieve iCloud tokens and contacts
  • Retrieve/monitor the clipboard
  • Retrieve browser history (Chrome and Safari)
  • Phish for iCloud password via iTunes
  • iTunes (iOS) backup enumeration
  • Retrieve iCloud contacts
  • Attempt to get iCloud password via phishing
  •  Show local iOS backups
  •  Download and upload files
  • Retrieve find my iphone devices
  • Attempt to get root via local privilege escalation (<= 10.10.5)
Auto installer, simply run EvilOSX on the target and the rest is handled automatically
 
Download EvilOSX:
 

Installation :-

# Clone or download this repository
$ git clone https://github.com/Marten4n6/EvilOSX

# Go into the repository
$ cd EvilOSX

# Install dependencies required by the server
$ sudo pip install -r requirements.txt

# Start the GUI
$ python start.py

# Lastly, run a built launcher on your target(s)

Advanced users :-

There's also a CLI for those who want to use this over SSH:

# Create a launcher to infect your target(s)
$ python start.py --builder

# Start the CLI
$ python start.py --cli --port 1337

# Lastly, run a built launcher on your target(s)

Explanation :-

Step — 1 — Making the payload
 
The program will ask you for the IP address of the attacking machine. Enter your IP address, and then the server port of your choice. It may complain a little, but the end result should be an “EvilOSX.py” build file located in the “Builds” folder.
 
Command — ./BUILDER EvilOSX.py
 

Step  2 — Starting the Server
In order to establish the connection to our victim machine when it attempts to connect to us, we’ll have to start a server on our attacker machine to listen for it. We will do this while still in the EvilOSX directory by running
Command — ./Server

Step 3 — Social Engineering
Transfer the file to victim by any method, then ask him to run the file.
Command: — python filenmae.py
 
Success👍
As soon as victim runs the file the victim gets hacked by the attacker without any knowledge and attacker have gained the shell.

 

Help Menu :-

  • Command — help — Displays available options to the user.
  • Status — This option helps the attacker to know that weather the victim is been connected or not.

  • Clients — This option tell the attacker the list of the online clients. Who has run the file.

  • Connect — This options helps the attacker to establish the connection victim

  • Get_info — This option tell the attacker all the information of the victim machine
 
  • State — Not Working
 
  • Get_root — This options will give the attacker root access of the victim machine.
 
  • State — Not Working
 
  • Download — This option gives the permission to attacker to any type of file from victim machine.

  • Upload — This option give the attacker permission to upload any file to victim machine.

  • Chrome_password — This option can steal all the password which are stored in google chrome of victim
 
  • State — Not Working
 
  • Icloud_contacts — This attack can steal all the password from the victims Icloud and give to attacker.
 
  • State — Not Working
 
  • Icloud_phish — This attack make the fake Icloud sign in popup on the victim machine by the attacker to get password of his/her account

Screenshot :-

CLI 

 GUI